Do you know how most spam gets to your inbox? It is sent using an unsuspecting user’s email account. Their computer has been taken over by a malware, trojan or virus that gives the spammers full access to their information and computer resources.
You can identify the source of the email by viewing the headers. The key is to find the true email listed in the “Received from” code. In the example below of a spam message, it falsely states that it came from “Mr.Alex Martinez.” <marcelolotteriaespanol@aiesec.net>, but the reply goes to mrjesuscarlosdept2610@hotmail.com, and if you look even closer to the headers in the “Received from” it actually came from “authenticated user name@aiesec.net (I removed the actual name for privacy of the victim).
In this case, I will inform both the victim that their email account is being used for spamming and that their computer may be infected with malware/spyware/virus, as well as sending a copy of these headers to abuse@hotmail.com since the true return address is a hotmail account used for receiving the spam response.
Note: not all headers will clearly show the true source of the email. But if we all just reviewed one per week, we could potentially eliminate 1000’s of spam sources daily.
| Return-Path: | <marcelolotteriaespanol@aiesec.net> | |
| Authentication-Results: | mta180.mail.re4.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig) | |
| Received: | from 195.219.234.99 (EHLO mail.aiesec.net) (195.219.234.99) by mta180.mail.re4.yahoo.com with SMTP; Fri, 19 Jun 2009 21:46:30 -0700 | |
| Received: | from localhost (unknown [127.0.0.1]) by mail.aiesec.net (Postfix) with ESMTP id 655581CF9F1; Fri, 19 Jun 2009 14:56:32 +0000 (UTC) | |
| Received: | from mail.aiesec.net ([10.32.64.213]) by localhost (mail.aiesec.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWEBm+tg+DWg; Fri, 19 Jun 2009 15:56:32 +0100 (BST) | |
| Received: | from mail.aiesec.net (LONAISWMFT001 [127.0.0.1]) by mail.aiesec.net (Postfix) with ESMTP id 724D11CF97C; Fri, 19 Jun 2009 15:56:28 +0100 (BST) | |
| Received: | from 41.220.75.3 (SquirrelMail authenticated user NAME) by mail.aiesec.net with HTTP; Fri, 19 Jun 2009 05:56:28 -0900 (HADT) | |
| Message-ID: | <16100.41.220.75.3.1245423388.squirrel@mail.aiesec.net> | |
| Date: | Fri, 19 Jun 2009 05:56:28 -0900 (HADT) | |
| Subject: | FROM: THE DESK OF THE E-MAIL PROMOTIONS MANAGER. | |
| From: |
“Mr.Alex Martinez.” <marcelolotteriaespanol@aiesec.net>
|
|
| Reply-To: | mrjesuscarlosdept2610@hotmail.com | |
| User-Agent: | SquirrelMail/1.4.5 [CVS] | |
| MIME-Version: | 1.0 | |
| Content-Type: | text/plain;charset=utf-8 | |
| Content-Transfer-Encoding: | 8bit | |
| Importance: | Normal | |
| To: | undisclosed-recipients:; | |
| Content-Length: | 1404 |
