Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > American Airlines | AAdvantage
Reload this Page >

Happy Holidays eMail from aairlines.bounce.ed10.net not Bogus

Happy Holidays eMail from aairlines.bounce.ed10.net not Bogus

Old Dec 13, 2017, 5:51 pm
  #1  
FlyerTalk Evangelist
Original Poster
 
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Happy Holidays eMail from aairlines.bounce.ed10.net not Bogus

Be aware! I just received an email that appeared to be from American Airlines with a subject of Happy Holidays. After opening this message on my web portal using Chrome I was no longer able to navigate in the window. Clicking anywhere within the entire portal window (and not just the message) a new tab gets opened. All this appears to be within the AA domain, but that's easily spoofed. Trying to scroll, delete, even return to the In Box opened a new tab. What I was able to do was use Chrome's back button and start over. No apparent damage so far, but doing a full scan and hoping all is well.

I was able to open and navigate using FireFox. Looking at the header it appears the message actually came from aairlines.bounce.ed10.net which is a known bad domain. Be aware and only mild panic appears to be warranted at this time.
RogerD408 is offline  
Old Dec 13, 2017, 7:12 pm
  #2  
 
Join Date: Oct 2015
Location: SFO
Programs: AA EXP, SPG / Marriott GLD, HHonors GLD
Posts: 520
I got one with the same header but it appeared from [email protected] and just linked to the video on their news site which was in fact, their holiday video

guess one should just check to make sure the email is coming from the legitimate source, but there might be something off on your Chrome or something
lds89 is offline  
Old Dec 14, 2017, 1:42 am
  #3  
 
Join Date: Apr 2017
Programs: AA, DL, Avis, Enterprise, National, IHG, HH, SPG/MR
Posts: 1,852
Originally Posted by lds89
I got one with the same header but it appeared from [email protected] and just linked to the video on their news site which was in fact, their holiday video

guess one should just check to make sure the email is coming from the legitimate source, but there might be something off on your Chrome or something
​​​​​​​
Also received a legit email with the same subject and content.
kb9522 is offline  
Old Dec 14, 2017, 4:56 am
  #4  
 
Join Date: May 2015
Location: TYS
Programs: American Exec Plat Hilton Dia, IHG Plat, Hertz 5*, National Exec E, Delta Gold,
Posts: 35
I received the same email and it was legit. Nice little advert.
EGSExec is offline  
Old Dec 14, 2017, 6:54 am
  #5  
FlyerTalk Evangelist
Original Poster
 
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Scammers are very good about making things look legit. The "sender's" address looked legit (and was legit) however, that can be spoofed as it was in this message. Only by looking at the header was I able to see the aairlines.bounce.ed10.net domain address. If you Google you will see quite a few entries listing it as spam. Not that AA is not above using a spammer for marketing activities.

Being locked out of using any of the website controls (read next message, delete the message, etc.) I found very upsetting. Heaven only knows what else is going on within the message. I have sent a copy to my email supplier for further investigation. I have done a full scan of my system and I haven't found anything in my system (yet).
RogerD408 is offline  
Old Dec 14, 2017, 7:09 am
  #6  
 
Join Date: Jun 2015
Location: New York
Programs: AA, CX, Hyatt, Marriott
Posts: 1,484
Same email, also mailed by aairlines.bounce.ed10.net/sent from [email protected], no issue at all. Chrome sometimes does not work with inserted Youtube video, and it happens frequently on my company's laptop.
andersonCooper is offline  
Old Dec 14, 2017, 7:10 am
  #7  
 
Join Date: Aug 2017
Location: Dallas
Programs: AA ExPlat, Marriott Ambassador, Hilton Gold, Hertz PC
Posts: 121
Originally Posted by RogerD408
Scammers are very good about making things look legit. The "sender's" address looked legit (and was legit) however, that can be spoofed as it was in this message. Only by looking at the header was I able to see the aairlines.bounce.ed10.net domain address. If you Google you will see quite a few entries listing it as spam. Not that AA is not above using a spammer for marketing activities.

Being locked out of using any of the website controls (read next message, delete the message, etc.) I found very upsetting. Heaven only knows what else is going on within the message. I have sent a copy to my email supplier for further investigation. I have done a full scan of my system and I haven't found anything in my system (yet).
My man, that's not from a scam email. aairlines.bounce.ed10.net can be seen in other AA promotional emails. Looks like the problem is your own browser / computer. That's just the server of a email and marketing company (Zeta Global in this case) that works with AA. Actually you can see that structure from many brands including the MLB and CVS. It's a service, don't go spouting off and trying to scare people. If you want further proof just go look at the WHOIS for the domain. You'll see it's registered to Zeta. You'll even see on Zeta's site AA is one of the brands they support.



Lol take your tin foil hat off.

Last edited by adunker; Dec 14, 2017 at 8:11 am
adunker is offline  
Old Dec 14, 2017, 7:17 am
  #8  
 
Join Date: May 2012
Location: HNL
Programs: AA PP 1.8MM, PC Spire, Hertz 5*, Hyatt Globalist
Posts: 1,030
Originally Posted by RogerD408
Scammers are very good about making things look legit. The "sender's" address looked legit (and was legit) however, that can be spoofed as it was in this message. Only by looking at the header was I able to see the aairlines.bounce.ed10.net domain address. If you Google you will see quite a few entries listing it as spam. Not that AA is not above using a spammer for marketing activities.

Being locked out of using any of the website controls (read next message, delete the message, etc.) I found very upsetting. Heaven only knows what else is going on within the message. I have sent a copy to my email supplier for further investigation. I have done a full scan of my system and I haven't found anything in my system (yet).
I don't think aairlines.bounce.ed10.net is a scammer. ed10.net is a marketing organization that anybody can use. I believe AA uses aairlines.bounce.ed10.net for their marketing tools. I didn't see anything to suggest that aairlines.bounce.ed10.net was a dangerous email. Just because it is listed as Spam does not make it dangerous. I have emails from American Express, Banana Republic, non-profit organizations, St. Jude, etc.. all going into spam. I wish there was a separate button on mail clients to distinguish "legit spam" from junk/dangerous email spam. I was getting weekly emails from a dealership that I had opted out of that I hit the spam button on, but I believe that is different from the spam of "You have won 10 million in a lottery in the UK and you need to pay the tax to release the winnings."

What was the link that the email tried to send you to? Mine was a link to link.aa.com which would be a legit organization.
nutwpinut is offline  
Old Dec 14, 2017, 7:23 am
  #9  
 
Join Date: Jun 2015
Location: New York
Programs: AA, CX, Hyatt, Marriott
Posts: 1,484
Originally Posted by nutwpinut
I don't think aairlines.bounce.ed10.net is a scammer. ed10.net is a marketing organization that anybody can use. I believe AA uses aairlines.bounce.ed10.net for their marketing tools. I didn't see anything to suggest that aairlines.bounce.ed10.net was a dangerous email. Just because it is listed as Spam does not make it dangerous. I have emails from American Express, Banana Republic, non-profit organizations, St. Jude, etc.. all going into spam. I wish there was a separate button on mail clients to distinguish "legit spam" from junk/dangerous email spam. I was getting weekly emails from a dealership that I had opted out of that I hit the spam button on, but I believe that is different from the spam of "You have won 10 million in a lottery in the UK and you need to pay the tax to release the winnings."

What was the link that the email tried to send you to? Mine was a link to link.aa.com which would be a legit organization.
I think everyone got the same email with the same video on youtube's page. I am inserting here but OP might find this page hard to open...

andersonCooper is offline  
Old Dec 14, 2017, 7:31 am
  #10  
FlyerTalk Evangelist
 
Join Date: Oct 1999
Location: Juneau, Alaska.
Programs: AS 75K;BA Silver;AA G;HH Dia;HY Glob
Posts: 15,750
My experience is the same as others, received the email, watched the video, no problem. I think this just may be a browser issue for the op. I also agree with nutwpinuts observations about the site address.
jerry a. laska is offline  
Old Dec 14, 2017, 7:32 am
  #11  
 
Join Date: May 2012
Location: HNL
Programs: AA PP 1.8MM, PC Spire, Hertz 5*, Hyatt Globalist
Posts: 1,030
Originally Posted by nutwpinut
I don't think aairlines.bounce.ed10.net is a scammer. ed10.net is a marketing organization that anybody can use. I believe AA uses aairlines.bounce.ed10.net for their marketing tools. I didn't see anything to suggest that aairlines.bounce.ed10.net was a dangerous email. Just because it is listed as Spam does not make it dangerous. I have emails from American Express, Banana Republic, non-profit organizations, St. Jude, etc.. all going into spam. I wish there was a separate button on mail clients to distinguish "legit spam" from junk/dangerous email spam. I was getting weekly emails from a dealership that I had opted out of that I hit the spam button on, but I believe that is different from the spam of "You have won 10 million in a lottery in the UK and you need to pay the tax to release the winnings."

What was the link that the email tried to send you to? Mine was a link to link.aa.com which would be a legit organization.
Also, even though ed10.net is a legit company, anybody can use it. An Eastern European hacker might be using im.a.hacker.bounce.ed10.net and some email servers will only look at the last 2 (ed10.net) or 3 (bounce.ed10.net) of the domain. They see the hacker and make bounce.ed10.net listed as a spam server and now emails from AA, aairlines.bounce.ed10.net, will be listed as spam when it is not. Email spam filters have gotten better so this shouldn't happen anymore, but I still see it occasionally.
nutwpinut is offline  
Old Dec 14, 2017, 7:43 am
  #12  
FlyerTalk Evangelist
Original Poster
 
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Originally Posted by andersonCooper
I think everyone got the same email with the same video on youtube's page. I am inserting here but OP might find this page hard to open...

https://www.youtube.com/watch?v=KwzWXl7ue10
The video does not play from the email, but does from your post. I have never seen a message that locked out the website controls (not able to delete the message or even return to my InBox once the message was open). Between browser settings, website options, windows controls I am sure there are ways to use and abuse a system (remember the days of spammers doing the rampant pop ups to kill your system). I saw something suspect (regardless who it is, they should not be blocking website controls) and reported it.

A friend monitors three different AA accounts and none of them had received this message (yet). I do believe I'm fairly astute to system operations and what I saw pointed to a possible security issue (as is possible with every link). No tin foil here.

Thanks for all the responses, glad it's not something nasty.
aquamarinesteph likes this.
RogerD408 is offline  
Old Dec 14, 2017, 7:46 am
  #13  
 
Join Date: Jun 2015
Location: New York
Programs: AA, CX, Hyatt, Marriott
Posts: 1,484
Originally Posted by RogerD408
The video does not play from the email, but does from your post. I have never seen a message that locked out the website controls (not able to delete the message or even return to my InBox once the message was open). Between browser settings, website options, windows controls I am sure there are ways to use and abuse a system (remember the days of spammers doing the rampant pop ups to kill your system). I saw something suspect (regardless who it is, they should not be blocking website controls) and reported it.

A friend monitors three different AA accounts and none of them had received this message (yet). I do believe I'm fairly astute to system operations and what I saw pointed to a possible security issue (as is possible with every link). No tin foil here.

Thanks for all the responses, glad it's not something nasty.
Great!

I have to say it's a well made video. Hopefully they could put some of these efforts to improve in-flight services as well.
andersonCooper is offline  
Old Dec 14, 2017, 7:57 am
  #14  
 
Join Date: Dec 2010
Location: DEN
Programs: AA EXP, Hilton Diamond
Posts: 2,563
Wait...people actually open those "happy holidays" emails from companies?

I hit "delete" after seeing the subject line.
bse118 is offline  
Old Dec 14, 2017, 8:10 am
  #15  
 
Join Date: Aug 2017
Location: Dallas
Programs: AA ExPlat, Marriott Ambassador, Hilton Gold, Hertz PC
Posts: 121
Originally Posted by nutwpinut
Also, even though ed10.net is a legit company, anybody can use it. An Eastern European hacker might be using im.a.hacker.bounce.ed10.net and some email servers will only look at the last 2 (ed10.net) or 3 (bounce.ed10.net) of the domain. They see the hacker and make bounce.ed10.net listed as a spam server and now emails from AA, aairlines.bounce.ed10.net, will be listed as spam when it is not. Email spam filters have gotten better so this shouldn't happen anymore, but I still see it occasionally.
I don't think Zeta would take on an Eastern European hacker as a client to do email campaigns with. Not everyone can use the ed10.net.
adunker is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.