On Sun, 28 Mar 2004 10:01:35 -0500
jim tate <mickeyboa@xxxxxxxxxxx> wrote:
> I have been recieveing Bogus email's to sign onto to my bank account,
> so someone can get my userid and password.
> My Bank say's these are bogus email's and not to respond to them.
> I have been recieveing them in Mozilla mail.
> How can I tell where these email will return to , should I reply or
> respond to info requested.
Look at the headers (go to "View...Headers...All" in Mozilla). The last "Received:" header will tell you the originating system. Here's a typical spam on my system:
Received: from ms-smtp-03.rdc-kc.rr.com (ms-smtp-03.rdc-kc.rr.com [24.94.166.129])
by amayatra.os2.dhs.org (8.12.11/8.12.8) with ESMTP id i2PFLA1s030205
for <john@xxxxxxxxxxx>; Thu, 25 Mar 2004 09:21:10 -0600 (CST)
(envelope-from vxxcek@xxxxxxxxxxxx)
Received: from ms-mss-01 ([10.15.8.21])
by ms-smtp-03.rdc-kc.rr.com (8.12.10/8.12.7) with ESMTP id i2OB7dtq019845
for <john@xxxxxxxxxxx>; Wed, 24 Mar 2004 05:07:39 -0600 (CST)
Received: from ms-mta-01 (ms-mta-01-smtp [10.15.8.71])
by ms-mss-01.rdc-kc.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
with ESMTP id <0HV2007VRUWRZB@xxxxxxxxxxxxxxxxxxxxxxx> for john@xxxxxxxxxxx
(ORCPT johnthompson@xxxxxxxxxx); Wed, 24 Mar 2004 05:07:39 -0600 (CST)
Received: from kcmx03.mgw.rr.com (kcmx03.mgw.rr.com [24.94.165.192])
by ms-mta-01.rdc-kc.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
with ESMTP id <0HV2002HAUWRCP@xxxxxxxxxxxxxxxxxxxxxxx> for
johnthompson@xxxxxxxxxx (ORCPT johnthompson@xxxxxxxxxx); Wed,
24 Mar 2004 05:07:39 -0600 (CST)
Received: from 218-162-16-57.HINET-IP.hinet.net
([218.162.16.57])
by kcmx03.mgw.rr.com (8.12.10/8.12.8) with SMTP id i2OB7XUp029336 for
<johnthompson@xxxxxxxxxx>; Wed, 24 Mar 2004 06:07:35 -0500 (EST)
Date: Wed, 24 Mar 2004 16:06:56 +0500
From: Jeffry Price <vxxcek@xxxxxxxxxxxx>
Subject: Fwd: Get Any Pills. Our Doctors Write Prescriptions. Overnight FedEx. Secure. Discreet
To: johnthompson@xxxxxxxxxx
The last Received: header shows that the email came from "218-162-16-57.HINET-IP.hinet.net" (IP address 218.162.16.57). Feed this IP address into "whois" to find out who is responsible for this spam:
[john@starfleet john]$ whois 218.162.16.57
[Querying whois.apnic.net]
[Redirected to whois.twnic.net]
[Querying whois.twnic.net]
[whois.twnic.net]
Chunghwa Telecom Data communication Business Group
No.21, Hsin-Yi Rd., sec. 1
Taipei
TW
Netname: HINET-NET
Netblock: 218.162.0.0/15
Administrator contact:
Chung Yung Kang (CYK-TW) cykang@xxxxxxxxxxxxx
+886-2-2322-3442
Technical contact:
Chung Yung Kang (CYK-TW) cykang@xxxxxxxxxxxxx
+886-2-2322-3442
You can complain to the contacts listed, but I don't recommend trusting them. In many cases this will simply confirm your address as "live" and put you on more spam lists. Alternatively, you can forward the entire spam (all headers included) to your ISP, your bank, and the federal government's spam report address: uce@xxxxxxx
Unless there's obvious fraud involved, I just use the information to feed my spam filter so the next one gets dumped before it hits my Inbox.
--
-John (JohnThompson@xxxxxxxxxx)
