How to decode Spam Headers

Spammers know that they can be tracked through the “Received:” lines in the headers. Therefore, they often attempt to obfuscate the headers to confuse matters. Although “Received:” headers can also be forged, it is somewhat more difficult than simply forging the return address.

Most of your incoming email (including junk email) will have a total of only two “Received:” lines in the headers: One generated by your ISP’s incoming mail machine (indicating the address of the spammer’s outgoing SMTP server), and one generated by the outgoing SMTP server indicating the originating IP. Although not unheard of, you should be suspicious of any additional “Received:” headers below the second one. Sometimes, you will only find one “Received:” line in the headers. This is because some spam software runs the outgoing mail server right on the spammer’s PC (so they can avoid anti-bulk-email measures in place on their ISP’s outgoing mail server).

Read more>>

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies