Re: THOSE DARN ANNOYING EMAIL VIRUSES!

From: Barry Margolin (barry.margolin_at_level3.com)
Date: 08/25/03 

Date: Mon, 25 Aug 2003 15:07:30 GMT

In article <bi8mb0$fu9$1@string.physics.ubc.ca>,
Bill Unruh <unruh@string.physics.ubc.ca> wrote:
>chris@nospam.com writes:
>
>]On Sat, 23 Aug 2003 01:31:40 GMT, "Captain Jean-Luc Picard"
>]<ussenterprise@starfleet.com> wrote:
>
>]>I wish like heck that they can find out what idiots are sending those email
>]>viruses. I've been getting bounced email sent to my in box for the last
>]>several days and it's really starting to be annoying. They should hang these
>]>people by their feet in the public square.
>
>]Try looking at the headers of the emails. You'll likely see the IP
>]address of the actual sender.
>
>Uh, no, you will find the machine, infected by the virus, which sent your
>particular email. They are as innocent as you are, except for running
>Windows.

Actually, if the messages that you're getting are the bounces, you won't
see the infected machine's IP either. Infected Machine A sends email to
user@somedomain.com, with forged sender address you@yourdomain.com. If
user@somedomain.com is an invalid address, you get a bounce message from
the somedomain.com mailserver. Machine A's IP is not in the header of this
message.

If the bounce message contains in its body the full headers of the incoming
message, Machine A's IP might be in the topmost Received header of the
enclosed message. But most of the bounce messages I've been getting don't
have such complete enclosures. 

-- 
Barry Margolin, barry.margolin@level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Relevant Pages

  • Re: Jeff McAfee of ClassicArcades, please explain the following message.
    ... I can explain how to view headers in your email ... Don't even try to blame this on someone "hacking your website" as this ... I await your explanation with extreme ... Bounce message follows: ...
    (rec.games.pinball)
  • Correction Re: chronic irritation : pine making attachments
    ... and how can this treatment be ... headers are set to "on"? ... Apparently the bounce message itself had attachments, ... that, because they were text, so that pine made nice and showed them to ...
    (comp.mail.pine)
  • RE: [SLE] [Fwd: Undelivered Mail Returned to Sender]
    ... list generates a bounce message back to the list (in addition, hopefully, to ... The person in this case was/is subscribed and is now bouncing email ... back to the list because they are to stupid/ignorant to unsubscribe from ... Check the headers for your unsubscription address ...
    (SuSE)
  • RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
    ... Even if the sender is in the US, spoofing headers is relatively easy, so ... even if Yahoo cooperates in the investigation, ... Typically, log files are not kept very long, and only a law enforcement ... You need to get the original headers from the recipient of the message. ...
    (Security-Basics)
  • Re: Outlook 2003 email listing ALL previous posts on topic, etc.
    ... plus every earlier one sent by that sender. ... lists the address of every email on topic that preceeded the one received, plus every earlier sent by that sender." ... So are you talking about the original message getting quoted by the first respondent that forwarded or replied, and then that 2nd message again getting quoted by the next person that forwarded or replied, and so on which leaves a series of indented e-mails when each person quoted the content of the e-mail that they got along the entire chain of recipients? ... that quoted content with a subset of the headers for that original message, like From, To, Cc, Subject, and Date. ...
    (microsoft.public.outlook)