Finding sender

Use this forum to get help.

Finding sender

Postby End User » Tue Aug 23, 2016 6:36 pm

This may have been asked before but when one looks at the expanded header how can someone identify who the sender is or find their IP address? There is so much information in the header one would need to take a comprehensive class to interpret it.

We keep receiving many spams with the same message but to several of our disposable addresses. We want to identify where the sender is and contact someone perhaps at their ISP to cause that sender to stop/be disallowed/incarcerated/brought to justice etc.

Thank you.
End User
 
Posts: 19
Joined: Sun Jan 13, 2013 8:25 pm

Re: Finding sender

Postby lwc » Wed Aug 24, 2016 5:42 pm

This is really off-topic as it's not related to Spamgourmet.
But what you want to look for is the Received headers.
Here's one tutorial. The earliest (i.e. most downward) Received line is the one that should belong to the sender him/herself.
lwc
 
Posts: 383
Joined: Sat Aug 28, 2004 9:09 am

Re: Finding sender

Postby End User » Wed Aug 24, 2016 8:39 pm

Thank you for that reference. I am sure it will prove very helpful.

The current problem is that in order to see the full header the email client (web based) wants to show the attachment also. Well these spams all have one thing in common. The attachments are Malware and my security program stops the full header page from loading. How can one get the full header without having the attachment pen and load? Any ideas?

If that last problem is overcome somehow I have one question left. How can I be sure any results from the header are not forged and showing a false "Received from" address?

Thank you.
End User
 
Posts: 19
Joined: Sun Jan 13, 2013 8:25 pm

Re: Finding sender

Postby lwc » Fri Aug 26, 2016 12:25 pm

You can use a program like http://www.poppeeper.com (it has a freeware version) that lets you see headers without downloading attachments.
Alternatively, use a respected web mail client like Gmail which is supposed to block scripts that are embedded in the message.

You can't be sure the Received lines weren't forged. The Internet was built on good faith and spammers took advantage. It's part of the problems of spam.
You can look for lines like "SPF: passed" which means the servers (including Spamgourmet's) that are mentioned in the Received lines were contacted and confirmed their inclusion was legit.
You can paste the full headers + body (in source code mode) into https://www.spamcop.net and they'll immediately tell you what are their conclusions regarding your message. They'll even present you with a complaint form and all you'll have to do is fill it up and click submit.
lwc
 
Posts: 383
Joined: Sat Aug 28, 2004 9:09 am


Return to Support / Hilfe / ayuda / ondersteuning / ...

Who is online

Users browsing this forum: No registered users and 6 guests

cron