Finding out original source of e-mail

Joel rees at ddcom.co.jp
Wed May 18 20:52:41 PDT 2005


> OK....this might not be the right place to aqsk this questions. 
> But, I'm trying to find the true souce of this e-mail.....is it
> possible to do this?
>  
> Thank you
>  
>  
> http://[looks_like_address_of_message_in_online_mailbox]

Not a good idea to put urls like that in public places. If the session
is handled right, others can't see it. If the session is handled wrong,
it could let arbitrary people get into your mail account.

> The original message was received at Tue, 17 May 2005 15:29:57 -0400 (EDT)
> from root at localhost
> 
> 
> *** ATTENTION ***
> 
> Your e-mail is being returned to you because there was a problem with its
> delivery.  The address which was undeliverable is listed in the section
> labeled: "----- The following addresses had permanent fatal errors -----".

I've seen a lot of these lately with attachments that purport to be
either the mail being returned or some program for fixing whatever
problem caused the bounce. 

DO NOT OPEN THOSE ATTACHMENTS!! (Except perhaps with a hex editor from
the command line, if you have a hobby of analyzing malware. Better to
view the source, though.)

If there is an attachment, assume it's malware. The bounce is probably not
a bounce from a joe job, is probably not a real bounce at all. It is
probably actually a spoofed bounce, yet another way to phish.

--
Joel Rees   <rees at ddcom.co.jp>
digitcom, inc.   株式会社デジコム
Kobe, Japan   +81-78-672-8800
** <http://www.ddcom.co.jp> **

Give a man a phish and he eats your lunch.
Teach a man to phish and, ... no, wait. Don't do that.



More information about the freebsd-questions mailing list