Writers web watch

Tracing Email


 
The website for writers
WritersServices has over 2000 pages
To help you find
Search
Contents
Avoiding web hazards
Tips & technicalities
Web how-to
Making most from the web
Web history & issues

Home
Up
Infected?
A 'Joe Job'
Spam
Trojan horse
Botnets
Identity fraud
Hoaxes
Computer worms
Spyware
Tracing Email
Keylogging
Deleting data

 

 

 

 

It's amazing what you discover when hover over an address or investigate who really sent that unwanted email.....

Checking your email header.

Identifying the threat

The header information of an email is like the envelope which has the address and return address. Most client email software, such as MS Outlook, protects you from much of the technical header information that comes with your email.  Outlook opens the message and removes it from the gobbledygook for you and displays the contents for you to read. If you get an email returned then the email often displays all the header and content which is one way you might get to see it.

But sometimes you want to pick the envelope out of the bin and look at it so you can discover a bit more about where it has come from. You can do so by double clicking and select ‘options’. Alternatively see if there is a ‘view’ option that makes the header information visible.

What does the header tell you?

That depends on who sent it. Spammers can, unfortunately, forge almost all of the information. Email was designed in an age of innocence. There is only one piece of information the spammers cannot change and that is the address that sent it to your server. This is where the spam-sleuths start the search to find out who is sending it. The answer is invariably a luckless person who has an ADSL line taken over by the spammer.

The email header looks something like this:

Received: By your mail server; date; your email address

Received: From - The only bit you can trust is the line before it reaches your server, typically an IP address (four groups of numbers separated by periods) by your mail server with SMTP

You can then often follow the routing and see how the message came to you as there are many lines of Received: From – but remember that you can’t trust these.

Subject:
This is where the information that is displayed in the ‘from’ and ‘subject’ boxes in the opened email is found.

All of this can be forged so don’t trust any of it.

There are many more lines containing the display code used and subject
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Some useful ways to check out spammers using websites
OpenRBL - http://openrbl.org/query?IP_address (You need to enter the IP address for it to respond to your query)
WhoIsIt - Again, you need to insert the IP address into the weblink below

http://www.completewhois.com/cgi-bin/rbl_lookup.cgi?query=enter_the_IP_address&display=whois

The spammers cover their tracks so this is only likely to reveal whose computer is being used to send the spam. But at least the transmitter can be found and isolated.

ROKSO: Register of Known Spam Operations, a free-access public register of spam operations that have been thrown off of at least three ISPs. The ISPs do not remove spammers without giving the abusers a chance to stop their activities. Part of the spamhaus project - http://www.spamhaus.org/ A non-profit group who act as a clearing house for the ISPs.

If you have a problem – contact your service provider and not one of the expert groups.

Identity theft How about a Trojan? Watch out for worms Checking emails

 

© Chas Jones 05

How-to Index  
bullet Tips
bullet Simple how-tos
bullet Issues
bullet Technology
bullet Home

Terminological inexactitude? Technical & Publishing Glossaries

WritersServices - The website for writers Services to help prepare your work   

 Web Watch
Search
Contents
Site map
Feedback

 ©WritersServices.com 2000-2009