|
E-MAIL HEADERS
An e-mail header is more than "From:" , "To:", "Date:" and "Subject".
A complete e-mail header may indicate where a message comes from physically (though this can be faked or "spoofed").
This is not the same thing as the name of the e-mail provider.
You can sign up for a webmail account with Yahoo Canada, or Rediffmail (an Indian mail provider) or any mail provider in the world, no matter where you are physically. Yahoo or Rediffmail will handle the mail; but they are not where the message starts out. Someone has to provide the actual connection to the internet before the scammer can even see the Yahoo or Rediffmail web page.
This connection to the internet could be a cybercafe in Lagos, or Amsterdam, or anywhere.
Normally your e-mail reader (which may be a included in a web browser, or may be a stand-alone specialized program such as Eudora, Entourage or Apple Mail) will not show you the headers. It's messy stuff (see below).
You can make them show up more or less easily, depending on the program. It could be a matter of toggling an icon, or clicking a preference, or setting a (perhaps deeply nested) menu option. Investigate your settings, or consult your ISP.
>Received: from web21309.mail.yahoo.com ([216.136.173.254]) by
>arts3.arts.state.tx.us with SMTP (Microsoft Exchange Internet Mail Service
>Version 5.5.2650.21)
> id CRR9DYQV; Wed, 6 Feb 2002 05:43:03 -0600
>Received: from [193.110.2.40] by web21309.mail.yahoo.com via HTTP; Wed, 06
>Feb 2002 03:43:03 PST
>Message-ID: <20020206114303.57413.qmail@web21309.mail.yahoo.com>
>Date: Wed, 6 Feb 2002 03:43:03 -0800 (PST)
>From: ibunor onanefe
>Subject: Business Transaction
>To: A Kindly Contributor
>MIME-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
193.110.2.40 (the number in [brackets] is possibly the originating ip address. You can then query ARIN ( www.arin.net ) or, more likely, RIPE ( www.ripe.net ) or AFRINIC ( www.afrinic.net ) directories for North American and European-African addresses, respectively. (South African IP addresses are often found in ARIN, though.)
The result in this case:
inetnum: 193.110.2.0 - 193.110.3.255
netname: PRODIGY-01
descr: Prodigy International
descr: Nigeria
country: NG
admin-c: LCM2-RIPE
tech-c: TO32-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-by: AS12491-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: AS12491-MNT
notify: lir@ipplanet.net
changed: hostmaster@ripe.net 20011106
source: RIPE
person: Larry Chidi-Maha
address: Prodigy International
address: 8 Oduduwa Way
address: Gra, Ikeja
address: Lagos, Nigeria
phone: +234 4939653
fax-no: +234 4939654
e-mail: larry@prodigy2000.com
nic-hdl: LCM2-RIPE
notify: lir@ipplanet.com
changed: lir@ipplanet.com 20011024
source: RIPE
person: Tony Olisamah
address: Prodigy International
address: 8 Oduduwa Way
address: Gra, Ikeja
address: Lagos, Nigeria
phone: +234 4939653
fax-no: +234 4939654
e-mail: tony@prodigy2000.com
nic-hdl: TO32-RIPE
notify: lir@ipplanet.com
changed: lir@ipplanet.com 20011127
source: RIPE
The ISP is not necessarily promoting a scam. ISPs are exploited all the time. Someone can walk into a cybercafe, send off a barrage of spam, and walk out. In some parts of the world, cybercafes are inundated with scammers. This may or may not be the fault of the cybercafe operator.
Scams and spams eat up their time and presumably profits.
Also note that originating IPs can be spoofed, making it harder to follow the trail.
Before firing off angry letters, breathe deeply, consult the ISP's abuse policy if available, then send a polite letter alerting the ISP to an abuse of its services and including the complete header to prove your point. ISPs will often cancel the accounts of spammers.
Don't bother responding to spammers, it just encourages them.
|
|