sure but then the av software will pick this up ;-)) I understand the reasons why it's not great because of the ease of spoofing but is there any greater reason? As I've said, I find they can be useful to find out if my server or my isp server has a problem.
-----Original Message----- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: 12 August 2002 14:42 To: Exchange Discussions Subject: RE: Unsolicited Email Also remember that this is how the Klez family of viruses works (ie it spoofs addresses in an infected machine's address book). Nate Couch EDS Messaging > ---------- > From: Rob Hackney > Reply To: Exchange Discussions > Sent: Monday, August 12, 2002 07:49 > To: Exchange Discussions > Subject: RE: Unsolicited Email > > <snip> Nobody on this should list should read the SMTP headers. </snip> > Ok, so I'm not the creme de la creme but I wouldn't count myself as the > creme de la merde either (no comments pls!) but why not look at headers? > When our mail server was used as a spam relay I looked at them and could > see where it was routed thru. > And if it is legit mail, you can also see whether you or your isp has a > problem with out bound comms, can you not? > > > -----Original Message----- > From: Les Bessant [mailto:[EMAIL PROTECTED]] > Sent: 12 August 2002 13:33 > To: Exchange Discussions > Subject: RE: Unsolicited Email > > > Hey, we're not all PHBs, Erik! Some of us have to do the technical stuff > ourselves.... > > <g,d&r> > > > -----Original Message----- > From: Erik Sojka [mailto:[EMAIL PROTECTED]] > Sent: 09 August 2002 19:34 > To: Exchange Discussions > Subject: RE: Unsolicited Email > > > Nobody on this should list should read the SMTP headers. > > > -----Original Message----- > > From: Greg Deckler [mailto:[EMAIL PROTECTED]] > > Sent: Friday, August 09, 2002 2:33 PM > > To: Exchange Discussions > > Subject: Re: Unsolicited Email > > > > > > First, ignore the advice of reading the RFC's and headers. If an > > individual signed up for a web email service such as Hotmail > > or Yahoo! or > > brain.com.pk under false pretenses then you will have to contact the > > provider to see if they can help you track down the abuser. All the > > headers are going to tell you is that the email message came from an > > account on www.brain.com.pk which is pretty useless since you > > already know > > that. They should at least be able to disable the account for > > you and may > > have some information related to what computer was used to access that > > account. > > > > If the user had instead used the common SMTP hack to forge a > > From address, > > then the RFC's and headers would come into play. But > > depending on how they > > did the hack, you still would probably not be able to > > determine much if > > they did anything to help cover their tracks. > > > > As you have discovered, in the world of SMTP and free email > > services, it > > is extremely easy to forge the From address of an email and it is > > difficult, if not impossible to track this down if the person > > doing it has > > any amount of a brain what-so-ever. Tell your executives to > > deal because > > it is the nature of SMTP and the Internet. > > > > > Dear List, > > > > > > Today, our senior executive's received Illegal/unsolicited > > email with = > > > the name of one of our senior executive. His name was used > > on free web = > > > based email service (www.brain.com.pk). My question is how > > can I trace = > > > the culprit. > > > > > > Help in this regard is really appreciated. > > > > > > Thanks & Regards. > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > ________________________________________________________________________ > This e-mail has been scanned for all viruses by Star Internet. > > > The information in this communication and any attachments is > confidential > and may be legally privileged. It is intended solely for the addressee. > If > you are not the intended recipient any use, review, dissemination, > distribution or copying of this information is strictly prohibited. If > you > have received this communication in error please notify us immediately > on > 0191 261 2681 and delete the original message and any copies of it. > > Any opinions, conclusions or other information in this message that do > not > relate to the official business of Sanderson Townend & Gilbert are > neither > given nor endorsed by the firm. > > > ________________________________________________________________________ > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > ________________________________________________________________________ > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > intY has scanned this email for all known viruses (www.inty.com) > > > > intY has scanned this email for all known viruses (www.inty.com) > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] intY has scanned this email for all known viruses (www.inty.com) intY has scanned this email for all known viruses (www.inty.com) _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]