Tweet
most virus\'/spam, might tell you where they came from, but seldom originate from that address.
Its called spoofing, the server that sends out spam, or the code in the virus changes the email headers to give mis-information as to the origin, makes em nigh on impossible to track down.
If you view the source code of the email in your mail applications you should see something like:
From quotecare@2minutequote.prserv.net Fri Jan 14 19:50:46 2005
Return-Path: <quotecare@2minutequote.prserv.net>
Received: from aamta01-winn.mailhost.ntl.com ([212.250.162.8])
by mta09-winn.mailhost.ntl.com with ESMTP
id <20050114194557.HLXN22154.mta09-winn.mailhost.ntl.com@aamta01-winn.mailhost.ntl.com>
for <mark.hardy8@ntlworld.com>; Fri, 14 Jan 2005 19:45:57 +0000
Received: from grupoimpresa.com ([217.172.70.98])
by aamta01-winn.mailhost.ntl.com with ESMTP
id <20050114194557.XUXB15415.aamta01-winn.mailhost.ntl.com@grupoimpresa.com>
for <mark.hardy8@ntlworld.com>; Fri, 14 Jan 2005 19:45:57 +0000
Received: from 217.172.70.182 (broadred70182.broadred.net [217.172.70.182])
by grupoimpresa.com (Postfix) with SMTP id 073DBA67CBF;
Fri, 14 Jan 2005 20:22:53 +0100 (CET)
Message-ID: <00004b86021a$00002a18$0000433c@217.172.70.182>
the messge id at the bottom and the return path at the top are your clues, although the return path can be spoofed as well, so you need to look at the paths in the received bit as well.
have a look and let me know what you can see and I\'ll have bit hack er I mean investigate for you if you want.
Its called spoofing, the server that sends out spam, or the code in the virus changes the email headers to give mis-information as to the origin, makes em nigh on impossible to track down.
If you view the source code of the email in your mail applications you should see something like:
From quotecare@2minutequote.prserv.net Fri Jan 14 19:50:46 2005
Return-Path: <quotecare@2minutequote.prserv.net>
Received: from aamta01-winn.mailhost.ntl.com ([212.250.162.8])
by mta09-winn.mailhost.ntl.com with ESMTP
id <20050114194557.HLXN22154.mta09-winn.mailhost.ntl.com@aamta01-winn.mailhost.ntl.com>
for <mark.hardy8@ntlworld.com>; Fri, 14 Jan 2005 19:45:57 +0000
Received: from grupoimpresa.com ([217.172.70.98])
by aamta01-winn.mailhost.ntl.com with ESMTP
id <20050114194557.XUXB15415.aamta01-winn.mailhost.ntl.com@grupoimpresa.com>
for <mark.hardy8@ntlworld.com>; Fri, 14 Jan 2005 19:45:57 +0000
Received: from 217.172.70.182 (broadred70182.broadred.net [217.172.70.182])
by grupoimpresa.com (Postfix) with SMTP id 073DBA67CBF;
Fri, 14 Jan 2005 20:22:53 +0100 (CET)
Message-ID: <00004b86021a$00002a18$0000433c@217.172.70.182>
the messge id at the bottom and the return path at the top are your clues, although the return path can be spoofed as well, so you need to look at the paths in the received bit as well.
have a look and let me know what you can see and I\'ll have bit hack er I mean investigate for you if you want.
Comment