[PLUG] Friend's email has modified reply-to field
Rich Shepard
rshepard at appl-ecosys.com
Wed Aug 22 22:27:38 UTC 2018
On Wed, 22 Aug 2018, Denis Heidtmann wrote:
> I have been trying to find way to report that address to google without
> success. Is there any hope of getting the information to Google so that
> the address is shut down? It is the address that the hacker used to
> receive $ from unthinking recipients of the original spam.
Denis,
Have her turn on headers and export the entire message as a text file.
This preserves the sending IP address. Then have her forward the text file
to you as an attachment.
When you receive the message check the header for the top-most IP address
-- not sender address name -- and run it through 'whois ...'. It will almost
certain be an IP address starting with 209. (most of those I get start that
way), and it's the first one after the received-from SPF header. The usual
google spam reporting address is network-abuse at google.com.
Open a blank message to that address and import the text file. Start your
message asking them to take appropriate actions to prevent further UCE from
that sender. Then separate this header from the forwarded text with a line:
------ Forwarded message ------
Or, have her forward the message directly to network-abuse at google.com
after confirming (using whois) that it indeed is from a google server.
If I've not confused you let me know and I'll try harder. :-)
HTH,
Rich
More information about the PLUG
mailing list