Sign in to follow this  
Guest

OT - How can U determine actual email sender?

Recommended Posts

Hi!We are getting 10 to 20 virus emails with the same return path a week on our small business server. It has been going on for at least 3 months and is obviously intentional. The return path (not From in header) is spoofed.Is it possible to determine the original sender? I would like to notify their ISP. Thanks BobP :)

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Look for a free mail bouncer program called Mail Washer. It allows you to black list and bounce back SPAM. (to the real sender!)

Share this post


Link to post
Share on other sites

I'm not a pessimist, but I'd be extremely careful here.It is possible to use a perfectly working e-mail address - that you don't even own! - in the From, Reply-To, Return-Path and similar fields, without showing any sign of the real e-mail address.The only thing that will be shown in the worst case is the IP address, and it can be very difficult to track which individual it is, thus bouncing an e-mail to that individual would most likely not work.Just a warning from my side.So my hint is the following:Check the message source, and look for these IP addresses (i.e. [111.222.333.444] or whatever) in the Received fields. Can be a bit tricky but if you have several IP addresses and you don't know which to use, try looking up both as described below.Type in the IP address here:http://www.bankes.com/nslookup.htmWhen you've got the name of the domain (something like avsim.com or flightsim.com ... whatever, bad examples in this context though), submit that here:http://www.betterwhois.com/If you have problems with the popups, try any of these:http://www.arin.net/http://www.ripe.net/perl/whoisActually, there are tools out there for this but I can't tell where to find them right now. Try a search on www.google.com if you want these.Dave

Share this post


Link to post
Share on other sites

yAHOO has great filtering software, you should use that. I use yahoo to read all my POP eMail.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this