Solved

How do i detect falsified emails / spoofed emails ?

Posted on 2014-11-15
12
281 Views
Last Modified: 2014-11-17
I keep receiving spoofed / anonymous emails from regular spammers but their email header leads me towards nowhere. Can somebody give me a basic information of how to do this or a legal body to report this issue as soon as possible.
0
Comment
  • 4
  • 2
  • 2
  • +2
12 Comments
 
LVL 92

Accepted Solution

by:
John Hurst earned 125 total points
ID: 40444527
Open the email (be careful!) and select properties of the email. In the properties you should be able to find the sending IP address. Put that into Smart Whois or like Whois web tool.

Beware: Spammer either have their own ISP or links to ISP's that turn a blind eye. So reporting the IP address also goes nowhere most of the time.

The only real defense here is hardened spam filtering. This is what I do and the stuff you have above just goes down the sewer. I do not see it in my Inbox.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40444743
John is right, there is little you can do except be faster with the Delete key.  You could create message rules to delete them when there is a pattern.  Microsoft, Google, the FBI and others are constantly tracking down these people and shutting them down.  But since it is so profitable, new sources keep popping up.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40444858
At least enable some kind of DNSBL, so that their spam hosts are rejected quicker.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 125 total points
ID: 40444942
There is a lot of spam that comes from hi-jacked personal computers.  The spammers use viruses to hijack the computers into a network and they have the computers in the spam network send out the spam emails.  There can be 10's of thousands of computers in such a network... which is why tracing IP addresses often fails to provide any useful information.  When I get up to 10 of the same spam email, chances are that they came from 10 different IP addresses.  The IP that you (and Microsoft, Google, the FBI and others) want is the one that controls all those hijacked emails and That one is not in the spam emails you recieve.
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 125 total points
ID: 40444962
Would be nice to know that is asker's mail server to better weight the available options.
I use greylisting and DNSBL and exact address list.
about 95% of smtp sessions yield no mail to users this way. Probably when you are new on internet it is somewhat better, but over time it just gets worse.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40444965
I use greylisting  <-- My main email ISP uses greylisting to reduce the spam filtering load. It does a good job.
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 61

Expert Comment

by:gheist
ID: 40444981
It just has to be ordered with lightest check first....
0
 
LVL 62

Assisted Solution

by:btan
btan earned 125 total points
ID: 40446464
Dont click on any click and to identify such scam or spoofed email, may alocal authorities has a list of common sharing such as sender’s email address doesn’t tally with the trusted organisation’s website address, a prominent website link can be forged or seem very similar to the proper address, but even a single character’s difference means a different website, request for personal information such as user name, password or bank details, email contains spelling and grammatical errors and also you weren't expecting to get an email from the company that appears to have sent it.

For UK, there is anti-fraud @ http://www.actionfraud.police.uk/report_fraud
For US, there is the IC3 @ http://www.ic3.gov/complaint/default.aspx

In fact you should be able to check out the email header to fish out any anomalies e.g. compare for inconsistency on the From address to the Message-ID domain and also message “From” (maybe your friend or known ones), but the Reply-To is a different address etc
0
 
LVL 11

Author Closing Comment

by:Tej Pratap Shukla ~Dexter
ID: 40446625
Thanks for your valuable answers/solutions and comments, it really helped me a lot. I would still want to know if any forensic email examination tool exist that might be able to comprehend my PST file data , so that i can determine where the email hopped from , what are their message ids and much much more. And finally export the information in a report .
0
 
LVL 62

Expert Comment

by:btan
ID: 40446766
this feeback indeed render another separate question :)
0
 
LVL 11

Author Comment

by:Tej Pratap Shukla ~Dexter
ID: 40446994
Sure, Thanks
0
 
LVL 61

Expert Comment

by:gheist
ID: 40447011
Make sure to mention mail filtering chain you use. I'd assume you want to deal with incoming mails and some antivitus-spam will be in better position to help out with reports.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Automapping, a wonderful feature with Exchange 2010 (SP2 onwards I believe), allows additional/Shared mailboxes that a user has access to be automatically mapped on Outlook client, simplifying the process by adding them while Outlook launches. Ho…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now