Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Security - mx server and job scams

11:07 am on Feb 27, 2011 (gmt 0)

New User

10+ Year Member

joined:Jan 31, 2007
posts: 10
votes: 0

I'd like to find out if an email is a scam or not by looking at the email header and compare to look up MX information of the original domain, who the sender claims to be.
What information can be used to investigate, other than what I mention here ?

In the last email that I received about a job offer, the original header shows the email was send by a different mail smtp server than the domain name. I looked up on the MX server of the domain who claims to offer employment and it shows a different MX entry than what's in the email header. Its hard to know if the sender is authentic or not ?, but the offer is not suspicious.

( case study: For example, a little while ago I received another email from a different company, British American Tobacco, and it was one of those offers too good to be true and after some mail exchanges the other person did not respond anymore. Important is to never reveal the most important details about yourself in such a case, an advice for everyone!
When I checked original header of that mail it looked to originate from messagelabs.com, and I also looked up MX records and the company who also uses messagelabs.com for its mail server, but message labs customer care does only respond to clients so I could not investigate authenticity. Also on the contact page of BAC is a warning about scammers using their domain name, but its hard to guess if both entities use a paid mail service )
11:52 am on Feb 27, 2011 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2951
votes: 34

FWIW, all emails which I send are originating from another server--even on another continent--than the server specified in the MX record for those domains. Many other domains have such a setup where emails are sent via a local SMTP server but received on a central server. You should therefore look at other authenticity signals than the MX record.