Advice Request Kaspersky suspicious email

Please provide comments and solutions that are helpful to the author of this topic.

Razza

Level 4
Thread author
Verified
Well-known
Aug 12, 2014
163
I was looking at my email and noticed a suspicious email the from address look like it might be from Kaspersky, the message is
Hi dear and lovely , your email is ******.

Not sure if just a test email they sent by-mistake or some kind of leak since as it was sent to address I believed I've just used for Kaspersky.

Screenshot 2022-08-03 18.08.32.png
 

Razza

Level 4
Thread author
Verified
Well-known
Aug 12, 2014
163
That seems enough suspicious to belongs to Kaspersky...
possibly, based on the rdns of the sending ip stage.adobe-campaign.com, probably a staging system for Adobe Campaign email marketing, if so not sure why they would use real users email for testing, normally for staging testing you wouldn't use real user data.
 

Razza

Level 4
Thread author
Verified
Well-known
Aug 12, 2014
163
Do the mail headers look like it came from Kaspersky or is it just a spoof of the from address?
It look like it came from Abobe Campaign marketing system.

Code:
Return-Path: <kaspersky-mkt-stage1@adobe-campaign.com>
Delivered-To: XXXXX
Received: from stage.adobe-campaign.com (stage.adobe-campaign.com [192.243.244.1])
    by <removed>.<removed> (Postcow) with ESMTP id 0D7004803BE
    for <removed>; Wed, 3 Aug 2022 17:05:20 +0100 (BST)
From: "Kaspersky" <kaspersky@dach.kaspersky-mail.de>
Subject: test
Date: Wed, 03 Aug 2022 16:58:50 +0100
To: <removed>
Reply-To: "Kaspersky" <no-reply@dach.kaspersky-mail.de>
MIME-Version: 1.0
X-mailer: nlserver, Build 6.7.0

Authentication-Results: <removed>
    dkim=none;
    spf=pass (<removed>: domain of kaspersky-mkt-stage1@adobe-campaign.com designates 192.243.244.1 as permitted sender) smtp.mailfrom=kaspersky-mkt-stage1@adobe-campaign.com;
    dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=dach.kaspersky-mail.de (policy=quarantine)
X-Spam: Yes

The SPF for dach.kaspersky-mail.de dose list a IP range of used by Adobe-Campaign but a different ip range that sent it, am thinking it might be legit if "kaspersky-mail.de " is legit domain for Kaspersky.
 
Last edited:

Razza

Level 4
Thread author
Verified
Well-known
Aug 12, 2014
163
Sounds like it’s their contractor, Adobe, messing up and sending a test email to a wide audience.

But yeah, it’s sad this is the way business is done. I don’t like my contact information being sold and shared with a marketing company.
Sounds like it, in my workplace we test systems before going into production but wouldn't use real users email addresses for testing.
 

Razza

Level 4
Thread author
Verified
Well-known
Aug 12, 2014
163
Most likely something to do with Kaspersky's Data Processing for Marketing Purposes, with your email address having been sold to Adobe.
I wonder what lovely spam am going to get oh I mean marketing email, I've not used the email address for sometime, am not that fused anyway if i start getting marketing email I will just block incoming mail on that address, on my domain since am lazy I use catch-all so I can use any address without added it, I can drop mail sent to certain address if I want too.
 
Last edited:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Looks like a practical example of why everyone should install an EU GDPR compatible version of Kaspersky to opt out of "Kaspersky's Data Processing for Marketing Purposes" even if you're living outside of EU. I myself have always installed the UK version, even when it's just for testing in a VM.
 
F

ForgottenSeer 94943

I am using Simplelogin to create an alias for each service that I am using. I also create inbox rules to move emails to specific folders. If one of the emails starts receiving unwated emails. I can easily disable the alias and create a new one. I never use my real email to sign up for any services.
 

Szellem

Level 6
Verified
Well-known
Apr 15, 2020
251
I was looking at my email and noticed a suspicious email the from address look like it might be from Kaspersky, the message is
Hi dear and lovely , your email is ******.

Not sure if just a test email they sent by-mistake or some kind of leak since as it was sent to address I believed I've just used for Kaspersky.

View attachment 268367
I got it too this mail. Yesterday.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
1659596943633.png

 

Szellem

Level 6
Verified
Well-known
Apr 15, 2020
251
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top