Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

How can I check email headers properly

Mar 13, 2004 1:45AM PST

Hi everyone Happy

I've been getting huge amounts of emails recently with viruses attached, as well as the usual foreign scams which are all money related. I want to check where these emails are coming from but the headers are confusing me. If I copy and paste one example below, would SKS pick out the bits I need to inform their ISP or workplace please? I am getting really fed up with these emails and I can't block them because they are coming from all diff' people.

Thanks in advance, Lisa......

Return-Path: <penny@uhs.edu>
Received: from mwinf3203.me.freeserve.com (mwinf3203.me.freeserve.com)
by mwinb3101 (SMTP Server) with LMTP; Sat, 13 Mar 2004 17:22:41 +0100
X-Sieve: Server Sieve 2.2
Received: from pisces7.fsworld.co.uk (66-214-4-127.lb-cres.charterpipeline.net [66.214.4.127])
by mwinf3203.me.freeserve.com (SMTP Server) with ESMTP id 8867918000F2
for <quarian3@pisces7.fsworld.co.uk>; Sat, 13 Mar 2004 17:22:27 +0100 (CET)
From: penny@uhs.edu
To: quarian3@pisces7.fsworld.co.uk
Subject: question
Date: Sat, 13 Mar 2004 08:02:46 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0003_0000352A.00006187"
X-Priority: 3
X-MSMail-Priority: Normal
Envelope-to: quarian3@pisces7.fsworld.co.uk
Message-Id: <20040313162227.8867918000F2@mwinf3203.me.freeserve.com>

This email had this virus attached:

Viruses found in the attached files.
The attached file message_mails.zip is infected by I-Worm/Netsky.C. The attachment was moved to the virus vault.
The original message follows:
---
is that your slip?

Discussion is locked

- Collapse -
Re:How can I check email headers properly
Mar 13, 2004 2:17AM PST

More power to you if you want to contact the sender's ISP or such.

But I'll share I use MailWasher which uses some spam email address service and automatically filters out some 90+ % of the bad emails. The others can be viewed in ascii (safely) and added to the block sender or server list.

Just FYI, with the email being "spoofed" about 100% of the time, you may not find the real sender...

Bob

- Collapse -
Re:Re:How can I check email headers properly
Mar 13, 2004 2:38AM PST

Hi Bob,

Thanks for your prompt reply Happy I know that it can be hard to trace the original sender but in the header I pasted it says: Return-Path: <penny@uhs.edu>

Now I went to the uhs.edu website but I didn't want to start blaming this 'penny' person in case it came from someone else. Do you know how I would interpret the headers properly? Even if I don't act on all the virus mails that come through, it would be nice to inform a few ISP's that I'm getting ticked off!

I do have SpamFighter in my Outlook program but if these emails (and they are) are all coming from diff' emails addies how can I block them all sufficiently? None are coming twice from the same person!

Thanks for your time Bob,

Lisa

- Collapse -
Do you know about spoofing?
Mar 13, 2004 3:04AM PST

I guess I was too gentle about the spoof issue. Excuse my word if they seem harsh, but they are not intended to be.

When the SMTP server is connected to, the software says "I have this email for you to pass along" and the SMTP server doesn't check that the path is correct or really grill the sender that they are a trusted sender.

As such, a spoofed email is for all intent untraceable. This is by design.

People new to how SMTP works will think they can read the headers and trace the source of the email.

Do a little research on spoofing before you waste your time. And ignore me if you want since its your time to spend as you chose.

Again, I write this in all good intent to save you from jumping down a well with no apparent bottom.

Bob

- Collapse -
Re:Do you know about spoofing?
Mar 13, 2004 3:22AM PST

Hi Bob,

Noooo didn't know about spoofing!!!! I shall look it up and I didn't take your reply as being harsh at all Happy

Thanks for letting me know about the above and perhaps I will have to find a way of blocking these emails after all? It just worries me that if my AVG wasn't updated for some reason, the viruses might infect my PC and that would really p me off!!!

Cheers again for your reply Happy

Lisa

- Collapse -
AVG and uppdates. Try this. Find your URL.INI and put this in it.
Mar 13, 2004 3:42AM PST