Lunarpages Web Hosting Forum

Author Topic: Email sources...  (Read 2041 times)

Offline AaronG

  • Intergalactic Cowboy
  • *****
  • Posts: 72
    • slowlane.net
Email sources...
« on: May 02, 2004, 12:50:04 AM »
One of my users has been getting a number of emails like this, with dodge attachments and no or little text. I have replaced her email address with me@mydomain.net. I was wondering if its possible to see where its coming from? Or if she just has a virus or something on her computer.

Code: [Select]
Return-path: <inet@microsoft.com>
Envelope-to: me@mydomain.net
Delivery-date: Fri, 30 Apr 2004 23:40:23 -0700
Received: from [202.180.100.189] (helo=slowlane.net)
 by valina.lunarpages.com with esmtp (Exim 4.24)
 id 1BJoA7-0005e5-Nw
 for me@mydomain.net; Fri, 30 Apr 2004 23:39:54 -0700
From: inet@microsoft.com
To: me@mydomain.net
Subject: Important
Date: Sat, 1 May 2004 18:39:19 +1200
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_NextPart_000_0003_00003490.00003AA1"
X-Priority: 1
X-MSMail-Priority: High
Message-Id: <E1BJoA7-0005e5-Nw@valina.lunarpages.com>

Offline Amy

  • Administrator
  • Berserker Poster
  • *****
  • Posts: 10081
Email sources...
« Reply #1 on: May 02, 2004, 06:12:23 AM »
They are Spoof email, virus senders

Offline Pete

  • Alien Anomaly
  • Senior Moderator
  • Professor in Nanotechnology
  • *****
  • Posts: 4246
    • X-Visions Website Design
Email sources...
« Reply #2 on: May 02, 2004, 06:16:54 AM »
Hi.
As always I would suggest everyone use good anti-virus software on any computer that is conected to the internet.
Keep virus definition files updated, and enable email scanning.

You can also scan free, from the 'net, using professional scanning software, constantly updated, at:
http://housecall.antivirus.com

It downloads and installs an activex control, so if you're running spybot or somthing, you may need to change a setting to let this install.

You can check out the senders IP by looking at the header information in the post. In the example you give, the I.P in question is 202.180.100.189 ( the email 'name' is alterable from the senders end, so does not necessarily show the 'true' sender.
using a site such as http://centralops.net/co/  select Domain Dossier and enter the numbers ( I.P. ) into the domain or IP addressbox and click "GO" the information provided gives you information abotu the sender.
THEY MAY NOT BE AWARE THEY ARE SENDING EMAILS IF THEY HAVE AN INFECTION ON THEIR MACHINE..So instead of sending off a nasty email to them or their service providers, a polite email is always a better option.

Please check out the security section of the forums regulary as 'updates' and warnings are regularly posted in their.
x-visions.com


As I'm always saying.. (But nobody listens)
"Take a step back.. Take a deep breath and see if there a simple solution there, thats hiding" lol  :DLunarpages Web Hosting   Lunarpages Forums  Lunarpages Affiliate Program