[sf-lug] Bot-generated nonsense

Akkana Peck akkana at shallowsky.com
Sat Dec 31 16:50:55 PST 2022

Rick Moen writes:
> Pretty much.  The "Received:" and some others are crucial in 
> knowing what really happened, and are particularly important if there's 
> the possibility of SMTP forgery by a bad actor.  Forged mails require
> some expertise to analyse accurately, [ ... ]
> Anyway, here are headers from a mail with a _typical_ sort of
> abbreviated headers, as shown to me by the mutt MUA.  (Mutt's 
> display of headers can be adjusted as desired in the .muttrc file.)
> Then, following that, are full headers, as I received them, from the
> same e-mail.

Note also that most mailers don't show these Received: and related
headers by default; you have to ask for them. Rick already mentioned
mutt, where typing 'h' will display a message with all its headers. In
gmail you can see the full headers by clicking on the three-dots menu
next to the Reply button and choosing "Show Original". For other
mailers, if it's not obvious from clicking around, try a web search
for the name of the mailer and "full headers".

If you're concerned about a particular email message -- for instance,
if you get something claiming to be from $company and you suspect it
isn't really from them, and you want to forward the message to their
abuse address to check -- you should always forward the full-headers
version, otherwise the techie at the other end probably won't be able
to do much analysis on it.


More information about the sf-lug mailing list