Reading
E-Mail Headers || Support
Home
There
is usually some confusion about how to read
the message "headers" in
messages that you don't want. It was suggested that you
can blacklist the "sender" of such messages and avoid
getting them in the future.
This
may or may not be true. In most instances, the sender
is forged or fake. So setting your Barracuda preferences
to block mail from "cheerful.com" would likely have no
effect. Read on to see why.
Reading The Headers
In the message below, the dark red boxes show
where the sender wants you to think the message is
from. The light-shaded box shows you where the message
is really from. As
you can see for yourself, the message originated
from somewhere on Southwest Bell's network (swbell.net).
So if you were going to complain, complaining to
or blocking "cheerful.com" would
be a waste of time, as this message originated
from swbell.net, not from cheerful.com. 
Now,
you might ask yourself, what if "cheerful.com" is
some company buying connectivity from swbell.net or
some sort of sub-tenant of some ISP that has a DSL
line with Southwest Bell?
Using
a variety of available network snooping tools, I
did a lookup for "cheerful.com" and received
the information shown below:
As
you can see from the graphic, this tells me that
the spam sender just made up a fake domain, or if
they had a domain called "cheerful.com" their
ISP has already pulled the plug on it due to complaints.
If you try to visit www.cheerful.com you
will see there is no such place.
Accordingly,
in this situation, I contacted "abuse@swbell.net" and
told them that someone on their network was sending
spam from a forged return address. If you feel you
have validly traced a message back to the offending
network and need to know who to contact to send your
complaint, most of that can be looked up using one
of the WHOIS databases that maintain records of each
domain and its network administrator. For more information,
start with ARIN or RIPE or APNIC and
work your way on from there.
|
