view full headers in Outlook

Forum Moderators: open

Message Too Old, No Replies

view full headers in Outlook

i just got my first spam at a clean addy and want to know WHO sent it

dragonlady7

3:31 pm on Sep 15, 2003 (gmt 0)

I know I did this once. Outlook doesn't show you the full headers of a message but I know you can browbeat it into showing them to you. I did it once by accident. How do you get it to do it?

I'm racking my brain trying to figure out how the heck this email address got onto a junk sender's list. Yeah, it's only one email now, but I'll be getting fifty a day before you can blink, and I hate spam. It's my primary email address, the one I use for my mom and my immediate family, and the one I don't give out to *any*body. So how could it have been compromised?
ARGH!

In the meantime, i want to kill the $()%(#*@&! who sent me this spam, while I have just one and the energy to hunt it down. Outlook is not being helpful. How do I get to the full headers? They're certainly well-hidden...

Fiver

3:34 pm on Sep 15, 2003 (gmt 0)

cant remember outlook.
outlook express its just

right click: properties
tab: details
message source

RoadRash

3:34 pm on Sep 15, 2003 (gmt 0)

Right click on the title of the email, then select options.

[edited by: RoadRash at 3:35 pm (utc) on Sep. 15, 2003]

benihana

3:34 pm on Sep 15, 2003 (gmt 0)

i think:

with the message open (i.e. not in preview but in its own window) click view > options

dont have outlook to hand to test though..

ben

dragonlady7

3:57 pm on Sep 15, 2003 (gmt 0)

Thanks so much, found it right away. In the message list, select the message and right-click, and select "options".

I got the full headers. Don't really know what that means. Anyone got any information about freeserve.fr?

bcolflesh

4:02 pm on Sep 15, 2003 (gmt 0)

That's an ISP in France - I believe Wanadoo is their parent - why don't you post the actual headers - is that against TOS?

dragonlady7

4:51 pm on Sep 15, 2003 (gmt 0)

I found freeserve.fr and was poking around the site, but it was entirely in french, which I don't speak. I finally found a contact address and sent them a copy of the email and the full headers. I don't know that they'll have a clue what to do with it, and I don't know that the headers weren't forged (I looked them up online and noticed a couple of newsgroup-style postings about spam received from them, but was unsure about what that meant). My initial Google search for freeserve.fr turned up a WebmasterWorld post about it as a new ISP! But not the domain itself. Which had me wondering if they'd been penalized, but their homepage seems to have a PR of 6...

>why don't you post the actual headers - is that against TOS?

I don't know. Is it? TOS #9 says "# Email excerpts of ANY type or length are not allowed " But I'm not excerpting the email content at all.
So, I'll put them up here in hopes of receiving some insight, but won't feel bad if they're deleted. I don't want to cause trouble, I just don't really understand header-forging and want to know who really sent this to me.

Return-Path: <joebello@freesurf.fr>
Received: from fidel.freesurf.fr (fidel.freesurf.fr [212.43.206.16])
by [this is my ISP] (8.12.9/8.12.9) with ESMTP id h8FFMmgB026344
for <[this is my email address]>; Mon, 15 Sep 2003 11:22:48 -0400 (EDT)
Received: from freesurf.fr (jose.freesurf.fr [212.43.206.13])
by fidel.freesurf.fr (Postfix) with SMTP
id B08932A976C; Mon, 15 Sep 2003 17:22:01 +0200 (CEST)
Received: from 193.220.188.190 (proxying for 192.168.1.89)
(SquirrelMail authenticated user joebello)
by jose.freesurf.fr with HTTP;
Mon, 15 Sep 2003 17:22:02 +0200 (CEST)
Message-ID: <45187.193.220.188.190.1063639322.squirrel@jose.freesurf.fr>
Date: Mon, 15 Sep 2003 17:22:02 +0200 (CEST)
Subject: From Mr J.C.Bello
From: <joebello@freesurf.fr>
To: <joebello@freesurf.fr>
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Mailer: SquirrelMail (version 1.2.5)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Any insight? What's that mean? Is it really from who it says it is?

weblamer2

4:58 pm on Sep 15, 2003 (gmt 0)

Remember, some spammers simply send out thousands of mails to generated addresses. They simply get a word list of names, and mix em together and sends em to various domains.

I get over 300 pieces of spam a day.

weblamer2

5:02 pm on Sep 15, 2003 (gmt 0)

Also, is this a free email account?

Free accounts often get spam anyways.

why do you think they are 'free'?

dragonlady7

5:25 pm on Sep 15, 2003 (gmt 0)

My email account is with a small, local ISP. There are probably under a hundred users. It's not an intuitive domain name. My name in front of the domain name is not an easily-guessed combination of letters. It's not a free account; I pay $60 a month for my DSL and it's in with that package.
The free account I use to sign up for lists is fine. I haven't received a piece of spam in nearly a year, because I've been so careful with my addresses. Which is why I'm so mad. Somebody, somewhere, leaked my address, and I want to find out who.

Fiver

9:30 pm on Sep 15, 2003 (gmt 0)

given the circumstances, it's not likely, but a bot could have procured the address

not an easily-guessed combination of letters

the above is what makes me think this possibility is rather unlikely but:

a 'dig' could have been done on your isp's servers, which acts as though it's going to send an email, but only gets to the point of asking the sever if said user exists. Similar to a 'crack' attack, the spammer sets a dictionary or word generator on the server and sucks out what exists at the domain, to be spammed later.

thing is... it's only really effective on huge isps with loads of addresses.

sure the address didn't get typed into a website at some point? even by your isp itself? (not unheard of)