| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 32126 | 2003-04-09 21:19:00 | How do I find out the real sender's address? | forrest44 (754) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 134694 | 2003-04-09 21:19:00 | If someone has spoofed the sender's address of an e-mail sent to me (such as a spam), is there any way in which I can find out the real sender's e-mail address? | forrest44 (754) | ||
| 134695 | 2003-04-09 21:38:00 | Have a look at the 'properties' then 'details' of the email then look at the return path of that email & that should tell you who/where it came from. Pauline. |
Pauline (641) | ||
| 134696 | 2003-04-09 22:05:00 | Well.. you can never really be sure Sometimes you can look at the headers and see the return path is different from the senders address. It all depends how polite or stupid the $#^%$#^%$(spammer) is. There is a chance that the spammers may have neglected to change the return path. This however is unlikely, and is more likely to be a fake address too. Received: from p230-dialup.snap.net.nz ([xxx.xxx.xxx.xxx] helo=computername) by tyler.snap.net.nz with smtp (Exim 3.22 #1 ) id 193BNo-0006O8-00 for <me@my_domain.co.nz>; Wed, 09 Apr 2003 20:56:40 +1200 Message-ID: <big-long-number@computername> From: "sender" <sender@somewhere> To: "me" <me@my_domain.co.nz> Subject: spam If you read the edited excert from the header above, which was most definatly not spam, you will see the lines added by the ISP who first handled the said email and the lines identifying the mesage number and name of the senders computer. In this case the ISP in question is of course snap.net.nz, the computer was connected with the IP address of xxx.xxx.xxx.xxx and the email was welcome. This ties down to meaning something. Forward the spam to abuse@the_spammers_ISP and abuse@your_ISP if you like. Goodluck .Clueless |
Clueless (181) | ||
| 134697 | 2003-04-09 22:49:00 | Return-path or X-From will show the address that the message was sent from but if they have used a fake email address then it is of no use. Finding the true sender is nearly impossible in this case but if you look at the latest line where it says Received:from it will give the Domain or IP address where the message was sent from. This is about the only clue about the true sender you can get but the owner of the Domain or IP if it is something like hotmail.com will not be very interested in your complaints. |
Jim B (153) | ||
| 134698 | 2003-04-10 00:53:00 | Here is a good example from some Spam I got this morning. Sheri" <bqnvfbi@snrymnscsgdbno.com> To : <ruzhg@jjgbkvakka.com> Subject : Hello Baby Date : Wed, 09 Apr 2003 18:55:03 -0400 MIME-Version: 1.0 Received: from mc4-f22.law16.hotmail.com ([65.54.237.157]) by mc4-s21.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 9 Apr 2003 15:53:49 -0700 Received: from qcnrgcz ([194.126.61.17]) by mc4-f22.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 9 Apr 2003 15:52:31 -0700 X-Message-Info: fPtTjFyzVe13v+CmD4DcYyhOHzxQwGx6 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Mozilla 4.61 [en] (Win98; I) Sensitivity: Private X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Return-Path: bqnvfbi@snrymnscsgdbno.com Message-ID: <MC4-F22nxZbjjF5QxgH000aac76@mc4-f22.law16.hotmail.com> X-OriginalArrivalTime: 09 Apr 2003 22:52:32.0963 (UTC) FILETIME=[B4D7A930:01C2FEEA] |
stu140103 (137) | ||
| 134699 | 2003-04-10 01:39:00 | >Hello Baby!!! :p I'd bleat like a banshee to hotmail, and maybe they'll have to employ another staff member to delete your complaints . I'm surprised that hotmail have allowed the relaying of email from "@snrymnscsgdbno . com" Is that all the headers? It is of course possible to forge some additional lines into the headers . . Clueless |
Clueless (181) | ||
| 1 | |||||