| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65060 | 2006-01-06 01:15:00 | Email headers - is this real? | hamstar (4) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 418623 | 2006-01-06 01:15:00 | Hi guys, Trying to kill off spam at my work. I can view the headers but only kindof know whats going on with them. Heres the headers. Received: from mm-notify-out-2101.amazon.com (unverified) by myworkserver.nz (Content Technologies SMTPRS 4.3.14) with ESMTP id <T75ac3c4290ac163266694@mywork.server.nz> for <nobody@mywork.nz>; Fri, 6 Jan 2006 13:06:43 +1300 Received: from na-rte-app-1102.vdc.amazon.com ([10.144.17.45]) by mm-notify-out-2101.amazon.com with ESMTP; 05 Jan 2006 15:59:52 -0800 Received: by na-rte-app-1102.vdc.amazon.com id AAA-notification-17551,8452; 5 Jan 2006 15:59:56 -0800 Date: 5 Jan 2006 15:59:56 -0800 Message-ID: <.AAA-notification-17551,8452.1136505596@na-rte-app-1102.vdc.amazon.com> X-AMAZON-TRACK: notification To: nobody@mywork.nz From: "Amazon.com Payments" <orders@experiencedbooks.com> Subject: Your Amazon Marketplace Purchase Cc: payments-mail@amazon.com Bounces-to: RealTimeEmail+OMS-OMSPARITY-9f39I0Oa0w@bounces.amazon.com Content-Type: text/plain MIME-Version: 1.0 X-AMAZON-MAIL-RELAY-TYPE: notification Are they real? I have edited the email and domains of my work by the way. Cheers, hamstar |
hamstar (4) | ||
| 418624 | 2006-01-06 01:39:00 | If u know noone from Amazon then delete it! Easy. | Speedy Gonzales (78) | ||
| 418625 | 2006-01-06 01:41:00 | Well... I mean headers in general... How can you tell if its real? |
hamstar (4) | ||
| 418626 | 2006-01-06 01:45:00 | Pass. I doubt it these days u can. Emails can be faked by anyone. BUT if u havent dealt with the origin, delete it. |
Speedy Gonzales (78) | ||
| 418627 | 2006-01-06 01:47:00 | Looks like a real one. But to know, you need to be capable of making changes in the sendmail configuration file, and having it work. :D | Graham L (2) | ||
| 418628 | 2006-01-06 01:50:00 | Hi guys, Trying to kill off spam at my work. I can view the headers but only kindof know whats going on with them. Heres the headers. Received: from mm-notify-out-2101.amazon.com (unverified) by myworkserver.nz (Content Technologies SMTPRS 4.3.14) with ESMTP id <T75ac3c4290ac163266694@mywork.server.nz> for <nobody@mywork.nz>; Fri, 6 Jan 2006 13:06:43 +1300 Received: from na-rte-app-1102.vdc.amazon.com ([10.144.17.45]) by mm-notify-out-2101.amazon.com with ESMTP; 05 Jan 2006 15:59:52 -0800 Received: by na-rte-app-1102.vdc.amazon.com id AAA-notification-17551,8452; 5 Jan 2006 15:59:56 -0800 Date: 5 Jan 2006 15:59:56 -0800 Message-ID: <.AAA-notification-17551,8452.1136505596@na-rte-app-1102.vdc.amazon.com> X-AMAZON-TRACK: notification To: nobody@mywork.nz From: "Amazon.com Payments" <orders@experiencedbooks.com> Subject: Your Amazon Marketplace Purchase Cc: payments-mail@amazon.com Bounces-to: RealTimeEmail+OMS-OMSPARITY-9f39I0Oa0w@bounces.amazon.com Content-Type: text/plain MIME-Version: 1.0 X-AMAZON-MAIL-RELAY-TYPE: notification Are they real? I have edited the email and domains of my work by the way. Cheers, hamstar Your mail server is not putting the necessary information in the headers to be sure. You should really only worry about the last hop (at the top) where your mail server accepted the message. Your system should be configured to enter the IP address of the server from which it is accepting the message. The previous hop has an internal (10.x.x.x) address logged beside it so it is of no use in confirming whether the message is real, plus anything below where your mail server accepts the message can be faked easily. Once your mail system is configured to log the IP address of the host from which it is accepting the message from, then you are able to ping the reported hostname and see if it resolves to the true IP address (the one your mail server records) and also perform a reverse lookup on the IP to see if it has a valid PTR record. You can also use whois to see who owns the netblock from which the message originates. As you are using mailsweeper you should get SSS to help you configure the antispam functionality in the product, as I believe it is free. Cheers BIFF |
BIFF (1) | ||
| 418629 | 2006-01-06 02:06:00 | ahh mean... cheers. :D |
hamstar (4) | ||
| 418630 | 2006-01-06 02:28:00 | compnetworking.about.com | bartsdadhomer (80) | ||
| 418631 | 2006-01-06 03:35:00 | Its not real. | pctek (84) | ||
| 1 | |||||