How did I get this message?
Spammers will hide or fake/forge addresses in an attempt to get past SPAM detection systems or in an attempt to get a curious recipient to open the message.
In this example the address "mailhost@fnal.gov" was the recipient. Since there is no such user a look at the headers of the message may tell you more.
In this case the headers showed that a valid address was set in the first Received header:
Received: from hepa2.fnal.gov (hepa2.fnal.gov
[131.225.111.5]) by mailgw1.fnal.gov
(iPlanet Messaging Server 5.2 HotFix 1.21
(built Sep 8 2003)) with ESMTP id
<0IGL00GR23SQ2H@mailgw1.fnal.gov> for
xxxxx@imapserver1.fnal.gov (ORCPT xxxxx@fnal.gov);
Mon, 16 May 2005 08:22:02 -0500 (CDT)
But nowhere else. A pretty good indication of a Blind Carbon Copy. No other recipients of the same message would see your email address if they also received it. If the other recipients were BCC'd you would not see their email addresses either.
|
