I've just realised I wrote "been" instead of "being".

You're pretty much stuck with them then.

A spoof attack is carried out by sending hundreds of emails to random addresses with a spoofed reply to address. Many of the addresses are false, so the victim will then receive mail failure messages. The full headers of the original email will reveal the true source. Many mail delivery failure contain the full headers of the original mail. The recipient of the email will also be able to obtain the full headers.

In Outlook express, right click on the message, select properties and then the Details tab. Once there click on the Message Source button to allow you to expand the full message.


Full email headers should look something like this:

From jblogss@nnnn Sun Feb 21 07:02:29 1999 Received: from mail10.svr.pol.co.uk (mail10.svr.pol.co.uk [195.92.193.214]) by newsguy.com(8.9.1a/8.9.1) with ESMTP id HAA02478 jbloggs@nnnn for ; Sun, 21 Feb 1999 07:02:28 -0800 (PST) Received: from modem-86.death.dialup.pol.co.uk([62.136.193.86] helo=default) by mail10.svr.pol.co.uk with smtp (Exim 2.10 #1) id 10EaOm-0004st-00 for changedagain@nnnnn; Sun,21 feb 1999 15:02:25 +0000 Message-ID: <00a401be5dab10fd9e8002000003@ peterste> From: "Joe Bloggs" jblogs@nnnn To: "Betty Boo" jblogs@nnn Date: Sun, 21 Feb 1999 15:01:30-0000

The email headers show the path that the message has taken from the sender to the recipient. To identify where the email actually originated from you need to identify the originating IP address. Please note that the line must begin "Received: from…" and not "Received: by…"

In the example above the originating IP address is 62.136.193.86 and the email was sent on 21 Feb 1999 15:02:25 +0000 (this date is the first date that appears after the originating IP address, not the date in the "Date:" field).


Close this, and use a Lookup whois facility, such as www.dnsstuff.com, arin, internic etc. By entering the website or ip address in these search facilities you can find out the registered owners of the server. These normally have an abuse email address, or administrators email address that you can use. You better of copying the whole message and send it in your email asking for this to be stopped.

Open relay.

Etiquette is to e-mail the postmaster address at the originating domain first. They will usually deal with any mail related problems. The registrant info should be used as a last resort. If they ignore any e-mails to postmaster, the registrants e-mail address would probably be ignored just the same anyhow.

If it is just distributed clients that are sending the mails, however, he's not going to stop them.

Thanks for this comprehensive reply. I will look at this tomorrow and see what I can do.

It's $$$$$$ anoying, especially when you know FA about computers, like me!!!

Cheers mate.

didnt mean the open source to be read as in source code, but as you say open relay.
PS; if the message header does stipulate your email address as a received from, then you do probably have a virus and need to scan your machine

No Probs...

who do you use for your email? (the bit after the @ symbol!) some ISPs and mail providers have a system in place that help filter spam alternitivly..you may be able to block these types of messages using a filter or script..

do you use outlook..or do you check your mail on the web?

the surefire way to stop it is to change your email addy!...altho this in itself can be a pain if you have given it out to many people etc..

i get loads of it to my domain...and have a load of scripting that helps filter most of it out..but still some gets thru

as for Pannash the rash...ive never heard of it?....so im guessing its long gone!....

I work in MK!...Crownhill!


hope this helps...

S

I'm with Wanadoo, and use outlook express. I have just (today) installed McAfee internet security suit. The last time I renewed it I did it online, since then it started playing up.

Today, I un-installed the whole lot, including Windows Defender, Spybot, Ad Aware SE, the old McAfee stuff, and Microsoft Security Baseline Analizer. I bought the security suit in disc form and loaded that up first, then reloaded all the other stuff.

Something must have happened, as I got 49 messages in my inbox that go back 3 months that I've not seen before?????


I'm running McAfee scan at the moment and so far it's picked up 35 "Items Detected".

I'm hoping this will sort it out. The security suit has a spam filter etc.

I got McAfee QuickClean with it free, whats this used for???

Cheers mate.



PS Pannash was the Nightclub just off the main high street on the same side as the record shop (spin-a-disc???) through a little alley!!

I have found out that since Wanadoo [french subsidiary] for orange was changed over to the "orange domain", I also get loads of spoof emails. i have been with them since the old dial-up days and its getting worse.

Trouble is the government had a chance to put a stop to a lot of spam when it went to the committee [they're tryin to do something now within the EU], but they backed down on the advice of the CBI / Business in terms of Marketing use.

As most spam is from out of the EU there is very little they can do

Sounds like your making progress keep us posted how you get on....

QuickClean just cleans up windows by deleting temp files..clearing out cookies etc..itsa ment to improve performance...

Abingdon St...i know span-a-disc (think its still there!) but not heard of the nightclub...then i only moved here 6 years ago...used to live in Daventry..so might have been before my time...


good luck with the PC anywho

In the beginning there was freeserve & everyone was relatively happy, then came wanadoo & it wasn't so bad....... then orange took over wanadoo (sobs uncontrollably) nightmare indian call centres etc, if it wasn't for the fact that I get free broadband because of my phone contract I'd have left them a long time ago (on the other hand they're all as bad as each other)

PS dump express & get a copy of outlook or eudora

Not specifically correct. The cheap and cheerful service providers are pretty much the same. (What can you expect when you pay practically bugger all per month, though). However, there are some exceedingly good ISP's out there. It is generally a case of, however, that you get what you pay for.

Must admit that in this area aol is great .................but when i want to play (eg chatroom ) its awful

Spam

This morning turned on my computer and received 52 emails of which Spamfighter put 48 in Spam folder and only missed one. Atleast i do not have to open every email in Spam folder as with just a quick check i can see if it has put any emails which are not Spam in wrong folder. Over a year it has done this only twice. Spamfighter is free, just type name in Google and then download. Can highly recommend it and saves you time. I also only use Esset NOD32 Antivirus System, which was recommended to me by someone in Computer trade and it is very good. No conflicts and also no popups ever.
Hope this is a help.
Rgds Philip

I have my own (not politically correct) way of dealing with these.
Picking up the return address from the expanded header I then forward the email back to this address. I appreciate that, in some cases, the recipient is not actually the original sender but as the are all, mainly, foreign (Russia, Australia, Netherlands etc) what the hell! If only a few get back to the right place I'm happy to clog their mailbox.
Maybe if everyone did it they might get fed up.
The solution is with the ISPs as they could track these back to their origin quite easily and, if the gave us a return to sender button, we could swamp them!
Ken