Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
terraria99116971dI think it would have some info of the sender in the header
karasube140071dYup, the mail has headers with origin but it's most likely hijacked so don't dos it smth (tons and tons of insecured stuff available)... Just report it to the provider and maybe spamhaus or equivalent.
Lisk6571dWell, it depends...
Every server the mail passes writes a line to the message header. The Problem is: which of these lines can you trust to be authentic?
When using a fake "From" address, nothing would stop me from also appending additional fake header lines, in order to support the senders' plausibility or make tracing difficult.
You can likely trust the receiving server's notes, but everything before that server gets complicated. (And If you can't trust the server which ist receiving and storing your mails, you've got a whole class of more pressing problems than the Origin of a fake extortion Mail...)
C0D43049570dWorry about it when it contains the password.
I’ve had 1 with that, instant change of password - luckily it was only used a couple of times, and disable of in/outbound mail for a while.
JayCee5370dBeing a former admin of a mail server, this kinda thing annoys me. SPF exists for a reason and is actually relatively simple to setup, I'd suggest your dad change email providers. :)
d4ng3r0u5428670dI had one of these that knew the simple password I've used for a bunch of non-sensitive sites.
Should they be blocked by SPF/DKIM?
Linux4375370dThis is the same that has been going around for Month.
SPF solves it.
ilPinguino305670dThe Received: headers can tell you the way that the email took, but they can be faked as well (the last hop is basically the only one you can trust, because you can easily verify it). Note: They're backwards.
Still, except contacting abuse for these servers, you won't be able to do much. Probably sent by a botnet or a hijacked server.
Good thing he asked you instead of paying.
And one more point for widespread security awareness training. Do you mind if I use that incident as an example? I'd anonymize it of course...
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job