|
|
Identify Scammers by learning to read email headers.
|
|
|
Scam #1
Kills the messengers . . .
Mail Order Bride – Scams
There are many ways to be scammed by a Mail Order Bride named Yuri/Boris as there are imaginative people. Don’t think you are smarter than everyone else or immune to being scammed.
Know thy enemy . . .
Avoid Mail Order Bride Scams by Reading the Email Headers
Identifying Mail Order Bride Scammers with Email Headers
This is a very basic tutorial on email headers as part of a multi piece article on detecting Mail Order Bride Scammers. You should not assume based entirely on email headers that someone is a Mail Order Bride Scammer. Likewise, you should not report someone to a blacklist for Mail Order Brides entirely upon your interpation of email headers.
The following excellent post is shown in its entirety at:
http://www.rwguide.com/forums/topic.cfm?topic=1890&page=1
Reading Email Headers for Mail Order Bride Scammers
Step #1 Obtain the full headers from your email. Obtaining full headers from your email is different for every mail program. You can find instructions on how to do this with many different mail programs shown at http://www.haltabuse.org/help/headers/
Step #2 Analyzing headers and knowing what to look for. First, I recommend you paste the headers into a text editor such a notepad, which will make it easier to read. You will see something like this:
X-Message-Status: n:0
X-SID-PRA: =?Windows-1251?B?zODw6O3g?=
X-SID-Result: Pass
X-Message-Info: JGTYoYF78jFdTd3P19hf+W5JhiHuKKLaRfrbZDq27zQ=
Received: from mx2.mail.ru ([194.67.23.122]) by bay0-mc11-f7.bay0.hotmail.com with
Microsoft SMTPSVC(6.0.3790.211);
Thu, 19 Jan 2006 00:29:31 -0800
Received: from [217.107.237.229] (port=19450 helo=other-f0e6f4b03)
by mx2.mail.ru with asmtp
id 1EzV0X-0000Da-00
for johnXXXX@hotmail.com; Thu, 19 Jan 2006 11:19:01 +0300
Date: Thu, 19 Jan 2006 10:43:03 +0300
From: =?Windows-1251?B?zODw6O3g?= marinaXXXX@inbox.ru
X-Mailer: The Bat! (v3.0.1.33) Professional
Reply-To: =?Windows-1251?B?zODw6O3g?=
X-Priority: 3 (Normal)
Message-ID: <1369287390.20060119104303@inbox.ru>
To: John XXXX
Subject: Hi, John!!!!!!
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
Return-Path: marinaXXXX@inbox.ru
X-OriginalArrivalTime: 19 Jan 2006 08:29:31.0758 (UTC)
FILETIME=[7888D0E0:01C61CD2]
Received: from [217.107.237.229] (port=19450 helo=other-f0e6f4b03)
This is probably the single most important line in your headers. There are sometimes
several occurances of "received from" in the headers depending on how many
servers it will go through before it finally arrives in your inbox. The one you want to
look at is the last one. This tells us three things.
1. The email was sent from 217.107.237.229 This can be the single most important
piece of information in the headers. This will give you a general idea of
where the email came from. Even though it is not 100% accurate, it is
important because scammers usually lie about where they are from. (I will
explain more in detail on how to trace an IP address later in this article.)
2. The computer name of the sender is other-f0e6f4b03 - The computer name is
VERY important! Most people do not realize the importance of this
information. Scammers have no reason to change the name of their computer
(unless they read this article of course) Also the computer name in this email
has the randomly generated name that was set when windows was installed!
This means that if this scammer EVER sent email to anyone else, this will
match that email! Also, it is VERY common for a scammer to say they write
from Internet café. If they in fact write from a Internet café, the computer
name will be different each time, as I doubt they will get the same computer
ever time. If your girl says she writes from Internet café and every email has
the same computer name, she is probably a liar. Unfortunately, not all mail
servers will obtain this information when accepting email from a client.
3. The email most likely came from Russia. How can I tell it came from Russia so
soon without even checking the IP? Notice the "helo" instead of "hello"
when her mail server and her computer greet each other.
X-Mailer: The Bat! (v3.0.1.33) Professional
Ok I am going to dispel a myth here. Just because you see this in the header does NOT
mean your lady is a scammer. This header tells you what email program your lady
uses. Yes, Fat Yuri does seem to love this particular email client, however some real
girls use it too. I personally know one such girl. So please do not automatically
assume this means a scammer. Just count it as a red flag and keep your eyes open.
Content-Type: text/plain; charset=Windows-1251
This header is not an indication of a scammer, but it is useful. This is the default
character set on the computer. There are two different character sets used in Russia.
One of them is koi8-r and the other is Windows-1251. This is useful if you want to
write your lady some Russian, as you need to get this setting right in your email
client, or she will not be able to read your email.
Step #3 Research and trace the IP address of the sender. There are several checks you can
perform on an IP address that will yield all kinds of useful information.
* Reverse DNS Lookup - The following is a website tool to do various IP lookups. I
have the link below set to do a Reverse DNS Lookup on an IP address by
simply clicking HERE. Notice that the IP address from above headers
resolves to: 229.237.dialup.mari-el.ru. The first thing we see here is that this
is a dialup connection. Therefore, if your lady is telling you she has no phone
and uses an Internet café with an IP like this - red flag. The next red flag here
is the mari-el.ru ISP. There seems to be a huge influx of scammers that use
that particular ISP for some reason.
* Whois Queries - You can also do a whois on the IP address to tell you the ISP that
owns the IP address. Once again, I have the link set to do the IP Whois for
you HERE. Now, not only does this tell you the ISP that owns the IP
address, but it will tell you the general location of the IP address. This is
because an ISP is required to allocate address blocks to different cities
and or networks, and then list this information with a registry such as RIPE
This information is not always 100% accurate, especially in developing
countries. It will however be accurate enough to tell you that your lady is a
liar or scammer if she claims to be in Samara and the IP Whois says
Yoshkar-Ola.
* Traceroute - you can also do a traceroute to determine where the IP address is
located. On your computer, you will find a tool called tracert if you use
windows. In addition, you can find a traceroute server on the Internet. A list
of them can be found here: HERE You can also use software like Visualroute
as well that are easier to use. However, the best type of trace tool to use is a
tcp traceroute, as it will go through firewalls. The use of this tool is beyond
the scope of this article. The idea is to get the IP address of the closest hop
away from the destination address and do research on it as listed above. The
reason for this is IP addressing registries such as RIPE are much stricter on
the location of the router IP than a block allocated for consumer dialup
usage.
One last myth to dispel - I have noticed that some people will use a tool like Email Track
Pro and the software will warn that the email is "misdirected" which is indicative of
spam, but not necessarily a scammer. I will explain. Misdirected simply indicates
that the mail server IP that sent the email does not match the name of the mail
server. This is a very common way for spammers to try to hide their identity. I
assure you, Fat Yuri does not have his own mail server and T-1 connection in his
apartment, nor is he this smart. The likely cause is that the ISP your girl is using
does not have their mail server configured properly. This is very common actually.
There is a way to tell the difference between a truly misdirected email and an
incorrectly configured mail server, however it is beyond the scope of this article. If
you are unsure you can always send me a PM and I will check for you. I hope all
this has been useful and good luck on your searches!
Cheers!
Some other useful tools are:
1. www.emailtrackerpo.visual.com
3. www.technomon.com
4. www.dnsstuff.com
5. www.dnstools.com
6. www.tcptraceroute.com
7. www.whois.net
Hopefully, the above forum was helpful in your Mail Order Bride search. Take care and be safe.
Other Mail Order Bride Resources
1.Mail Order Bride Site for Mexico
2.Mail Order Bride Site Offering Personalized Assistance
3.Russian Woman Speaks out about Mail Order Brides
4.Encyclopedia with tons of info on Mail Order Brides
5.Forum where you get the straight scoop from other men and women
6.Great Blog as to Philippine Mail Order Brides
7.Informational site on Mail Order Brides
8.This is the site where I met Tatiana
9.Ukraine based Mail Order Site
10.Kherson is a city in the Ukraine
11.I signed up for this but I didn't find model quality Mail Order Brides
12.They boast 30,000 women on their site
13.Mail Order Bride site with strong influence in Asia
14.Mail Order Bride Site
15.Mail Order Bride informational site
16.Mail Order Bride Story
17.Mail Order Bride Story
18.Mail Order Bride Story
19.News story from Canada on Mail Order Brides
20.Weekly updated Mail Order Bride Stories
21.MSNBC Report on Mail Order Brides
For more information on Mail Order Brides use the below search
bar for any of these terms: mail order bride, russian mail order bride,
asian mail order bride, latin mail order bride, mexican mail order bride,
free mail order bride, philippine mail order bride, brazil mail order bride,
chinese mail order bride, brazillian mail order bride, african mail order
bride, japenese mail order bride, latina mail order bride, mail order bride
russia, bride girl mail order russian, mail order bride warehouse, czech
mail order bride, fillipino mail order bride,filipino mail order bride, mail
order bride mexico, thai mail order bride, colombian mail order bride, ukraine
mail order bride.
|
|
|
