On Sat, Jul 16, 2016 at 07:30:59AM -0500, gregrwm wrote:
> 
> yikes!  there are 3 virus laden spams in my sent box!  please check my
> thinking here.
>

I do NOT like the first sentence at all... From what you have sent, it looks
like google (gmail) is doing the right thing to follow your filters and to
allow messages from known e-mail addresses.

Are you on that alleged list the email was sent from?

Go to gmail and get as much info as you can about logins. Get the raw headers
of the spam messages in the sent folder and trace the IPs to something you
know. Basically, make sure nobody is trying to send email as you because they
have your credentials. A properly configured email server should never allow
that email to come out of your account. But if the destination does not
complain (doesn't reject), you will have the reminents of a sent message that
was never sent. Then, gmail will find it in your sent folder and may let that
address bypass filters. I am just speculating. Sort of like getting your
credentials but phishing you to pick up the virus from the inside (since they
cannot just sit on the machine you are sitting). Smart. Gmail will send you
a notification if you have a login from a new device, but not if they
deleted that email just as it was sent to you. That is why gmail wants to
have another email address, a mobile phone to received texts, etc. But if
you have had a serious security breach (diretly targeted because of who you
are or what you do), this sort of thing can happen.

Can you sense my level of paranoia?

Did I mention changing passwords from a "safe" device?


I threw this query into google:
https://www.google.com/#q=where+is+the+IP++116.98.187.172
first hit is something about Viet Nam.

You need to inspect the headers of the sent messages further. The problem is
likely on your end, which is where you are correctly looking. I'd be freaked
out.

IN