[lug] Reading e-mail headers.

John Dollison johndollison at hotmail.com
Sat Aug 31 23:45:10 MDT 2002


I usually access my Hotmail account via Outlook Express, and if I
right-click on an e-mail, select "Properties", then select "Details", it
gives me the header info.  I already assumed the "From" and "Reply To"
addresses were forged, that's why I was wondering what info could be gained
from the rest of the header.  But I think Hotmail only provides a compressed
version, unless I go into the Options to change it.   And at this point, it
doesn't really matter, since Norton caught the virus before it did anything,
and the e-mail was deleted.  I just think it would be good for me to
understand how to read and "backtrack" header info; it seems like an
important skill.

(But I'm getting much better with Linux, and now I use it about 40% of the
time, so I'm getting better!  I'll beat this Windows addiction yet!)

John D.


----- Original Message -----
From: "D. Stimits" <stimits at attbi.com>
Sent: Saturday, August 31, 2002 2:01 PM
Subject: Re: [lug] Reading e-mail headers.


Are you sure this is the *full* header, and not a brief view or normal
view? About all I could say from the above is that vmadmin.com has IP
216.64.206.101, and that the named dotted decimal IP addresses do not
have that value. Most of these virii lie about who sent it anyway, so
iworks at vmadmin.com is probably just another email address the virus was
aware of, and it used that in the reply-to field. The named addresses
with dotted decimal format to the side of them seem to be valid, but
those are just part of the route. pcscom.com is 64.77.28.139, which is
closest to smtp2.netservers.net, but that doesn't mean much (FYI,
chuck at pcscom.com is also registered as the admin contact for domain
pcscom.com, you could probably email a full header to him and ask for
help figuring it out, but this does not look like a full header...how
did you obtain this header?).

D. Stimits, stimits AT attbi.com

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: lug.boulder.co.us port=6667 channel=#colug




More information about the LUG mailing list