Solved

email headers

Posted on 2015-01-30
14
109 Views
Last Modified: 2015-02-01
i get lots of emails and many times i would like to trace from whom  they are, i.e.  are they from the usual spam emails hiding behind an IP address and although declaring that they are from whatever country, but are operating from your own very doorstep of the U.S.  
is there any free documentaion on how and what to make out from  the email headers so that i can identify who they really are.  Also I guess there are many tricks some of them use to hide, and also to find if this is what they are.  
Or  has someone written a comprehensive book, I know that the IT is revolving, but something that is close to the latest infomation, would help.  
Also to understand the various terminology and what they mean when i trace an IP address, like "Microsoft hosting", etc. etc.
Thank u.
0
Comment
Question by:jegajothy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 94

Assisted Solution

by:John Hurst
John Hurst earned 300 total points
ID: 40580859
First, spammers obfuscate their headers, so analyzing spam headers is neither enlightening or satisfying in most cases. MUCH easier just to filter spam out. I do the latter.

That said, open a message in Outlook, and select File, Properties and a Window with the Headers opens. You can copy the headers to Notepad and review more easily. Start here, because the tools are readily available.

If you see an IP address you would like to track, you can use online WHOIS services.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40580925
In addition, a lot of spam is sent out from virus infected personal computers.  The owners usually have no idea that they are sending it.  The virus "phones home" to the control computer and gets the next batch of spam to send.  It is not unusual for me to get the same spam from 2 to 10 different email addresses / IP addresses.

The good news is that the FBI, Microsoft, Google, and Yahoo and others are constantly tracking down these people to shut them down.  They are doing it because it uses up so much in the way of resources on their mail servers.  I've seen it estimated that the mail services bounce 80% of the spam before it even gets to you and that 80% or more of the emails they get are spam.  If they could get rid of spam, they could use fewer servers and network resources.
0
 

Author Comment

by:jegajothy
ID: 40580939
in response to John and Dave, I was looking for something, like a paper written by somebody or a well written book so that I can be educated better whenever I receive an email, spam or real.   thank u.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 94

Assisted Solution

by:John Hurst
John Hurst earned 300 total points
ID: 40580940
You are looking for something like this.

http://www.amazon.ca/Spam-Nation-Organized-Cybercrime--Epidemic/dp/1402295618/ref=sr_1_2?ie=UTF8&qid=1422665552&sr=8-2&keywords=books+on+spam

There is more than one book on spam, but this one looks decent.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 40580953
Here http://www.cybercrimejournal.com/Yu2011ijcc.pdf is a report published in the Cyber Crime Journal about the characteristics of spam emails.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40581149
Are you already finished with RFC 821 822 2821 2822 ?
0
 

Author Comment

by:jegajothy
ID: 40581380
In response to gheist, not sure what RFC stands for, and also what u are referring to.
I am seeing if there is something out already written how to educate myself on the jargon on the email headers, what it means, or implies, or more information who is the author, or hiding behind someone else, like that.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40581394
RFC  stands for Request for Comments (RFC) is a publication of the Internet Engineering Task Force (IETF) and the Internet Society, the principal technical development and standards-setting bodies for the Internet.

Methinks a regular book might be better for you.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40581512
Wikipedia does not hurt either....
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 40581679
This article tells why you won't often find the IP addresses of the real spammers.  http://www.cnet.com/news/microsoft-hands-rustock-botnet-case-over-to-fbi/
According to Microsoft, Cosma2k is the handle of the alleged ringleader of the Rustock botnet, which earlier this year was the purveyor of more e-mail spam than any other network in the world, sending as many as 30 billion messages a day at its peak.
0
 

Author Comment

by:jegajothy
ID: 40581914
To everyone who responded, do u know of any Forum that discusses this IP issues and spam like subjects, where I can browse. thank u.
0
 
LVL 94

Accepted Solution

by:
John Hurst earned 300 total points
ID: 40581916
One good web reference, highly used and well done is http://www.spamhaus.org/

Most of what you need is in there.  There are others of course
0
 

Author Closing Comment

by:jegajothy
ID: 40582406
thank u everyone, it goes without saying, it is a very BIG subject.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40582407
@jegajothy  - You are very welcome. Yes - Spam is a huge topic. A really good mail ISP will dump 99% or more of all spam without bothering you.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 Send Connector 6 41
Blacked by spamhaus? 26 103
Exchange without Clustering Redundancy 8 30
Outlook & Word 2016 - Emoji in AutoCorrect screwed up 31 112
PHP contact form that lets the user to contact the company through email contact form. A button is fixed at the bottom of site, on clicking a new window will open where a user can send the email.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question