FINDING THE HEADERS IN EMAILS, AND WHAT TO DO WITH
THEM
Hotmail On
the upper right hand side of the screen you'll see "Options". Click on it, then
go to "Mail Display Settings". Where it says "Message Headers", change the
option to "Advanced". Once that's done, click on "OK" and you'll see the headers
of all the emails you get sent.
Yahoo Open your email. Scroll to the bottom
of it and click on "Full headers". There they are. Nice and simple.
Gmail Open your email.
Look for the small blue upside down triangle on the right hand
side, next to the word "reply" and left click on it. In the new set of
options that pop up, look for "Show Original" and click on it. Your email will
open up in a new page complete with headers.
Fastmail On the same line as the subject,
to the right of the screen you'll see "Show full header". Click it.
Outlook Express Go
to your inbox, right click on the email you want, click on properties, then
on details.
Outlook
Credit to Chris from
ruadventures.com for this one.
1. Open a message.
2. On the Message tab,
in the Options group, click the Dialog Box Laucher .
3. In the Message
Options dialog box, the headers appear in the Internet headers box.
Thunderbird Open your email, hold down
the Ctrl key and (while still holding it down) press U. Up pops a window with
the headers.
MSN 7.5
Credit to jombee for this one. Open the Inbox e-mail.
Press Alt and
Enter together presto there's the info.
Windows Live Mail Open up your inbox, right
click on the email you want to check, then click on "View source".
AOL
Credit to Manny for this one. "I am an AOL
user, the headers can be seen on AOL by looking at the top of the e-mail. It
says:
Sent from the Internet (Details) - Click on
"details" and headers pop up."
What
to do with the headers Now you have them, what do you need to look
for? First up, check if The Bat! is there. It's a very sophisticated email
program that lets you use multiple email accounts easily. That's why scammers
love it so much. It's a legitimate piece of software designed for businesses
that the scammers have latched onto. Make a note of the version number and post
it in your report. Now, how to find that pesky IP address we keep talking about.
Working from the bottom up, you need to look for a set of 4 numbers, similar to
82.198.27.180
If you see one that starts 192.168 then ignore it.
It's an internal IP address and just means there's more than one computer
connected to the same internet point. It's how computers in the same building
know to look for each other. Keep looking up. When you find the IP address, go
to
www.dnsstuff.com
and type it in. If we use 82.198.27.180 as an example, typing it into
the WHOIS Lookup and Reverse DNS Lookup boxes should give you all the info you
need.
http://www.dnsstuff.com/tools/whois.ch?ip=82.198.27.180
http://www.dnsstuff.com/tools/ptr.ch?ip=82.198.27.180
There's also another site you could use to check the headers. It's just
been updated and is looking pretty good.
http://headertool.apelord.com/headers All you need to
do with this site is copy the entire header and post it into the box.
When you come to post the headers in a scam report on any scam reporting
site, first remove the domain key. It isn't needed at all. Just
delete it. It looks similar to this - a jumbled list of numbers
and letters.
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=date:from:x-mailer:reply-to:x-priority:message-id:to:subject:in-reply-to:references:mime-version:content-type;
b=XtfWfreJWIVVLNy2txrkY4IWgtV4rj7Z0bbsi87mTgMSJHBZwcIesWvjWtvnEEVSDqyW6OeTr8AopRdOXGB7wTB9dUPhfomIyXUXjcHI+rrB9Bw8ePGvLgQD1LmnCGCDsm3LRkuTj5ko7E0eeoJsRAL/ZDG1bQbM9hpcbs0jRAo=
WHEN YOU POST THE HEADERS MAKE SURE YOU REMOVE YOUR OWN
DETAILS OUT OF IT OR YOU'LL BE TARGETTED BY EVEN MORE SPAMMERS AND
SCAMMERS!! 