[npnog] Email from Nabilbank originating from Russia

Indiver Badal indiver at gmail.com
Thu Mar 2 10:36:17 NPT 2017


Did anyone notice that the recent credit-card statement email received from Nabilbank had some interesting headers? Tried to open the attachment and it could not unzip. That lead me to explore into email headers and noticed there's a Russian IP address originating the email. Earlier emails would come from India - ecsmc.electra-card.com ([]).

They recently changed/upgraded their card systems, and Compass Plus could be their provider but wanted to verify. 

Here's part of the header:

Received: from mail.nabilbank.com (mail.nabilbank.com. [])
        by mx.google.com with ESMTP id r76si12758069pfr.248.2017.
        for <XXXX at XXXXXer.com>;
        Sun, 26 Feb 2017 06:41:02 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of card-statement at nabilbank.com designates as permitted sender) client-ip=;
Received: from VPC-TXNABIL1.pc.compassplus.ru ([])
	by mail.nabilbank.com ([])
	(MDaemon PRO v15.0.4) 
	with ESMTP id md50008951098.msg for <XXXX at XXXXXer.com>;
	Sun, 26 Feb 2017 20:25:51 +0545
X-Spam-Processed: mail.nabilbank.com, Sun, 26 Feb 2017 20:25:51 +0545
	(not processed: message from trusted or authenticated source)
X-MDHelo: VPC-TXNABIL1.pc.compassplus.ru
X-MDArrival-Date: Sun, 26 Feb 2017 20:25:51 +0545
X-Return-Path: card-statement at nabilbank.com
X-Envelope-From: card-statement at nabilbank.com
Subject: Credit Card Statement - 26/01/2017 to 25/02/2017 - XXXXXXXXXXXXYYYY

Can anyone in the list please verify that it is correct? Also, a friend of mine received his credit-card statement for a card he cancelled several years back (again originating from Russia). Did anyone else notice similar activities?


More information about the npnog mailing list