Hi, On Wed, 25 Jun 2003, Jim Ford wrote:
> On Tue, Jun 24, 2003 at 03:30:40PM -0700, Abigail Marshall wrote: > > > As to proving where it comes from, I'm just not sure it's > > worth the effort on an individual basis -- a lot of time & > > expense involved. That's another thing the big ISP's could > > Any pointers as to how to trace email from the headers - they're pretty > cryptic to a non IT professional like myself? If fact it would be useful to > have a reference explaining the meaning of all the headers - sort of a > 'Newbies Guide to Headers', or maybe an RFC! Short answer: Received headers are listed in reverse chronological order (most recent first) and show the path the mail took from sender to recipient (Received: from helo_name (dns.host.name [10.1.2.3]) by recipient.host.name with ... for ... id ... date). Start with the first Received header (your local mail server) and match one line's sender to the previous line's recipient. At some point you'll find two headers that don't match up or you'll run out of headers. At that point, you probably have the sender. Some caveats: 1) Bogus Received headers are common but always occur below the last legitimate header (once you find one bogus one the rest are probably junk too), 2) envelope sender (helo_name) is often forged, and 3) spam sent through proxies has the proxy address as the originator, not the actual sender (open proxies are great for anonymizing hostile traffic. all bad.) If you can view the full message on a Windows box, Sam Spade can help: http://www.samspade.org/ssw/ Otherwise, see the SPAM-L FAQ: http://www.claws-and-paws.com/spam-l/tracking.html Or try Google: http://www.google.com/search?as_q=reading+mail+headers+spam hth, -- Bob ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
