Fraud victim advocacy, fraud recoginition and prevention education, and law enforcement support

fraud recognition & prevention education, fraud victim advocacy, law enforcement support

Fraud recognition & prevention education, fraud victim advocacy, law enforcement support

                     Silence is fraud's best friend.  Word of mouth is fraud's worst enemy.  Pass the word!TM 

home

___________________

Fraud Secrets:

A Backstage Tour

Start Tour

Why con artists scam

Profile of a con artist

What con artists look for

How con artists set up their victims

What a con artist won't tell you

What a con artist will tell you

Have I been scammed?

12 excuses for not returning your money

How do I find my money?

Where did my money go?

If you lost your funds in an investment scam, speak to your accountant about a theft deduction.

 

 

< Back to Previous Page

How to find the Full Headers in your Email service

Brought to you by Visualware and Fraud Aid

 

We cannot accept scam email reports without the full headers

WE CANNOT ACCEPT SCAM EMAIL REPORTS SENT AS AN ATTACHMENT

ExplanationBrief Headers What Full Headers look likeFiling Scam Email Reports with Fraud Aid

Finding the Full Headers in your email service

 

Explanation:

Full Headers (aka Message Source, Details, Internet Path, Origin, Original Message, Properties, Options, Email Message Source) show the entire path an email traveled from the author's computer to yours.  It is at least 2" to 3" long.  When we track an email, we work back down the path to the author's computer. 

Without the Full Headers, it's impossible to report Spam or scam email to anyone since the Brief Headers (just the From, To, Date, and Subject lines) don't provide any information that can be used to find out where the malicious email came from.

This is a sample of a Brief Header.  A Brief Header does not give us any useful information:

When reporting Spam or scam email, the Full Headers should be placed above the email text.

We cannot accept scam email reports without the full headers above the text message

This is what tracking information looks like: This is a sample of a Full Header.  This provides lots of useful information but not by itself.  The email message must be included beneath it.

Received-SPF: pass (mx03.csee.siteprotect.com: domain of myway.com designates 207.159.120.60 as permitted sender) client-ip=207.159.120.60; envelope-from=kobik@myway.com; helo=myway.com;
Received: from myway.com (nn6.excitenetwork.com [207.159.120.60])
by mx03.csee.siteprotect.com (Postfix) with ESMTP id 70DA0D80BE
for < scamreports@fraudaid.com>; Mon, 1 Jan 2007 22:14:11 -0600 (CST)
Received: by mprdmxin.myway.com (Postfix, from userid 110)
id 5276D233CF; Mon, 1 Jan 2007 23:14:22 -0500 (EST)
To:
Subject: ***SPAM***FAMILY BESINESS INVESTMENT (COMPLIMENT OF THE SEASON)
Received: from [196.1.186.22] by mprdmailfe9.nwk.myway.com via HTTP; Mon, 01 Jan 2007 23:14:22 EST
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: ID = b0d4916511ebd978decbebf5f7fa0f17
Reply-To: k0000mathias@yahoo.co.in
From: "Mathias Kobi Kabila" <kobik@myway.com>
MIME-Version: 1.0
X-Sender: kobik@myway.com
X-Mailer: PHP
Content-Type: multipart/alternative; boundary="MYWAYBOUNDARY_000__afaaf06d5e0a5d93a49f28ede842b7bd";
Content-Transfer-Encoding: 7bit
Message-Id: <20070102041422.5276D233CF@mprdmxin.myway.com>
Date: Mon, 1 Jan 2007 23:14:22 -0500 (EST)
X-Virus-Scanned: CleanMail 2.5 at mf10
X-Spam-Status: Yes, hits=10.508 required=6 tests=[FORGED_RCVD_HELO=0.05,
HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.233, MILLION_USD=1.29,
NIGERIAN_BODY1=2.914, NIGERIAN_BODY2=0.489, RCVD_IN_BL_SPAMCOP_NET=1.832,
SARE_FRAUD_X3=1.667, SARE_FRAUD_X4=1.667, SUBJ_ALL_CAPS=0.365]
X-Spam-Level: 8/5
X-Spam-Flag: Yes
X-Spam-Report: CleanMail Spam detection software has identified this
incoming email as possible spam. Content analysis details: (10.5 points)
pts rule name description
---- ---------------------- ------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.4 SUBJ_ALL_CAPS Subject is all capitals
1.3 MILLION_USD BODY: Talks about millions of dollars
0.2 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
0.0 HTML_MESSAGE BODY: HTML included in message
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?196.1.186.22>]
2.9 NIGERIAN_BODY1 Message body looks like a Nigerian spam message 1+
0.5 NIGERIAN_BODY2 Message body looks like a Nigerian spam message 2+
1.7 SARE_FRAUD_X3 Matches 3+ phrases commonly used in fraud spam
1.7 SARE_FRAUD_X4 Matches 4+ phrases commonly used in fraud spam

NOTE: Please do not forward the scam email as an attachment.  You may have emails set for "Forward as an attachment."  If this is the case, please change the setting to "Forward as inline text" when filing malicious email reports to Fraud Aid or other reporting agencies.  PLEASE DO NOT FORWARD SCAM EMAIL REPORTS AS AN ATTACHMENT.

We cannot accept scam email reports without the full headers above the text message

Filing Scam Email Reports with Fraud Aid: Once you have learned about finding the Full Headers in your email service, you can forward your emails to our research database where the gathered information is sent to and used by law enforcement in the US and abroad.  Please forward scam emails to scamreports@fraudaid.com.  Thank you for your crime-fighting efforts.

Click on the email service you are using and you will be taken to step-by-step instructions for finding the Full Headers:

  • Click HERE to see what the tracking information looks like

  • AOL

  • Cox.net - see Outlook, Eudora, or one of the email services on this list.

  • Eudora

  • Gmail (old format)

  • Gmail (new format)

  • Hotmail & MSN Hotmail users: Full Headers are only accessible in the full version

  • Lotus Notes

  • Lycos

  • Mail.com

  • Netscape

  • Outlook

  • Outlook Express

  • Rediff

  • Yahoo

  • Yahoo Beta (Yahoo 7.0)

  • Other: Look through the above samples since they pretty much cover the gamut of Full Headers access or click on the Help or Options for your email service.  If you still cannot find what you are looking for, contact your email service's Support.

  • NOTE: In some email services, including web-based email services such as SiteMail, the Full Header option is located in plain view once the email is opened.  Be sure to look around for any of these or similar terms: Full Headers, Details, Properties, Message Source, Origin, Original Email, Options, Original Message, Email Message Source, Internet Path.

    • _______

    How to view email headers in AOL

    1. Open the scam email you wish to report.

    2. When your email comes into view look for the 'Details' link.  See Fig. 1 below.


    Fig 1: AOL Email details link

    3. Click on 'Details' and the Full Headers will open in a new window. See Fig. 2 below.


    Fig 2: Email header view in AOL

    (Click on image to enlarge)

    4. Highlight and copy the Full Headers.

    5. Go back to the scam email and click on Forward.

    6. Paste the Full Headers into the top of the email message.

     

    _____________________________________________________

     

    How to view email headers in Eudora (courtesy of the University of Oregon http://micro.uoregon.edu/fullheaders/#eudora)

    Eudora:

    1. Select "plain text only" to turn off any HTML formatting that may be present.
      From the Tools menu select Options then Styled Text and click Send plain text only.

    3. Open the message in question so you can see it on your screen.

    4. Click on the "Blah Blah Blah" when reading the message.

    5. Highlight and copy the Full Headers

    6. Click on Forward

    7. Paste the Full Headers at the top of the email message

    8. Send to scamreports@fraudaid.com 

    _____________________________________________________

    How to view email headers in Gmail (older format)

    1. Open the scam email you wish to report.

    2. Click on Show Options next to the sender's email address.

    3. Click on Show Original - a new window will open containing the Full Headers.

    4. Highlight and copy the Full Headers.

    5. Go back to the scam email and click on Forward.

    6. Paste the Full Headers into the top of the email message.

    _____________________________________________________

    How to view email headers in Gmail (new format)

     

    1.  Open the scam email you wish to report

    2.  Click on the down arrow ?next to Reply

    3.  Choose 'Show Original' from the drop down menu

    4.  Highlight and copy the Full Headers only, not the message text

    5.  Return to the scam email and click on Forward

    6.  Paste the Full Headers above the message text

    _____________________________________________________

    How to view email headers in Hotmail Windows Live/MSN

    HOTMAIL USERS: The Full Headers can only be accessed if you are using the full hotmail version, not basic)

    1. Right click on the closed email ( fig. 1) and a drop down menu will appear. 

    Fig. 1: Inbox view

    2. Choose Source on the drop down menu (fig. 2). 

    Fig. 2: Drop down menu

    3. Copy highlight and copy the Full Headers. 

    4. Open the email, click on Forward and paste the Full Headers into the top of the text message. 

    5. Send to scamreports@fraudaid.com

    _____________________________________________________                           

    How to view email headers in Lotus Notes
     

    Open the properties box on the message (in the default installation of the Notes Client, it will be the first smart icon on the left, but you can also right-click on the document and choose Properties from the drop down menu) 


    Choose the second tab on the Properties box, which is a list of fields and their contents 


    Scroll down to the field "$additionalheaders." That is what Lotus call the Full Headers.


    Select the field and copy by hitting Control+C on your keyboard

     

    Forward the Scam Email Report to preserve any attachments.

                        -or-

    Highlight and copy contents of the field  


    Click on Forward in your email toolbar and paste the Full Headers above the message text.

     

    Send to scamreports@fraudaid.com

     

    _____________________________________________________ 

    How to view email headers in Lycos

    1. By default your Lycos account will not be set to display Full Headers. To change this setting click on the 'Settings' link in the top right hand corner of the Lycos window as shown below in Fig 1.


    Fig 1: Settings Link

    2. Once you have clicked the 'Settings' link the following screen will appear in a pop up window as shown below in Fig 2.


    Fig 2: Settings

    (Click on image to enlarge)

    3. In the settings window above you need to choose the 'Personal Settings' option by clicking on the image shown in red above. Once you have clicked this you will get the settings list below in Fig 3.


    Fig 3: Advanced Settings

    (Click on image to enlarge)

    4. Select 'Yes' from the drop down menu shown in red above and then click the 'Save' button, also shown in red. By clicking 'Save' you will be taken back to the previous menu (Fig 2) where you need to click 'Close'.

    5. Return to the scam email that you wish to report. When the email comes up you will notice a 'Display Full Header' link to the right hand side of the screen as shown below in Fig 4.


    Fig 4: Display Full Header Link

    6. Click on the 'Display Full Header' link to launch a pop up window as shown in Fig 5 below. This pop up window has the Full Headers for that particular email.


    Fig 5: Email Headers

    (Click on image to enlarge)

    7. Highlight and copy the Full Headers.

    8. Go back to the scam email and click on Forward.

    9. Paste the Full Headers into the top of the email message.

     

    _____________________________________________________   

    How to view email headers in Mail.com

    1. Click on the scam email you wish to report.

    2. Just above the main body of the email you will see a link saying 'Show Full Headers' (Fig 1 below), click this.


    Fig 1: Show Full Headers link

    3. Once this link has been clicked the email will refresh and the Full Headersl will appear above the message text.  See Fig 2 below:


    Fig 2: Email Header for Mail.com

    (Click on image to enlarge)

    4. Click on Forward.

     

    _____________________________________________________

    How to view email headers in Netscape

    1. Open the scam email you wish to report.

    2. When your email come into view you should see a yellow arrow pointing upwards as shown in red in Fig 1 below. Click on the yellow arrow to view the Full Headers.

     


    Fig 1: Netscape email

    2. The Full Headers will open in a new window.  See Fig. 2 below.


    Fig 2: Email header

    (Click on image to enlarge)

    3. Highlight and copy the Full Headers.

    4. Go back to the scam email and click on Forward.

    5. Paste the Full Headers into the top of the email message.

     

    _____________________________________________________

     

    How to view email headers in Outlook

    In Outlook there are two ways to view the headers:

    Option 1: Right click on the closed email; in the drop down menu, choose "Options."                                                    

    Option 2: Open the email.  In the toolbar click on View, then choose "Options" in the drop down menu.

    1.  Highlight and copy the Full Headers.

    2.  Go back to the scam email and click on Forward.

    3.  Paste the Full Headers into the top of the email message.

     

    _____________________________________________________

    How to view email headers in Outlook Express

    1. Right click on the scam email you wish to report. A drop down menu will appear as shown below in Fig 1:


    Fig 1: Properties of an email.

    2. From the menu above choose 'Properties'; this will launch a dialog box like the one below in fig 2:


    Fig 2: Details Tab in Properties

    (Click on image to enlarge)

    3. When the dialog box first launches it will be on the 'General' tab; to view the Full Headers click on the 'Details' tab as shown above in red.

    4. Highlight and copy the Full Headers.

    5. Go back to the scam email and click on Forward.

    6. Paste the Full Headers into the top of the email message.

     

    _____________________________________________________

    How to view email headers in Rediffmail

    1. Open your Inbox (or other folder) and Right Click on the scam email: see Fig.1.

     

    Fig. 1

    Click on image to enlarge

     

    2. Click on Properties in the drop down menu: See Fig. 2.

     

    Fig. 2

    Click on image to enlarge

     

    3. A new window will open displaying the Email Headers (See Fig. 3).  These are the Full Headers.  Highlight and copy the Headers.

    Fig. 3

    Click on image to enlarge

     

    4. Open the scam email and click on Forward.

    5. Paste the Headers into the top of the scam email, above the message text.

    6. Send to scamreports@fraudaid.com

     

    _____________________________________________________

    How to view email headers in Yahoo

    1. Open the scam email in your inbox.

    2. Scroll down to the bottom of the email and look all the way to the right, just outside the text message box: you will see Save message text and next to that, Full Headers. See Fig. 1.


    Fig 1: Full Headers Link
    (Click on image to enlarge)
     
    3. Click on Full Headers and you will see the Full Headers appear at the top of the scam email. See Fig. 2


    Fig 2: Email Headers

    (Click on image to enlarge)

     

    4. Click on Forward (see Fig. 2) and send to scamreports@fraudaid.com.

     

    Fig 3: Forward

    (Click on image to enlarge)

     

    _____________________________________________________

     

    How to view email headers in Yahoo Beta

     

    In closed letter view: Right click on the closed email and choose "Full Headers" at the bottom of the drop down menu.

    In open letter view: In the top right hand corner of the text window, above the date and time, you will see "Standard Header."  Click on this for the drop down menu; choose Full Header.

    Forward the email to scamreports@fraudaid.com

     

    _____________________________________________________ 
     

    Copyright ©2006-2007 Fraud Aid, Inc. - All Rights Reserved.

    Reporting, crime-fighting, and victim resource links

    PROFESSIONAL SERVICES / Fraud Aid Advisory Council

    Copyright ©2000-2007 Fraud Aid, Inc.  -  All Rights Reserved

    Privacy Policy Disclaimer • Spam Policy

    		 SecureClean-Delete unwanted files forever WipeDrive protects you from identity theft