Solved

email headers

Posted on 2015-01-30
14
98 Views
Last Modified: 2015-02-01
i get lots of emails and many times i would like to trace from whom  they are, i.e.  are they from the usual spam emails hiding behind an IP address and although declaring that they are from whatever country, but are operating from your own very doorstep of the U.S.  
is there any free documentaion on how and what to make out from  the email headers so that i can identify who they really are.  Also I guess there are many tricks some of them use to hide, and also to find if this is what they are.  
Or  has someone written a comprehensive book, I know that the IT is revolving, but something that is close to the latest infomation, would help.  
Also to understand the various terminology and what they mean when i trace an IP address, like "Microsoft hosting", etc. etc.
Thank u.
0
Comment
Question by:jegajothy
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 300 total points
ID: 40580859
First, spammers obfuscate their headers, so analyzing spam headers is neither enlightening or satisfying in most cases. MUCH easier just to filter spam out. I do the latter.

That said, open a message in Outlook, and select File, Properties and a Window with the Headers opens. You can copy the headers to Notepad and review more easily. Start here, because the tools are readily available.

If you see an IP address you would like to track, you can use online WHOIS services.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40580925
In addition, a lot of spam is sent out from virus infected personal computers.  The owners usually have no idea that they are sending it.  The virus "phones home" to the control computer and gets the next batch of spam to send.  It is not unusual for me to get the same spam from 2 to 10 different email addresses / IP addresses.

The good news is that the FBI, Microsoft, Google, and Yahoo and others are constantly tracking down these people to shut them down.  They are doing it because it uses up so much in the way of resources on their mail servers.  I've seen it estimated that the mail services bounce 80% of the spam before it even gets to you and that 80% or more of the emails they get are spam.  If they could get rid of spam, they could use fewer servers and network resources.
0
 

Author Comment

by:jegajothy
ID: 40580939
in response to John and Dave, I was looking for something, like a paper written by somebody or a well written book so that I can be educated better whenever I receive an email, spam or real.   thank u.
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 300 total points
ID: 40580940
You are looking for something like this.

http://www.amazon.ca/Spam-Nation-Organized-Cybercrime--Epidemic/dp/1402295618/ref=sr_1_2?ie=UTF8&qid=1422665552&sr=8-2&keywords=books+on+spam

There is more than one book on spam, but this one looks decent.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 40580953
Here http://www.cybercrimejournal.com/Yu2011ijcc.pdf is a report published in the Cyber Crime Journal about the characteristics of spam emails.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40581149
Are you already finished with RFC 821 822 2821 2822 ?
0
 

Author Comment

by:jegajothy
ID: 40581380
In response to gheist, not sure what RFC stands for, and also what u are referring to.
I am seeing if there is something out already written how to educate myself on the jargon on the email headers, what it means, or implies, or more information who is the author, or hiding behind someone else, like that.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 90

Expert Comment

by:John Hurst
ID: 40581394
RFC  stands for Request for Comments (RFC) is a publication of the Internet Engineering Task Force (IETF) and the Internet Society, the principal technical development and standards-setting bodies for the Internet.

Methinks a regular book might be better for you.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40581512
Wikipedia does not hurt either....
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 40581679
This article tells why you won't often find the IP addresses of the real spammers.  http://www.cnet.com/news/microsoft-hands-rustock-botnet-case-over-to-fbi/
According to Microsoft, Cosma2k is the handle of the alleged ringleader of the Rustock botnet, which earlier this year was the purveyor of more e-mail spam than any other network in the world, sending as many as 30 billion messages a day at its peak.
0
 

Author Comment

by:jegajothy
ID: 40581914
To everyone who responded, do u know of any Forum that discusses this IP issues and spam like subjects, where I can browse. thank u.
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 300 total points
ID: 40581916
One good web reference, highly used and well done is http://www.spamhaus.org/

Most of what you need is in there.  There are others of course
0
 

Author Closing Comment

by:jegajothy
ID: 40582406
thank u everyone, it goes without saying, it is a very BIG subject.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40582407
@jegajothy  - You are very welcome. Yes - Spam is a huge topic. A really good mail ISP will dump 99% or more of all spam without bothering you.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Suggested Solutions

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now