Results 1 to 8 of 8
  1. #1
    New Lounger
    Join Date
    Jan 2003
    Location
    Beaverton, Oregon, USA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    SMTP Header (2000 SR-1)

    How can I "convince" Outlook to show me the COMPLETE SMTP header information? I want this to report SPAM abuses but Outlook (message) / Options obviously does not display the complete header. ISP will not take any action unless this information is complete.

    Is there another way to view the complete SMTP header of a Outlook message?

    Much appreciated.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: SMTP Header (2000 SR-1)

    I believe the info under View > Options... > Internet headers (or, from a list, right-click > Options... > Internet headers) is all there is. Junk messages are notorious for containing garbage headers, and after you work back one level from your mail server, you just can't trust any of it. Here's an example (the stuff in blue was changed to discourage harvesting):

    <pre>Return-Path: <annie390i@juno.com>
    Received: from willcomm.com (211.62.74.30) by <font color=blue>mail.mydomain.com (MailServer Info) for
    me@mydomain.com</font color=blue>; 2 Jan 2003 12:51:19 -0800
    Received: from QRJATYDI (adsl-065-083-172-082.sip.mco.bellsouth.net [65.83.172.82])
    by willcomm.com (8.12.5/8.12.5) with SMTP id h02KbYdX026284;
    Fri, 3 Jan 2003 05:37:44 +0900
    Message-Id: <200301022037.h02KbYdX026284@willcomm.com>
    From: "Annie" <annie390i@juno.com>
    To:
    Subject: Re: Hey Sexy
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook
    Date: Thu, 2 Jan 2003 10:4:49 +-0800
    Mime-Version: 1.0
    Content-Type: text/plain; charset="ISO-8859-2"</pre>


    According to these headers, my mail server received the message from the host willcomm.com (211.62.74.30). In a rather uncommon coincidence, the IP address and the domain actually match up. Often the host name is forged and only the IP address is real.

    According to the headers, the willcomm.com server received the message from QRJATYDI (adsl-065-083-172-082.sip.mco.bellsouth.net [65.83.172.82]). You and I have no idea whether this information is real, but remarkably, that host name does match up with that IP address. If we were nasty hackers without a conscience, we could attack that address. But since it could be forged, I certainly don't think that would be a good idea.

    So in this case, we could complain to the contact for both IP's and both host names (not necessarily the same). Without opening the message and examining the links (there are almost always links), it is difficult to get to the person who is trying to make money here. But that would be the next step. (I haven't opened this one, but my filtering software says it junk, and I have other reasons to think so. <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15> )

    Frankly, I've stopped complaining except in special cases, because I get upwards of 50 junk messages a day, and nothing I say is going to make a whole heck of a lot of difference. I filter it and try to go on. I hope you don't get too obssessed, either.

    BTW, I use SamSpade for Windows for whois, dig, and other research. Much easier than visiting dozens of web sites, although occasionally for international IP address space, you have to do that. If you use the capture feature to create a text log of your relevant query results, watch for square boxes, which represent invalid CrLf pairs. If you see these, use WordPad to open the file; Notepad cannot handle these characters.

  3. #3
    New Lounger
    Join Date
    Jan 2003
    Location
    Beaverton, Oregon, USA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SMTP Header (2000 SR-1)

    Thank you for your reply.

    I do understand the forging of headers. I also know that a message addressed to septic.tank@yahoo.com cannot be delivered to me. So I assume the BCC is used and not shown in the headers displayed by Outlook.

    I have a wish in the battle against SPAM which in my case has increased 200% in the last few months. I wish ISPs would offer an option to their subscribers by which the ISP server would not deliver any message for which the return path cannot be verified. That would take care of most SPAM as the FROM and REPLY-TO are also mostly forged.

    True, this would cause additional processing for the ISP servers, and a delay in message delivery, that is why I suggest this service as an option.

  4. #4
    5 Star Lounger
    Join Date
    May 2001
    Location
    Washington, USA
    Posts
    750
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SMTP Header (2000 SR-1)

    Outlook won't do this, though it usually gives you everything that is worth anything in a header. To see "everything" in a header or elsewhere you need to make some pretty deep calls. This isn't worth trying to program, but a utility like OutlookSpy from dimastr.com will give you literally everything available on every object in Outlook.

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: SMTP Header (2000 SR-1)

    > I wish ISPs would offer an option to their subscribers by which the ISP server would not deliver any message
    > for which the return path cannot be verified.

    I understand the appeal of this approach. The standard SMTP command, VRFY, can fairly quickly be used to validate an e-mail address. But although Internet standards documents declare that all mail servers are supposed to accept and respond to VRFY requests (see RFC 1123 @ 5.2.3), some view it as a security risk in that it can be used to check for the existence of various user names in the local data store. RFC 821 has an illustration of how this works:
    <hr>3.3. VERIFYING AND EXPANDING

    SMTP provides as additional features, commands to verify a user name or expand a mailing list. This is done with the VRFY and EXPN commands, which have character string arguments. For the VRFY command, the string is a user name, and the response may include the full name of the user and must include the mailbox of the user. For the EXPN command, the string identifies a mailing list, and the multiline response may include the full name of the users and must give the mailboxes on the mailing list.
    ...
    Example of Verifying a User Name

    Either

    S: VRFY Smith
    R: 250 Fred Smith <Smith@USC-ISIF.ARPA>

    Or

    S: VRFY Smith
    R: 251 User not local; will forward to <Smith@USC-ISIQ.ARPA>

    Or

    S: VRFY Jones
    R: 550 String does not match anything.

    Or

    S: VRFY Jones
    R: 551 User not local; please try <Jones@USC-ISIQ.ARPA>

    Or

    S: VRFY Gourzenkyinplatz
    R: 553 User ambiguous.<hr>
    Some servers, including Exchange 2000 (see Q289521) can be programmed to give "ambiguous" VRFY responses like "I will accept the message" rather than "yes, that mailbox is local, and here's the guy's full name." In other words:
    <hr>Query: vrfy valid.user1
    Response: 252 2.1.5 Cannot VRFY user, but will take message for valid.user1@microsoft.com

    Query: vrfy bogus.user2
    Response: 252 2.1.5 Cannot VRFY user, but will take message for bogus.user2@microsoft.com
    <hr>
    This defeats the whole purpose of checking, so if your ISP can accepts this response code, you've gained nothing, and if it treats the mail as spam, you may miss a goodly amount of "real" mail.

    Hmmm, I seem to have digressed. I'm not this helps, but I thought I'd mention it.

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: SMTP Header (2000 SR-1)

    I checked Outlook Express's "raw" view for a sample message and the headers match Outlook's. I'm not sure what else might be missing that the ISP could use... and unfortunately I don't have Outlook Spy or time to learn it...

  7. #7
    New Lounger
    Join Date
    Jan 2003
    Location
    Beaverton, Oregon, USA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SMTP Header (2000 SR-1)

    I apologize if it looked like I was venting frustration over SPAM, because I was to some extent.

    The fact is that I designed a system where a VRFY was required to accept e-mail transaction resulting in billing consequences for telecom services. There were a few issues in service support but they were resolved promptly.

    I also think the a standard VRFY response (required) is a lot better than the current schemes with copyrighting poems to protect oneself from SPAM. Ther has to be a standards-based solution )SMTP is an extensible standard). I have not followed standards developments in the last several months: does anybody know about any developement regarding SPAM?

    I might check out Outlook Spy :-)

    Arthur

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: SMTP Header (2000 SR-1)

    Well, venting about spam is fine with me. I've been there, too.

    From what I have heard, Haiku (the anti-spam strategy) does sound silly. While the copyright laws have a strong remedy, it's hard to imagine anyone actually going to trial over it.

    I heard briefly about a new thing on the radio, but I missed out on the name, sponsor, and other details. It seemed to involve the sender paying the recipient some money if the sender lied about whether its message was junk; or maybe just paying the recipient to read the message... memory is fuzzy. Sound familiar to anyone?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •