21 Aug How To Read e-Mail Headers

Written by Published in iZania Community Blog Read 1082 times
Rate this item
(0 votes)

Greetings Family,
(Contact Information At The Bottom Of The Page)

It's your friendly neighborhood "Digital Drummer" again...smile

Spam is a consistent problem in our online world. Now personally, I believe everyone has a right to tell you about their business/products/service. It is called free speech or in this case "Business Speech", and protected by Constitutional law. But that does not change the fact the Unsolicited Commercial E-mail or UCE is more then just an inconvenience (like traditional junk mail), it is a serious problem, that slows productivity, wastes bandwidth and infuriates us all.

There is nothing worse then receiving an email from yourself, that you know is pure SPAM. Many of us wonder how many of our friends and business associates were fooled into opening a UCE or virus, simply because they recognized our name or email address. So the question becomes, how do you recognize a real email message, from one that has spoofed (forged) your name, your banks name, or another trusted source? This can be done by simply reading the email header.

***************(Advertisement)*********************

Need some great ideas for corporate or personal gift-giving?

Then go to City Lights Software
(http://www.citylightssoftware.com )

and see some of the most unique afrocentric gifts available online!

We Deliver ONLINE - Direct To Your Desktop for just $14.95

Please take the time to purchase one our afrocentric screen savers TODAY!

Don't Just Talk the Talk...Let Your Dollars Walk the Walk

If you have any problems with purchasing online contact me direct at This email address is being protected from spambots. You need JavaScript enabled to view it. or call (213) 944-4176

******************************************************

I know, E-mail headers, as a topic is not as exciting as the latest get rich quick scheme, Kobe scoring 40 points, or the latest "Black folk need to get their act together" group thread. But learning how to quickly determine the authenticity of e-mail is important-especially if someone is abusing your network, or your name/email address. Spammers have gotten so good that there's nothing that can stop them from manipulating e-mail headers, and they're generally not verifiable unless you understand how to read them. When you receive a letter by snail mail, it has a postmark. If e-mails followed the same logic, you'd be able to see where the message originated before you opened it.

The email header is the information that travels with every email, containing details about the sender, route and receiver. It is like a flight ticket: it can tell you who booked it (who sent the email), the departure information (when the email was sent), the route (from where it was sent and how did it arrive to you) and arrival details (who is the receiver and when it was received). As when you would book a flight ticket with a false identity, the same goes for emails: the sender can partially fake these details, pretending that the email was sent from a different account (common practice for spammers or viruses).

Regardless of your operating platform (Windows, Mac, Linux) or application software (Outlook, Eudora, Netscape or Mutt), all can display message headers with a simply click of the mouse. How you view the headers (before opening or while viewing) depends on the program that you use.

In Outlook: Select: View->Options
In Eudora: Click the Blah Blah Blah button.
In Netscape: Select: View->Headers->All
In Pine: Type H. (Requires the enable-full-header-cmd feature.)
In WebMail: Click View Full Headers.

***************(Advertisement)*********************

Looking For More Exposure, Want To Help A Good Cause, Need Money???

Come on over to www.freshfaces2u.com and register to win $10,000 dollars CASH!

At Fresh Faces2u it's NOT about how you look...But Who You Are!

Join us in our mission to change the image of women in the media

Sign Up Today At Fresh Faces2u.com

***************************************************

Here are the actual headers from a forged UCE courtesy of the
TechRepublic.com (www.techrepublic.com):

From This email address is being protected from spambots. You need JavaScript enabled to view it. Mon Mar 27 16:54:12 2006
Return-Path: This email address is being protected from spambots. You need JavaScript enabled to view it.
Received: from trademeca.co.kr (unknown [211.219.20.86])
by mail.someplace.com (Postfix) with SMTP id 2304964253A
for ; Mon, 27 Mar 2006 16:54:10 -0500 (EST)
Received: from smtp0422.mail.yahoo.com (80.237.200.67)
by trademeca.co.kr (211.219.20.86) with [Nmail V3.1 20010905(S)]
for from ;
Thu, 23 Mar 2006 15:55:00 +0900
Date: Thu, 23 Mar 2006 11:34:52 GMT
From: "Prendawen" This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: Hey buddie! What's going on?

RECEIVED: HEADERS

The Received: headers of any email message will tell you where the message originated and what route it took to get to you. That's What You Need To Nnow To Complain About And Report SPAM.

You read Received: headers in reverse order. The sequence from the last Received: header in the message's headers -- that is, the one furthest down in the headers -- to the first Received: header -- the one at the top -- should take you from the email server where the message originated, to a local incoming email server, and finally, to your inbox.

In this case, the last "Received" header tells the real story of this poor forgery, but you have to examine several of these to truly understand the details. This particular e-mail is identifiable because
it doesn't make any sense for a person with an AOL account to use one of Yahoo's e-mail servers to relay e-mail through a server in the .kr top-level domain, which is Korea.

Furthermore, a DNS (http://en.wikipedia.org/wiki/Domain_Name_System) lookup failed to find smtp0422.mail.yahoo.com, so this IP address doesn't exist. Even if it did, the IP address
(http://en.wikipedia.org/wiki/IP_address) 80.237.200.67 belongs to a network in Germany, which I discovered by checking the online American Registry for Internet Numbers (ARIN) <http://www.arin.net/> database. So don't waste your time sending a nasty reply, because chances are that This email address is being protected from spambots. You need JavaScript enabled to view it. didn't have anything to do with it.

Since forgeries are becoming more difficult to identify, gain experience examining e-mail headers so you can differentiate the good from the bad. This knowledge will help you report junk e-mails to ISPs or reporting agencies such as Spamcop.net that track junk e-mailers.

Remember, We Must Share The Knowledge (Network)... To Share The Dollars!!! 

***************************************************

This Online Journal was brought to you by InterServe Networks. Feel Free To Forward To Your Network Of Online Friends

We Practice Responsible E-Commerce Marketing and Privacy Policies. We do not indulge in or encourage Spamming. We never send unsolicited emails. You are receiving this message as part of our opt-in subscriber mailing list or you are a member of an affiliated newsgroup.

For comments or suggestions please contact us at the following;

Jim Neusom (This email address is being protected from spambots. You need JavaScript enabled to view it.)
Executive Director/Publisher
InterServe Networks/City Lights Software, Inc.
www.citylightssoftware.com
www.freshfaces2u.com
www.myspace.com/jimneusom
www.myspace.com/freshfaces2u

To subscribe to our opt-in mailing list simply send an email to; This email address is being protected from spambots. You need JavaScript enabled to view it. ( on Myspace go to http://blog.myspace.com/jimneusom )

BLOG COMMENTS POWERED BY DISQUS
Last modified on Sunday, 02 October 2016 23:55