Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 May 2005 12:52:39 +0900
From:      Joel <rees@ddcom.co.jp>
To:        freebsd-questions@freebsd.org
Subject:   Re: Finding out original source of e-mail
Message-ID:  <20050519123818.B99A.REES@ddcom.co.jp>
In-Reply-To: <8C72933FE6C89D0-B0C-45179@FWM-D38.sysops.aol.com>
References:  <8C72933FE6C89D0-B0C-45179@FWM-D38.sysops.aol.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> OK....this might not be the right place to aqsk this questions. 
> But, I'm trying to find the true souce of this e-mail.....is it
> possible to do this?
>  
> Thank you
>  
>  
> http://[looks_like_address_of_message_in_online_mailbox]

Not a good idea to put urls like that in public places. If the session
is handled right, others can't see it. If the session is handled wrong,
it could let arbitrary people get into your mail account.

> The original message was received at Tue, 17 May 2005 15:29:57 -0400 (EDT)
> from root@localhost
> 
> 
> *** ATTENTION ***
> 
> Your e-mail is being returned to you because there was a problem with its
> delivery.  The address which was undeliverable is listed in the section
> labeled: "----- The following addresses had permanent fatal errors -----".

I've seen a lot of these lately with attachments that purport to be
either the mail being returned or some program for fixing whatever
problem caused the bounce. 

DO NOT OPEN THOSE ATTACHMENTS!! (Except perhaps with a hex editor from
the command line, if you have a hobby of analyzing malware. Better to
view the source, though.)

If there is an attachment, assume it's malware. The bounce is probably not
a bounce from a joe job, is probably not a real bounce at all. It is
probably actually a spoofed bounce, yet another way to phish.

--
Joel Rees   <rees@ddcom.co.jp>
digitcom, inc.   $B3t<02q<R%G%8%3%`(B
Kobe, Japan   +81-78-672-8800
** <http://www.ddcom.co.jp>; **

Give a man a phish and he eats your lunch.
Teach a man to phish and, ... no, wait. Don't do that.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050519123818.B99A.REES>