|

How to Tell Who REALLY Sent That Email

Sometimes I’ll get an email that I KNOW didn’t come from the person shown in the “from” column in my gmail online. Most of those are ending up in my spam filter these days, but every once in a while one will look legit enough that Google lets it through. Only by knowing my friends and relatives do I know that my sister is not trying to sell me a vacuum cleaner over the internet, even if the thing SAYS she is. So lemme show you how you can tell who REALLY sent it. I’ll show you using Yahoo! mail and Google’s GMail, and from there if you’re using a local machine client you’ll probably be able to figure out how to get the same information. But if not, let me know; I’ll either post a link to your client’s instructions on how to do it or write a post on it myself. So here goes…

In Yahoo! mail, I’ll take a look at a message I sent myself. As we get deeper into this process, you may notice that I didn’t edit out my actual email address. I have a really good spam filter on both accounts used here so if a robot sees an actual email address here and starts spamming me, I probably won’t notice. We’ll start with the first time you see the email in the list; looks something like this:

And when you open that email, you’ll see this: (I want you to pay attention to where you see the name of the person sending the message)

From the “More” menu above the opened email message, select “View Full Header.”

The next three shots are the information you will see in the email header.  There is a lot of what looks like gibberish in there, but some of it actually means something to normal people. You can see your IP address (remember the post about how the web works? here’s an example of why it’s significant.), and the IP address of the sender.

 

You can see the mail system that sent it. This can be interesting (really, only if you’re into this stuff like I am); you can find out what sort of mailing system is being used for some of the newsletters you get. One of the ones I looked at for this post uses Constant Contact. I’d heard of them before and I knew that their product is used to manage mailing lists, but from what I saw the actual mailing is done through them, probably using a web-based list management service.

And finally, the information on who actually sent the message. As you can see here, this message was sent from one of my email accounts to another one of my email accounts. Both are general-purpose accounts, so if you want to throw a bunch of junk at me to either address, feel free to do so.

If you use GMail online, the process is just a bit different to get to the header. This is the message in the message list:

And the opened item:

From the menu where you can select Reply or Forward, one of the options is “Show Original.” That’s the one you want for this.

And this is what you get when you select that:

You get the same information using Yahoo! mail or GMail, and you’ll get the same information you see here if you use Thunderbird or Outlook or the Mac mail app, or even from your phone (although that’s a little more complex to get to).  The information is relevant to THAT MESSAGE, regardless of what device you view it on or what service or client you use to read it. The header information gives information to the servers involved in the process as to what to do with the message.

Now we want to know how you got an email that says it’s from Aunt Sally when it’s really from Joe Schmoe at buymystupidstuff.com, right? Nothing I’ve read has conclusively identified how the name gets attached to that email. I had thought at one time that it may have had something to do with my contacts associated with that account, maybe I had sent mail to or received mail from that person from that account online instead of using my Outlook client, but not with this person. Other than face-to-face, the only way this person and I have ever communicated is–wait for it–on Facebook.

There is probably enough material available to write an entire book on security vulnerabilities on Facebook and how they’ve been exploited, and maybe some day I will undertake that project. For now, it’s enough to know that it can happen. Aunt Sally really isn’t spamming you, and now you know how to be certain. Some bad guy got Aunt Sally’s email address from some social media site because someone forgot to tell Aunt Sally how to set her privacy settings and that the status update about that celebrity dying in a fiery car crash is probably a hoax designed to steal her login information.

This post is not going to keep you from getting spammed by Aunt Sally. But now you have the tools to exonerate her.

Similar Posts