Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
terraria991605167dI think it would have some info of the sender in the header
Cultist1388167dYup, the mail has headers with origin but it's most likely hijacked so don't dos it smth (tons and tons of insecured stuff available)... Just report it to the provider and maybe spamhaus or equivalent.
Lisk66167dWell, it depends...
Every server the mail passes writes a line to the message header. The Problem is: which of these lines can you trust to be authentic?
When using a fake "From" address, nothing would stop me from also appending additional fake header lines, in order to support the senders' plausibility or make tracing difficult.
You can likely trust the receiving server's notes, but everything before that server gets complicated. (And If you can't trust the server which ist receiving and storing your mails, you've got a whole class of more pressing problems than the Origin of a fake extortion Mail...)
Lisk66167dAnd of course @karasube ist right, even If you find the origin IP for that mail, it will likely be a highjacked server
C0D441460167dWorry about it when it contains the password.
I’ve had 1 with that, instant change of password - luckily it was only used a couple of times, and disable of in/outbound mail for a while.
JayCee51167dBeing a former admin of a mail server, this kinda thing annoys me. SPF exists for a reason and is actually relatively simple to setup, I'd suggest your dad change email providers. :)
d4ng3r0u54390167dI had one of these that knew the simple password I've used for a bunch of non-sensitive sites.
Should they be blocked by SPF/DKIM?
Linux44429167dThis is the same that has been going around for Month.
SPF solves it.
ilPinguino3086167dThe Received: headers can tell you the way that the email took, but they can be faked as well (the last hop is basically the only one you can trust, because you can easily verify it). Note: They're backwards.
Still, except contacting abuse for these servers, you won't be able to do much. Probably sent by a botnet or a hijacked server.
Good thing he asked you instead of paying.
And one more point for widespread security awareness training. Do you mind if I use that incident as an example? I'd anonymize it of course...
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job