18.10.2017, 14:20
This is still moving away from the problem with stromer/shop being the source of the customer data leak and focusing on this specific issue, which I would like to avoid, but will answer anyway 
As for the "multiple senders", thats not how email spam/viruses works.. Anybody can send mail from any (real or not) email address. The receiver can try to validate some of them with technologies such as SFP, DMARC, DKIM). Email is not authenticated very well. This email originated from an IP address in Russia and spoofed an email from info@afgh.ch
https://pastebin.com/M9LgWX2x has the full email headers for the curious.
As for the "multiple senders", thats not how email spam/viruses works.. Anybody can send mail from any (real or not) email address. The receiver can try to validate some of them with technologies such as SFP, DMARC, DKIM). Email is not authenticated very well. This email originated from an IP address in Russia and spoofed an email from info@afgh.ch
https://pastebin.com/M9LgWX2x has the full email headers for the curious.