http://www.stern.nyu.edu/it/guides/smtp ... udora.html
http://www.ostrosoft.com/smtp_component/faq.asp
http://www.softheap.com/localsrv-localsrv-faq/
http://www.e-marketingassociates.com/ho ... q/smtp.asp
http://www.emailarms.com/faq/smtp_faq.html
http://c0vertl.tripod.com/digital.htm
Some junk to read on SMTP, lil POP, and no IMAP..
check out Samspade.org for their email parser.
Forged or suspicious email might have a warning in the _full_ email headers about 'maybe forged' , but some are false alarms. Most people do not view the full email headers, thus are fooled by the simple FROM: address.
In the case of Gmail.com, you will select "more options" link next to the sender's simple email address. Then you will select the link for "show Original" it will display the email in the SMTP version:
X-Gmail-Received: 91324be7b2455a95bef97317a57ec678943f69bb
Delivered-To:
DNR@gmail.com
Received: by 10.64.179.16 with SMTP id b16cs46119qbf;
Fri, 14 Jul 2006 12:02:04 -0700 (PDT)
Received: by 10.54.153.16 with SMTP id a16mr2683614wre;
Fri, 14 Jul 2006 12:02:04 -0700 (PDT)
Return-Path: <Online.University+DNR=
gmail.com@ajijj.com>
Received: from mail1.ajijj.com (i44-251.alfgl.com [200.62.44.251])
by mx.gmail.com with ESMTP id 15si464870wrl.2006.07.14.12.01.57;
Fri, 14 Jul 2006 12:02:04 -0700 (PDT)
Received-SPF: pass (gmail.com: domain of Online.University+DNR=
gmail.com@ajijj.com designates 200.62.44.251 as permitted sender)
Message-Id: <
44b7ea2c.4ebc1de7.1271.ffff8a27SMTPIN_ADDED@mx.gmail.com>
From: OnlineUniversity <Online.University+DNR=
gmail.com@ajijj.com>
To:
DNR@gmail.com
Subject: do you know which is the best online university?
Date: Fri, 14 Jul 2006 16:01:48 -0300
MIME-Version: 1.0
Content-Type: text/html
Viewing suspicious email in text form, like this is a good way to determine if the email is active script, like having HTML. Content-Type: tells you the content of the email, 'text-html'. This email contained advertisement, junk pictures that clog my bandwidth (all which contact a server and leak your IP/browser/other nfo).
Samspade's tools, like the email parser will do a lot of work for you, adding helpful comments, running DNS checks, warnings. Check out the same email header run through SamSpade's email parser:
07/15/06 10:38:00 Input
The Received: headers are the important ones to read
My comments are just hints, and should be considered only
an opinion. I may have guessed wrong, or things may have
changed since I was written
X-Gmail-Received: 91324be7b2455a95bef97317a57ec678943f69bb
Delivered-To:
dnr@gmail.com
Received: by 10.64.179.16 with SMTP id b16cs46119qbf;
Fri, 14 Jul 2006 12:02:04 -0700 (PDT)
This received header was added by your mailserver
10.64.179.16 received this, but doesn't tell us
where from.
(Without a from parameter it's hard to verify later
received headers. Treat with caution)
Received: by 10.54.153.16 with SMTP id a16mr2683614wre;
Fri, 14 Jul 2006 12:02:04 -0700 (PDT)
10.54.153.16 received this, but doesn't tell us
where from.
(Without a from parameter it's hard to verify later
received headers. Treat with caution)
Return-Path:
<Online.University+dnr=
gmail.com@ajijj.com>
Received: from mail1.ajijj.com (i44-251.alfgl.com
[200.62.44.251]) by mx.gmail.com with ESMTP id
15si464870wrl.2006.07.14.12.01.57; Fri, 14 Jul 2006
12:02:04 -0700 (PDT)
mx.gmail.com received this from someone claiming
to be mail1.ajijj.com
but really from 200.62.44.251(i44-251.alfgl.com)
All headers below may be forged
Received-SPF: pass (gmail.com: domain of
Online.University+dnr=
gmail.com@ajijj.com
designates 200.62.44.251 as permitted sender)
Hmmm received-spf: isn't a header I recognise
Message-Id:
<
44b7ea2c.4ebc1de7.1271.ffff8a27SMTPIN_ADDED@mx.gmail.com>
From: OnlineUniversity
<Online.University+dnr=
gmail.com@ajijj.com>
To:
dnr@gmail.com
Subject: do you know which is the best online university?
Date: Fri, 14 Jul 2006 16:01:48 -0300
MIME-Version: 1.0
Content-Type: text/html
All the above added comments are Steve Atkins, the creator of the app.
So not only was it easy to spoof email , but its easy to determine a suspicious one.
Set your email to text only.
DNR