vision2020
[Date Prev] [Date Next] [Thread Prev] [Thread Next]
[Date Index] [Thread Index] [Author Index] [Subject Index]

Spam Mail



In case you don't see all the neat things going on with an e-mail header, here's a comparison between Dale Courtney's legitimate message to Bill London, and the original spam message that was sent in Bill's name.  Important differences have been highlighted.

[Legitimate Message Header]
Resent-Date: Tue, 29 Oct 2002 05:21:58 -0800 (PST)
From: "Dale Courtney" <dmcourtn@moscow.com>
To: <vision2020@moscow.com>
Subject: RE: Gasb34 What is Asset Management & why does it matter?
Date: Tue, 29 Oct 2002 05:21:48 -0800
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-Mailing-List: <vision2020@moscow.com> archive/latest/4040

[Forged "From" Field]
Resent-Date: Tue, 29 Oct 2002 00:26:03 -0800 (PST)
Subject: Gasb34 What is Asset Management & why does it matter?
Sender: "Webamster" <ams@gasb34.us>
Date: Tue, 29 Oct 2002 00:21:03 -0800
To: vision2020@moscow.com
From: london@moscow.com
Reply-to: vision2020@moscow.com
X-Mailing-List: <vision2020@moscow.com> archive/latest/4039

====================================================================

The fields in blue are interesting because they show what e-mail client Dale was using. As for the red, that's the original sender of the message. The "From" field was filled in with Mr. London's name, and ta-da, spam that appears to come from someone else. A legit message from Bill has these fields, since he is using Mozilla's e-mail client: 

X-Mailer: Mozilla 4.5 [en]C-CCK-MCD (Win98; I)
X-Accept-Language: en

So, poking through the message headers can often be a rather interesting diversion for a gloomy grey morning.


---
David Camden-Britton  -=)*(=-  davidcb@turbonet.com




Back to TOC