Phuket Live Wire – You’ve got scam mail

PHUKET: Have you ever received a message like the following and wondered who sent it to you?

I have a group of 24 people who will be traveling in your vicinity in December and we would like to book reservations at your establishment. We will pay for services, including tax and tips, in advance. Please advise what you have available and how much it costs. Send your bank details for full remittance.

Here’s another message I received recently: YouTube Service <service@youtube.com>: Your message was not delivered you have sent the maximum number of messages per day. https://www.youtube.com.support/ticket_id=1497. © 2011 YouTube, LLC, San Bruno, CA 94066

By now you’re savvy enough to know that a message sent From Citibank Customer Service asking for your password – or a message from UPS saying you need to run an EXE file, or from Microsoft saying you have to install the attached program – is probably completely bogus. You also no doubt know that the “From” address can be faked (the technical term is “spoofed”): no, that message didn’t come from Barack Obama or Bill Gates or Warren Buffet.

But what about the messages that look like they may – just maybe – be real? How can you see who the message really came from?

The short answer: you can’t. The bad guys know it’s easy to send out a message that looks like it’s from Yingluck Shinawatra or Brad Pitt. That’s kiddie stuff. Getting beyond the kiddie level isn’t easy. Few spammers are smart enough to disguise the originating point of their message, for example, or strip off other, often hidden, telltale information. If you’re curious about the real source of a message, you should look at the innards of the message, in something called the header.

A message header is the text that wraps around a message. It encapsulates the message, making sure it gets to its intended destination. To a first approximation, the message header resembles a snailmail envelope, with an addressee, return address, and a series of cancellations that trace where the message has been.

Some email programs make it easy to look at each message’s header. In Gmail, for example, if you open the message, click the down arrow next to Reply, and then Show Original, the message header appears in a new window. In Hotmail, you click Inbox on the left-hand menu, right-click the message and choose View Message Source. In Outlook Express or Windows Live Mail, right-click on the message, choose Properties, then click on the Details tab.

Outlook makes it difficult to see the headers. Fortunately, there’s a program that makes it easy to see your message headers in Outlook. PocketKnife Peek makes it right-click easy to see any message’s header. To use it, exit Outlook. Go to xintercept.com/peek/pkpeek.htm. Download and install PocketKnife Peek (it’s free). Start Outlook again, and PocketKnife Peek will work. Check it by right-clicking on any message in Outlook, choosing Peek, and clicking the tab marked Internet Header. The entire header appears.

Sorting through an internet header can be challenging. Fortunately, there’s a web site that will do all the hard work. To use it, copy the header. Go to the IP Tracker web site, iptrackeronline.com/header.php. Copy the header into the Email header analysis box and click Submit Header for Analysis. You’ll see a full parsing of the header, part of which is shown in the screen shot on this page.

So the next time somebody sends you an offer you can’t refuse – or a poor suffering widows asks you for $1,000 to unlock her poor departed husband’s $100 million – take a look at the message’s header, and run it through IP Tracker Online. If the message came from Nigeria or Kazbukistan, well, you’ve been warned.

If you aren’t yet posting your international downloads speeds on www.PhuketInternetSpeed.com, I hope this column gives you an idea of why it’s more important than ever to keep everybody in Phuket apprised of how your internet connection is working. Even if you have a simple 3BB 6 Mbps line, you’re helping yourself – and everybody else – by regularly testing and posting your results. It takes less than a minute. Drop by the speed reporting site and sign up. If you have problems – forgot your logon id or password, or you can’t get it to work – drop me a line. It’s free, fast and easy and the connection you save may be your own.

Live Wire is Phuket Gazette columnist Woody Leonhard’s weekly snapshot of all things internet in Phuket.

Follow him on Twitter: @PhuketLiveWire; “like” his page at facebook.com/SandwichShoppe; or facebook.com/phuketgazette.net, or visit his free Sunday morning computer clinics at Woody’s Sandwich Shoppes.

— Woody Leonhard