Re: can someone decipher this?
From: Johan De Meersman (johan@ops.skynet.be)Date: 06/26/02
- Previous message: Don Weber: "RE: NT4 Account keeps getting locked out!"
- In reply to: rcahanap@prodigy.net: "can someone decipher this?"
- Next in thread: Stef: "Re: can someone decipher this?"
- Next in thread: rcahanap@prodigy.net: "RE: can someone decipher this?"
- Reply: Stef: "Re: can someone decipher this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Jun 2002 10:47:00 +0200 From: Johan De Meersman <johan@ops.skynet.be> To: rcahanap@prodigy.net
It's called SPAM, and one usually ignores it :)
First, the 'Received:' headers are always ordered most-recent-first, so
you read those bottom to top. The mail originated at 131.95.135.162, was
sent through the smtp server at ocean.otr.usm.edu which forwarded it to
trinity.infinethosting.com, which I assume is your mail server.
'Date:' is pretty obvious, 'Message-id' is an internal id assigned to
the message by the smtp server - administrators can use this to trace it
in the logs.
'From:' provides you with the (probably fake) mail address that was
passed to the smtp server as originator of the mail.
You can undoubtedly guess what 'To:' and 'Subject:' are :)
'MIME-Version:' and 'Content-Type' have to do with how the contents of
the mail is structured.
'Return-Path:' I'm not entirely certain, but I believe this is where
server messages (such as non-delivery notices) should go. Presumably
fake as well, although spammers usually don't bother to put a different one.
Any attribute starting with 'X-', in this case only
'X-Originalarrivaltime:' is not part of the standard set of headers,
this one looks like being set by your mail application. I've never heard
of a 'FILETIME' - attribute, so I'm guessing you're using mickeysoft :)
rcahanap@prodigy.net wrote:
>Someone's been sending me these HTML type email with the IFRAME type tags.
>Here is one of the headers from the email. It seems that it is coming from
>some person with an account at USM.EDU named J.MARSHAK (all of the emails
>have the same type of heading). Can someone explained some, if not all of
>these heading information. (I purposely put XXXXXX@XXXXXX.COM to hide my
>personal information.)
>
>Thank you in advance.
>
>-Roberto
>
>-----------------------------------------------------
>
>Received: from ocean.otr.usm.edu ([131.95.82.42]) by
>trinity.infinethosting.com with Microsoft SMTPSVC(5.0.2195.4905);
> Mon, 24 Jun 2002 13:44:41 -0500
>Received: from Vcc ([131.95.135.162])
> by ocean.otr.usm.edu (8.11.6/8.11.6) with SMTP id g5OIgo231905
> for <XXXXXXX@XXXXXXX.com>; Mon, 24 Jun 2002 13:42:55 -0500
>Date: Mon, 24 Jun 2002 13:42:55 -0500
>Message-Id: <200206241842.g5OIgo231905@ocean.otr.usm.edu>
>From: tommyd <tommyd@webzone.net>
>To: XXXXXX@XXXXXX.com
>Subject: A special nice game
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary=O99lPXpKQzJDT73H4
>Return-Path: j.marshak@usm.edu
>X-OriginalArrivalTime: 24 Jun 2002 18:44:41.0206 (UTC)
>FILETIME=[3333E160:01C21BAF]
>--------------------------------------------------------
>
>
- Previous message: Don Weber: "RE: NT4 Account keeps getting locked out!"
- In reply to: rcahanap@prodigy.net: "can someone decipher this?"
- Next in thread: Stef: "Re: can someone decipher this?"
- Next in thread: rcahanap@prodigy.net: "RE: can someone decipher this?"
- Reply: Stef: "Re: can someone decipher this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
