[kwlug-disc] Trace spam email back to source
John Van Ostrand
john at vanostrand.com
Tue Jun 30 10:58:06 EDT 2020
If you look at the raw message, "Show original" or "headers" is often a
menu item to show the raw message headers.
You can see "Received:" lines that show the originating IP address. One of
the addresses on that will be the original sender. I say "one of" because
the sender could have inserted fake header lines. The oldest "Received"
lines are at the bottom. The names associated with the IP addresses can
give you some information. One is the name the sender gives their system,
another is the name the receiver sees it as (usually a reverse DNS lookup).
You can also use whois to lookup Ip addresses or see who owns them and a
geoip lookup to see where the address is.
On Tue, Jun 30, 2020 at 10:51 AM Yas Adem <yadem.ethio at gmail.com> wrote:
> Hey Guys,
>
> i just received an email from friend i know and interestingly reply-to is
> different email address. This email is basically asking to purchase Google
> Play pay gift cards for him as he is in hospital helping relative, in short
> i believe his email has been hacked. I am not expert on this butis there a
> way to trace back to thier source ip.. etc..
>
>
> Regards
> Yasin
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
--
John Van Ostrand
At large on sabbatical
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200630/9b25d80f/attachment.htm>
More information about the kwlug-disc
mailing list