Yes. Email headers are important. > -----Original Message----- > From: Rob Hackney [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 13, 2002 3:13 AM > To: Exchange Discussions > Subject: RE: Unsolicited Email > > it was a joke. > anyway, I'm still unclear as to look or not look at smtp headers. > Perhaps someone could help me understand this. > Thanks. > > > -----Original Message----- > From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] > Sent: 12 August 2002 18:57 > To: Exchange Discussions > Subject: RE: Unsolicited Email > > > EEEEEnnnnng! Wrong Answer...especially if you are using McAfee. See > link > below. > > McAfee anti-virus software fails to block Klez virus sometimes... > http://www.silicon.com/public/door?6004REQEVENT=&REQINT1=54540&REQSTR1=s > ilic > on.com > (may wrap) > > -----Original Message----- > From: Rob Hackney [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 12, 2002 6:50 AM > To: Exchange Discussions > Subject: RE: Unsolicited Email > > > sure but then the av software will pick this up ;-)) > I understand the reasons why it's not great because of the ease of > spoofing > but is there any greater reason? As I've said, I find they can be > useful to > find out if my server or my isp server has a problem. > > -----Original Message----- > From: Couch, Nate [mailto:[EMAIL PROTECTED]] > Sent: 12 August 2002 14:42 > To: Exchange Discussions > Subject: RE: Unsolicited Email > > > Also remember that this is how the Klez family of viruses works (ie it > spoofs addresses in an infected machine's address book). > > Nate Couch > EDS Messaging > > > ---------- > > From: Rob Hackney > > Reply To: Exchange Discussions > > Sent: Monday, August 12, 2002 07:49 > > To: Exchange Discussions > > Subject: RE: Unsolicited Email > > > > <snip> Nobody on this should list should read the SMTP headers. > </snip> > > Ok, so I'm not the creme de la creme but I wouldn't count myself as > the > > creme de la merde either (no comments pls!) but why not look at > headers? > > When our mail server was used as a spam relay I looked at them and > could > > see where it was routed thru. > > And if it is legit mail, you can also see whether you or your isp has > a > > problem with out bound comms, can you not? > > > > > > -----Original Message----- > > From: Les Bessant [mailto:[EMAIL PROTECTED]] > > Sent: 12 August 2002 13:33 > > To: Exchange Discussions > > Subject: RE: Unsolicited Email > > > > > > Hey, we're not all PHBs, Erik! Some of us have to do the technical > stuff > > ourselves.... > > > > <g,d&r> > > > > > > -----Original Message----- > > From: Erik Sojka [mailto:[EMAIL PROTECTED]] > > Sent: 09 August 2002 19:34 > > To: Exchange Discussions > > Subject: RE: Unsolicited Email > > > > > > Nobody on this should list should read the SMTP headers. > > > > > -----Original Message----- > > > From: Greg Deckler [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, August 09, 2002 2:33 PM > > > To: Exchange Discussions > > > Subject: Re: Unsolicited Email > > > > > > > > > First, ignore the advice of reading the RFC's and headers. If an > > > individual signed up for a web email service such as Hotmail or > > > Yahoo! or brain.com.pk under false pretenses then you will have to > > > contact the provider to see if they can help you track down the > > > abuser. All the headers are going to tell you is that the email > > > message came from an account on www.brain.com.pk which is pretty > > > useless since you already know > > > that. They should at least be able to disable the account for > > > you and may > > > have some information related to what computer was used to access > that > > > account. > > > > > > If the user had instead used the common SMTP hack to forge a > > > From address, > > > then the RFC's and headers would come into play. But > > > depending on how they > > > did the hack, you still would probably not be able to > > > determine much if > > > they did anything to help cover their tracks. > > > > > > As you have discovered, in the world of SMTP and free email > > > services, it > > > is extremely easy to forge the From address of an email and it is > > > difficult, if not impossible to track this down if the person > > > doing it has > > > any amount of a brain what-so-ever. Tell your executives to > > > deal because > > > it is the nature of SMTP and the Internet. > > > > > > > Dear List, > > > > > > > > Today, our senior executive's received Illegal/unsolicited > > > email with = > > > > the name of one of our senior executive. His name was used > > > on free web = > > > > based email service (www.brain.com.pk). My question is how > > > can I trace = > > > > the culprit. > > > > > > > > Help in this regard is really appreciated. > > > > > > > > Thanks & Regards. > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > ________________________________________________________________________ > > This e-mail has been scanned for all viruses by Star Internet. > > > > > > The information in this communication and any attachments is > > confidential and may be legally privileged. It is intended solely for > > the > addressee. > > If > > you are not the intended recipient any use, review, dissemination, > > distribution or copying of this information is strictly prohibited. If > > > you have received this communication in error please notify us > > immediately on > > 0191 261 2681 and delete the original message and any copies of it. > > > > Any opinions, conclusions or other information in this message that do > > > not relate to the official business of Sanderson Townend & Gilbert are > > neither > > given nor endorsed by the firm. > > > > > > > ________________________________________________________________________ > > This e-mail has been scanned for all viruses by Star Internet. The > > service is powered by MessageLabs. For more information on a proactive > > > anti-virus service working around the clock, around the globe, visit: > > http://www.star.net.uk > > > ________________________________________________________________________ > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > intY has scanned this email for all known viruses (www.inty.com) > > > > > > > > intY has scanned this email for all known viruses (www.inty.com) > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > intY has scanned this email for all known viruses (www.inty.com) > > > > intY has scanned this email for all known viruses (www.inty.com) > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > intY has scanned this email for all known viruses (www.inty.com) > > > > intY has scanned this email for all known viruses (www.inty.com) > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]