On Sun, 28 Mar 2004 10:01:35 -0500 jim tate mickeyboa@comcast.net wrote:
I have been recieveing Bogus email's to sign onto to my bank account, so someone can get my userid and password. My Bank say's these are bogus email's and not to respond to them. I have been recieveing them in Mozilla mail. How can I tell where these email will return to , should I reply or respond to info requested.
Look at the headers (go to "View...Headers...All" in Mozilla). The last "Received:" header will tell you the originating system. Here's a typical spam on my system:
Received: from ms-smtp-03.rdc-kc.rr.com (ms-smtp-03.rdc-kc.rr.com [24.94.166.129]) by amayatra.os2.dhs.org (8.12.11/8.12.8) with ESMTP id i2PFLA1s030205 for john@os2.dhs.org; Thu, 25 Mar 2004 09:21:10 -0600 (CST) (envelope-from vxxcek@jcpenney.com) Received: from ms-mss-01 ([10.15.8.21]) by ms-smtp-03.rdc-kc.rr.com (8.12.10/8.12.7) with ESMTP id i2OB7dtq019845 for john@os2.dhs.org; Wed, 24 Mar 2004 05:07:39 -0600 (CST) Received: from ms-mta-01 (ms-mta-01-smtp [10.15.8.71]) by ms-mss-01.rdc-kc.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id 0HV2007VRUWRZB@ms-mss-01.rdc-kc.rr.com for john@os2.dhs.org (ORCPT johnthompson@new.rr.com); Wed, 24 Mar 2004 05:07:39 -0600 (CST) Received: from kcmx03.mgw.rr.com (kcmx03.mgw.rr.com [24.94.165.192]) by ms-mta-01.rdc-kc.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id 0HV2002HAUWRCP@ms-mta-01.rdc-kc.rr.com for johnthompson@new.rr.com (ORCPT johnthompson@new.rr.com); Wed, 24 Mar 2004 05:07:39 -0600 (CST) Received: from 218-162-16-57.HINET-IP.hinet.net ([218.162.16.57]) by kcmx03.mgw.rr.com (8.12.10/8.12.8) with SMTP id i2OB7XUp029336 for johnthompson@new.rr.com; Wed, 24 Mar 2004 06:07:35 -0500 (EST) Date: Wed, 24 Mar 2004 16:06:56 +0500 From: Jeffry Price vxxcek@jcpenney.com Subject: Fwd: Get Any Pills. Our Doctors Write Prescriptions. Overnight FedEx. Secure. Discreet To: johnthompson@new.rr.com
The last Received: header shows that the email came from "218-162-16-57.HINET-IP.hinet.net" (IP address 218.162.16.57). Feed this IP address into "whois" to find out who is responsible for this spam:
[john@starfleet john]$ whois 218.162.16.57 [Querying whois.apnic.net] [Redirected to whois.twnic.net] [Querying whois.twnic.net] [whois.twnic.net] Chunghwa Telecom Data communication Business Group No.21, Hsin-Yi Rd., sec. 1 Taipei TW
Netname: HINET-NET Netblock: 218.162.0.0/15
Administrator contact: Chung Yung Kang (CYK-TW) cykang@ms1.hinet.net +886-2-2322-3442
Technical contact: Chung Yung Kang (CYK-TW) cykang@ms1.hinet.net +886-2-2322-3442
You can complain to the contacts listed, but I don't recommend trusting them. In many cases this will simply confirm your address as "live" and put you on more spam lists. Alternatively, you can forward the entire spam (all headers included) to your ISP, your bank, and the federal government's spam report address: uce@ftc.gov
Unless there's obvious fraud involved, I just use the information to feed my spam filter so the next one gets dumped before it hits my Inbox.