> I received a mail on my test box, and the message was blank, and had an
exe
> attached [no - I didn't open it! ;-) ]
That was a smart move!
> Is there a way to track who sent it? I'm just curious who any why they
would
> send this...
First, if it was an .EXE file, then it is much more likely a virus than
spam. I've never seen spam with an .EXE attachment -- and it would be even
less likely someone would send a spam with an .EXE but no enticing text with
it.
The first step in tracking is to check the "From:" address. This can easily
be forged, but if it is a virus/worm that spread itself (as opposed to a
weirdo sending one to you intentionally), it is rarely (if ever) forged.
But, I'm guessing you've already checked there.
The next step is to check the headers. Look for the first "Received:" line.
Unless you have a multi-hop system (mail coming into one machine, then going
to IMail), this line will give you the IP address of the sender. For
example, "Received: from list.ipswitch.com [156.21.1.21] by mail.declude.com
(SMTPD32-6.00) id A2D22C025A; Thu, 16 Nov 2000 07:28:02 -0500" would
indicate that the mail came from a machine claiming to be list.ipswitch.com,
but that almost certainly has the IP address 156.21.1.21. It's even
possible (but difficult) to spoof that, unless you have a firewall block
such trickery.
-Scott
Declude: Anti-spam and Anti-virus solutions for IMail.
http://www.declude.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
