At 07:14 PM 4/24/01 -0400, Cindy Shultz wrote the following:
>I use Outlook Express for my email and I have been getting some unwanted
>solicitations from a mortgage lender..
>
>First question: How do I find out his email address?
>All I see is his name in the "From:" field
You need to look at the full headers. Unless the person is really good at
forging and munging them, you can always track back to the source from the
headers.
In Outlook Express, main identity windows, right click on message, then
select Properties and click on the Details tab.
Example, a portion of you message headers to this list:
Received: from falcon.mail.pas.earthlink.net
(falcon.mail.pas.earthlink.net [207.217.120.74]) by imagicomm.com
(8.8.8) id RAA73223; Tue, 24 Apr 2001 17:18:59 -0600 (MDT)
Received: from w5zj4 (sdn-ar-001ncgreeP051.dialsprint.net
[206.133.65.35]) by falcon.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3)
with SMTP id QAA09572 for <[EMAIL PROTECTED]>; Tue, 24 Apr 2001
16:18:57 -0700 (PDT)
Message-ID: <00a501c0cd14$5674a960$234185ce@w5zj4>
From: "Cindy Shultz" <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
The "From" can be forged, so ignore it.
The Message-ID and the first Received header match -- so they are not
forged. (Note the w5zj4). You use a dial-up line via Sprint to connect to
your Earthlink account and send mail to this mailing list.
You also use Outlook Express as your e-mail client and your machine is using
Windows-1252 character set. You would be better off using an ISO-8859-1
(standard Latin 1) charset unless you are Norwegian.
See http://www.w3.org/International/O-charset-list.html
ISO-8859-1
http://www.microsoft.com/globaldev/reference/iso/28591.htm
Windows 1252
http://www.microsoft.com/globaldev/reference/sbcs/1252.htm
Windows code pages (charset)
http://www.microsoft.com/globaldev/reference/wincp.asp
ISO charset
http://www.microsoft.com/globaldev/reference/iso.asp
IP address for Sprint is correct. Here is how I checked.
no2:/opt2/home3/expita>nslookup 206.133.65.35
Server: localhost
Address: 127.0.0.1
Name: sdn-ar-001ncgreeP051.dialsprint.net
Address: 206.133.65.35
Other parts of the Received line can be verified. PDT time matches Earthlink
(Pasadena, CA - daylight savings time in effect).
falcon.mail.pas.earthlink.net is a valid mail server at Earthlink (all their
mail servers use bird names - I made a list of them.)
Let's check:
no2:/opt2/home3/expita>nslookup falcon.mail.pas.earthlink.net
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: falcon.mail.pas.earthlink.net
Address: 207.217.120.74
The Message-ID is like a serial number and contains a unique identifier (the
local-part address unit) which refers to THIS version of THIS message. The
uniqueness of the message identifier is guaranteed by the host which
generates it. This identifier is intended to be machine readable and not
necessarily meaningful to humans. A message identifier pertains to exactly
one particular message; subsequent revisions to the message should each
receive new message identifiers. sendmail constructs the field from the
data, the time, a unique file name, and the originating machine name.
In this case, Earthlink is running Solaris sendmail version 8.9.3. This
Message-ID could be sent to abuse at Earthlink. They could check the logs on
their mailer daemon and find out it was you who sent the mail. Sometimes,
you can't get the actual userid of the person who sent the mail, but you can
always trace it back to the source.
--
Gerry Boyd -- [EMAIL PROTECTED]
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
