PDA

View Full Version : SPAM emails : Some advice



ricktas
04-02-2012, 6:49am
With a few threads discussing spammers at the moment and how they are getting smarter in the way they try and steal from you. I thought it might be prudent to show members something that can assist, if you are unsure about an email you receive.

Inside each email is a heap of 'hidden code', one thing this code has, is the IP address of the sender. Once you know how to access that code and check an IP address for its geo-location, it can assist in determining if an email is spam.

Note that IP addresses can be made to appear like another, so do not rely on this as a sole source of determining if an email is legitimate or not, but it can help.

In this example, I will show screens for Yahoo and Outlook. If you use other software, you may need google assistance in how to get to the header information, embedded within the email.

Now, inside each email is a hidden header, that header contains all sorts of information about the email, sender, etc. The bit we are going to look for is the senders IP address.

Here is a Yahoo email (spam) that I received, as an example. It is obviously spam, but in some cases, people can be unsure.

85081

In Yahoo to access the header information you click the tools menu (the little cog) and then choose 'view full header',
85082
and the following pop-up displays. As you can see it is mostly unreadable code, but there is in amongst that, some useful details.
85083

If you scroll down through the header details you will find an originating IP address (this is the IP address of the sender of the email, or their ISP at least. Once you have an IP address, you can geo-locate the sender.
85084

ricktas
04-02-2012, 6:59am
Now to geo-locate the IP address. There are many websites that let you search on an IP address to find out a generalised physical (planetary) location.

Some of them are:

http://whatismyipaddress.com/ip-lookup
http://www.geobytes.com/ipLocator.htm

But you can use another if you wish just google "IP Location" to find several.

It is worth noting that some of these IP location services will return different results for the same IP address. But as long as you get a general idea of where the sender is, then that is all that is needed.

So we copy the IP address into the IP seach box and do the search
85085

The result is we find our friendly watch seller, is located in Russia.
85086

As you can see this can be invaluable, and if a result is returned that is from Nigeria, China, Russia, India, Bangladesh and others, especially if the email sender is telling you they are somehwere else, then there is a fairly good chance your email is spam.

NOTE: As said above, an IP address can be made to appear to be somewhere other than were it is, so do not use the fact that an IP address is from 'nearby' as being a fact. The above is only ONE tool you can use to help you determine if an email is a scam, but do not rely on it as your sole source. Always be diligent and conscious of what information you give via email to someone you do not know, in real life.

ricktas
04-02-2012, 7:07am
In Outlook.

Right-Click on the email header that appears in Outlook, then click on Message Options, from the pop-up

85087

And there are the email header details, so you can scroll through and find the senders IP address.
85088

ameerat42
04-02-2012, 8:02am
A very interesting discourse, Rick. BUT, I always thought that if you opened an email it could then cause some "damage", depending on whether it contained any malware, or at least "phish". Are you saying it's (at least sometimes) OK to open suspect mail?

(Mine get even shorter shrift: suspicion = deletion w/o opening.)

Am.

ricktas
04-02-2012, 8:28am
A very interesting discourse, Rick. BUT, I always thought that if you opened an email it could then cause some "damage", depending on whether it contained any malware, or at least "phish". Are you saying it's (at least sometimes) OK to open suspect mail?

(Mine get even shorter shrift: suspicion = deletion w/o opening.)

Am.

Opening an email generally is not an issue, BUT opening an attachment is.

Often these attachements are EXE files, or ZIP files. Running an EXE file can add software to your computer. ZIP files are compressed files and when you unzip them, often they have an auto-installer embedded in them and thus again, you install something on your computer that you don't want.

The above is not the only filetype that can be an issue, but opening any attachment from an unknown source is not a good idea. Also attachments from friends, need to be considered carefully, as their email may have been hacked, and although the email comes from someone you know, it may not be safe.

ameerat42
04-02-2012, 12:14pm
OK. Ta for that. I didn't realise the email itself was not such a culprit.
A week ago I got a couple of emails from a friend who virtually never sends anything. Being (a) momentarily surprised (dope) I clicked on the enclosed link. It was something about working from home. Then I realised. The next one I deleted unopened, and also the next three. I contacted him and learnt that he had had some malware that had hijacked his contacts list. (Anyway, all fixed now.)
Am.

OzzieTraveller
04-02-2012, 5:08pm
Excellent information thankyou all above


.... remote images and content

Q- is this bit in your email options OR your windows internet options??
I can remember seeing this somewhere years ago, but where is the big Q

Regards, phil

Mark L
04-02-2012, 9:27pm
I highly recommend http://www.privacyharbor.com/
I don't really have a problem with spammers. Any email I receive from an address I haven't sent to, or previously accept from, is caught in a thing called Snapguard. I can preview them, then accept, discard or report as spam.
This kinda means that I'm notified of the emails from addresses I know, and can worry about the rest later.
It's w.w.w. based, so can be accessed from anywhere on the web.
AND IT'S FREE.
Note for anyone that investigates these folks. When sending an email, click on Private Email (at top left) to send via Common Email to make it easier for the recipient.
As has been said, don't open attachments from sources you're not sure of.

camerasnoop
15-02-2012, 11:28am
This is a good start, but if you also have a website and are inviting sales enquiries from any Joe Blow, then you are going to attract a lot of spammers and sorting the wheat from the chaff can be problematic. You don't want to get more spam than genuine enquiries, but you don't want to miss a sales opportunity either. I'm not a programmer, so obfuscating email addresses in my website was too difficult for me. Generally I follow the same process that Rick described so well above.

I take that one step further though and I ban that ISP from access to my website via the .htaccess file, and also delete or reject the mail from my mailserver before it gets into my inbox. Quite frankly I couldn't give a fat rat's arse if they can't see my website in Karachi or New Dehli. Before I banned all Indian IP's from access to my website, I could see them accessing my web pages via my stats package and two hours later, my just published email address would be getting hit with SPAM. Since banning 70% of the world's population (India, China, Pakistan, Bangladesh, Korea, Ukraine, Brazil, Canada, Mexico, and Colombia), my SPAM has reduced to bugger all. A little extreme, I know, butr my blood pressure has come down a few notches since doing it.