|
PureBytes Links
Trading Reference Links
|
Yes, one can easily assume other identities by changing the option fields of most mail
programs. You can do the same thing to post anonymously on Usenet. But for email, the
original header can usually be traced like below. If an email is suspected as having a
spoofed address then you need to look at the actual header. In this example, it looks
like a complaint would be made to Benoit Guitardat France Telecom. He could likely
resolve the actual email address of the sender. Of course, some spammers have ways to
totally obliterate all traceable info but I am not sure how this is done. I don't think
it is easy.
http://www4.ncsu.edu/~aiken/antispam.html is a good page for worldwide whois links and
general anti-spam tips.
Is your email address gras1-100@xxxxxxxxxxx by chance?
Received: from gras1-100.abo.wanadoo.fr [193.252.133.100] by aralia.wanadoo.fr
for Paris Thu, 15 Jan 1998 07:39:15 +0100 (MET)
domain: wanadoo.fr
descr: France Telecom Interatcive
descr: 41, rue Camille Desmoulins
descr: 92442 Issy Les moulineaux cedex
admin-c: Benoit Guitard
tech-c: Patrice Robert
zone-c: Annie Renard
nserver: ns.wanadoo.fr 193.252.19.10
nserver: ns2.wanadoo.fr 193.252.19.11
nserver: ns.wanadoo.com
nserver: ns2.wanadoo.com
mnt-by: FR-NIC-MNT
changed: Vincent.Gillet@xxxxxxxx 19970512
source: RIPE
person: Benoit Guitard
address: France Telecom Interactive
address: 41, rue Camille Desmoulins
address: 92442 Issy les Moulineaux cedex
address: France
phone: +33 1 41 33 39 00
fax-no: +33 1 41 33 39 93
e-mail: benoit.guitard@xxxxxxxxxxx
mnt-by: RAIN-TRANSPAC
changed: pichon@xxxxxxx 960814
changed: noc@xxxxxxx 970505
source: RIPE
JW
abprosys@xxxxxxx
Received: from relay2.mailsrvcs.net ([192.168.129.41]) by mta2.gte.net
(Intermail v3.1 117 234) with ESMTP
id <19980115065112.FTLA5346@xxxxxxxxxxxxxxxxxxxx>;
Thu, 15 Jan 1998 00:51:12 -0600
Received: from accessone.com (list.listserver.com [198.68.191.15])
by relay2.mailsrvcs.net with ESMTP id AAA15776;
Thu, 15 Jan 1998 00:51:11 -0600 (CST)
Received: from localhost (localhost [127.0.0.1])
by accessone.com (8.8.5/8.8.5/PIH) with SMTP id WAA15774;
Wed, 14 Jan 1998 22:46:35 -0800 (PST)
Received: from smtp.wanadoo.fr (smtp.wanadoo.fr [193.252.19.36])
by accessone.com (8.8.5/8.8.5/PIH) with ESMTP id WAA15290;
Wed, 14 Jan 1998 22:41:37 -0800 (PST)
Received: from aralia.wanadoo.fr (aralia.wanadoo.fr [193.252.19.42])
by smtp.wanadoo.fr (8.7.5/[France Telecom Interactive]) with ESMTP id HAA03643
; Thu, 15 Jan 1998 07:41:23 +0100 (MET)
Received: from gras1-100.abo.wanadoo.fr [193.252.133.100] by aralia.wanadoo.fr
for
Paris Thu, 15 Jan 1998 07:39:15 +0100 (MET)
Message-Id: <34BDB3DD.75@xxxxxxxxx>
Date: Thu, 15 Jan 1998 07:59:41 +0100
Reply-To: boggio@xxxxxxxxx
Sender: owner-realtraders@xxxxxxxxxxxxxx
From: "G. John Boggio" <boggio@xxxxxxxxx>
To: RealTraders Discussion Group <realtraders@xxxxxxxxxxxxxx>
Subject: THIS IS AN IDENTITY TEST: WHO AM I?
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-To: listproc@xxxxxxxxxxxxxx
X-Cc: RealTraders Discussion Group <realtraders@xxxxxxxxxxxxxx>,
eddiekwong@xxxxxxxxxxxxxxx, boggio@xxxxxxxxx
X-Mailer: Mozilla 2.02E [fr]-NAVIGATEU (Win95; I)
X-Listprocessor-Version: 8.1 -- ListProcessor(tm) by CREN
THIS IS A TEST TO SEE IF I CAN ASSUME YOUR IDENTITY.
Dear John,
Please forgive me, but I had to try to see if it works. I just deleted
my own name address and put yours in, in my options window. To be sure I
did not include your end of message text file but could have done so as
well.
Instead of "THIS IS A ID TEST", one can easily imagine another message
starting with "unsusb... RT"...
If it works, you should check into changing procedures!
Friendily, :-)
Gwenaël Gautier
|