hi all out of curiosity I turned on the advanced Message Headers info so that I could see where spam emails where coming from so that I can more effectively block them but i'm not sure what it is that I'm looking at or how I use this info to filter junk mail and i was wondering if any one here knows how one would use the header info in to block spam email
Here are a few articles that will hopefully help explain headers: http://www.stopspam.org/email/headers.html http://www.uic.edu/depts/accc/newsletter/adn29/headers.html http://www.internetprivacyfordummie...=Sections&file=index&req=viewarticle&artid=10 http://www.rickconner.net/spamweb/anatomy.html http://pobox.com/headers.mhtml - Click the two links to read about valid and forged headers. HTH
hi thanks for your replay but all this stuff is a lil over my head and i was hopeing to get a simplified explanation ok here the header info for a spam email i received this to day Code: X-Message-Status: n:0 X-SID-PRA: Dorothy Deluca <doroaudiuca@hotmail.com> X-SID-Result: Pass X-Message-Info: txF49lGdW40GJ9cz6p1/Pq6JJntbPhnfx1lOYTXZYXhTgtPWMJQrggxafnUiVnPs Received: from bay0-omc1-s36.bay0.hotmail.com ([65.54.246.108]) by bay0-imc1-s28.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 25 May 2007 15:47:14 -0700 Received: from BAY139-W5 ([64.4.43.40]) by bay0-omc1-s36.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 25 May 2007 15:47:14 -0700 Message-ID: <BAY139-W5A7ED78EA500FB56531C1B72B0@phx.gbl> Content-Type: multipart/alternative; boundary="_3eb8def9-f8db-4843-9af9-7672c4a7704f_" X-Originating-IP: [85.155.195.147] From: Dorothy Deluca <doroaudiuca@hotmail.com> To: <*********@msn.com> Subject: hi Date: Fri, 25 May 2007 15:47:14 -0700 Importance: Normal MIME-Version: 1.0 Return-Path: doroaudiuca@hotmail.com X-OriginalArrivalTime: 25 May 2007 22:47:14.0639 (UTC) FILETIME=[A3A085F0:01C79F1E] now what I'm wondering is out of this info which is the important bit which is the bit that's going to tell me where the email really came from and there for what i need to add to my block list to prevent this person sending me further spam
To block that specific SPAM you would block doroaudiuca@hotmail.com; you should also report the abuse to hotmail - http://www.hotmail.msn.com/cgi-bin/dasp/ua_info.asp forward the full headers to abuse@hotmail.com
question isn't adding that address entirely pointless ?? being that this most defiantly is spam would it not be safe to assume that the sender email address is fake coz the other day I received a more or less identical spam email that claimed the sender was me obviously the from line was fake so question remains how do i find out where this really came from so that i can block the source coz the from line just seems to use a randomly generated address here is a few examples I must have a list of some 200+ addresses on my block list just like these but yet I'm still receiving these spam emails so id like to find out where there coming from so i can block the source now i would have assumed that X-Originating-IP: [85.155.195.147] would have been the real source but according to the links you posted this is most likely not the case
It's easy to forge the from the line; any newbie can do it. There isn't any real easy way to stop the spam other than reporting the originating IP address ... there are also tons of open proxies/email servers ... I can easily sent countless spam through my ISPs SMTP servers at will --- until that/my IP address is reported. Quite frankly on my ISP email account(s) I've created rules for my email client that automatically process *@hotmail.com, *@gmail.com, *@yahoo.* / etc. ; to my SPAM folder [unless it is communicated before hand that emails will come from a specific email address - and I create a filter specifically for that situation] which I routinely forward to spamcop.net [This of course isn't appropriate for a hotmail address]. I've had one of my ISP email accounts compromised by a retailer that sold my email address [It was created exclusively for communications with them] - so I'm reasonable sure this was the case. All in all, SPAM doesn't bug me. I'm rather entertained by the various SPAM for Viagra, lengthening my penis size etc.. Reporting the SPAM to spamcop.net has eventually lessen the load however. As a further comment, gmail's spam filters are quite impressive - they regularly catch 99% of the spam. Your best bet is to create an account at www.spamcop.net and report spam accordingly. P2K is a wonderful source of information, he can further help you - he is a true expert on such things. EDIT: Full Disclosure : I'm drunk right now - My apologies in advance