Other issues in this category (5)
From grandpa in the village
Vanka folded his sheet of paper in four, and put it into an envelope
purchased the night before for a kopek. He thought a little, dipped the pen
into the ink, and wrote the address:
"The village, to my grandfather."
Vanka, by Anton Chekhov
Changing sender names and modifying message headers are among the most common tricks used by spammers. They prevent emails from being filtered out by blacklists. Yet the emails often keep coming from one and the same PC. How can that be? Surely, spammers create a new email account every time they send out a new mass spam mailing.
Well, actually, they don't. Information in the “From” field can be changed by a user and doesn't necessarily indicate a real sender address. In fact, to deliver emails, mail servers use information that is hidden from ordinary users.
In addition to the visible information located in the “From”, “To”, and “Subject” fields, every email includes technical data that normally won't be displayed to users but is necessary in order for the messages to be delivered to the intended recipients. Message headers contain information that indicates the sender and recipient addresses, the message route, encoding, the subject, etc. Anti-virus and anti-spam software can add data, too. All this information is transmitted by a mail server when the procedure to send an email begins. This is why it is called a header. Mail clients, which separate this information from the message body and hide it from users, only display a few fields such as “From”, “To”, and “Subject”.
But how can one determine who the real sender is?
Different mail client applications offer different ways to view message headers. Therefore, we’ll only consider one popular program of this kind—Microsoft Outlook.
Right-click on a message and in the drop-down list, select Options.
You can also open an email in a separate window and then (depending on the version of Outlook) click File→Information →Properties or View→ Options.
In the newly appeared window, the “Internet headers” field will contain the information used by servers.
The message sender can be determined using information from the following fields:
- Envelope-from (the header usually added to emails when the message is being delivered to the final recipient, when the very notion of an envelope has long been lost along with all the information it contains).
- From (without a colon)
- Sender, Resent-To, Resent-From, etc.
- Common Internet protocols were designed in an era when few considered that criminals would use them to their advantage. Because of their simplicity, the protocols have become so incredibly widespread that it is highly unlikely they will be replaced by more secure ones (and protocols of this kind also exist).
- Under the circumstances, users can only use up-to-date anti-virus and anti-spam software. In Dr.Web Security Space, anti-spam tasks are performed by the Dr.Web SpIDerMail component.