Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

From grandpa in the village

Read: 703 Comments: 13 Rating: 36

Vanka folded his sheet of paper in four, and put it into an envelope
purchased the night before for a kopek. He thought a little, dipped the pen
into the ink, and wrote the address:
"The village, to my grandfather."

Vanka, by Anton Chekhov

Changing sender names and modifying message headers are among the most common tricks used by spammers. They prevent emails from being filtered out by blacklists. Yet the emails often keep coming from one and the same PC. How can that be? Surely, spammers create a new email account every time they send out a new mass spam mailing.

Well, actually, they don't. Information in the “From” field can be changed by a user and doesn't necessarily indicate a real sender address. In fact, to deliver emails, mail servers use information that is hidden from ordinary users.

In addition to the visible information located in the “From”, “To”, and “Subject” fields, every email includes technical data that normally won't be displayed to users but is necessary in order for the messages to be delivered to the intended recipients. Message headers contain information that indicates the sender and recipient addresses, the message route, encoding, the subject, etc. Anti-virus and anti-spam software can add data, too. All this information is transmitted by a mail server when the procedure to send an email begins. This is why it is called a header. Mail clients, which separate this information from the message body and hide it from users, only display a few fields such as “From”, “To”, and “Subject”.

But how can one determine who the real sender is?

Different mail client applications offer different ways to view message headers. Therefore, we’ll only consider one popular program of this kind—Microsoft Outlook.

Right-click on a message and in the drop-down list, select Options.

#drweb

You can also open an email in a separate window and then (depending on the version of Outlook) click File→Information →Properties or View→ Options.

In the newly appeared window, the “Internet headers” field will contain the information used by servers.

#drweb

The message sender can be determined using information from the following fields:

  1. Envelope-from (the header usually added to emails when the message is being delivered to the final recipient, when the very notion of an envelope has long been lost along with all the information it contains).
  2. From (without a colon)
  3. Sender, Resent-To, Resent-From, etc.
#spam #anti-spam #security

Dr.Web recommends

  • Common Internet protocols were designed in an era when few considered that criminals would use them to their advantage. Because of their simplicity, the protocols have become so incredibly widespread that it is highly unlikely they will be replaced by more secure ones (and protocols of this kind also exist).
  • Under the circumstances, users can only use up-to-date anti-virus and anti-spam software. In Dr.Web Security Space, anti-spam tasks are performed by the Dr.Web SpIDerMail component.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments