Farsi

Silence is fraud's best friend.  Word of mouth is fraud's worst enemy.  Pass the word!TM

Home

About Us

FAQs

Products

Articles

Contact Us

Search

Site Map

Report Email Fraud Volunteers

You are here > Home > How to File a Scam Email Report

 

Work-at-home money, package, and check forwarding jobs: what is happening to you

 

How to really verify a check

Your ID Theft Prevention To-Do List

What to do about threats from scammers

ARRESTS:

If you have

  • been arrested,

  • know you are facing arrest,

  • or are under formal investigation for this or any other scam:

Go here

Arrested Fraud Victim

Fraud Victim at Risk of Arrest

 

Repayment

If you owe a bank, credit union, or store for money that was sent to you by scammers go here:

 Fraud Victim Debtor

 

top

How to find the Full Headers in your Email service

Brought to you by Visualware and Fraud Aid, Inc.

 

We cannot accept scam email reports without the full headers

WE CANNOT ACCEPT SCAM EMAIL REPORTS SENT AS AN ATTACHMENT

 

Explanation   •   Brief Headers   •   What Full Headers look like

Filing Scam Email Reports with Fraud Aid

Finding the Full Headers in your email service

Explanation:

Full Headers (aka Message Source, Details, Internet Path, Origin, Original Message, Properties, Options, Email Message Source) show the entire path an email traveled from the author's computer to yours.  It is at least 2" to 3" long.  When we track an email, we work back down the path to the author's computer. 

Without the Full Headers, it's impossible to report Spam or scam email to anyone since the Brief Headers (just the From, To, Date, and Subject lines) don't provide any information that can be used to find out where the malicious email came from.

This is a sample of a Brief Header.  A Brief Header does not give us any useful information:

When reporting Spam or scam email, the Full Headers should be placed above the email text.

We cannot accept scam email reports without the full headers above the text message

This is what tracking information looks like: This is a sample of a Full Header.  This provides lots of useful information but not by itself.  The email message must be included beneath it.

Received-SPF: pass (mx03.csee.siteprotect.com: domain of myway.com designates 207.159.120.60 as permitted sender) client-ip=207.159.120.60; envelope-from=kobik@myway.com; helo=myway.com;
Received: from myway.com (nn6.excitenetwork.com [207.159.120.60])
by mx03.csee.siteprotect.com (Postfix) with ESMTP id 70DA0D80BE
for < scamreports@fraudaid.com>; Mon, 1 Jan 2007 22:14:11 -0600 (CST)
Received: by mprdmxin.myway.com (Postfix, from userid 110)
id 5276D233CF; Mon, 1 Jan 2007 23:14:22 -0500 (EST)
To:
Subject: ***SPAM***FAMILY BESINESS INVESTMENT (COMPLIMENT OF THE SEASON)
Received: from [196.1.186.22] by mprdmailfe9.nwk.myway.com via HTTP; Mon, 01 Jan 2007 23:14:22 EST
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: ID = b0d4916511ebd978decbebf5f7fa0f17
Reply-To: k0000mathias@yahoo.co.in
From: "Mathias Kobi Kabila" <kobik@myway.com>
MIME-Version: 1.0
X-Sender: kobik@myway.com
X-Mailer: PHP
Content-Type: multipart/alternative; boundary="MYWAYBOUNDARY_000__afaaf06d5e0a5d93a49f28ede842b7bd";
Content-Transfer-Encoding: 7bit
Message-Id: <20070102041422.5276D233CF@mprdmxin.myway.com>
Date: Mon, 1 Jan 2007 23:14:22 -0500 (EST)
X-Virus-Scanned: CleanMail 2.5 at mf10
X-Spam-Status: Yes, hits=10.508 required=6 tests=[FORGED_RCVD_HELO=0.05,
HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.233, MILLION_USD=1.29,
NIGERIAN_BODY1=2.914, NIGERIAN_BODY2=0.489, RCVD_IN_BL_SPAMCOP_NET=1.832,
SARE_FRAUD_X3=1.667, SARE_FRAUD_X4=1.667, SUBJ_ALL_CAPS=0.365]
X-Spam-Level: 8/5
X-Spam-Flag: Yes
X-Spam-Report: CleanMail Spam detection software has identified this
incoming email as possible spam. Content analysis details: (10.5 points)
pts rule name description
---- ---------------------- ------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.4 SUBJ_ALL_CAPS Subject is all capitals
1.3 MILLION_USD BODY: Talks about millions of dollars
0.2 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
0.0 HTML_MESSAGE BODY: HTML included in message
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?196.1.186.22>]
2.9 NIGERIAN_BODY1 Message body looks like a Nigerian spam message 1+
0.5 NIGERIAN_BODY2 Message body looks like a Nigerian spam message 2+
1.7 SARE_FRAUD_X3 Matches 3+ phrases commonly used in fraud spam
1.7 SARE_FRAUD_X4 Matches 4+ phrases commonly used in fraud spam

NOTE: Please do not forward the scam email as an attachment.  You may have emails set for "Forward as an attachment." 

If this is the case, please change the setting to "Forward as inline text" when filing malicious email reports to Fraud Aid or other reporting agencies.

PLEASE DO NOT FORWARD SCAM EMAIL REPORTS AS AN ATTACHMENT.

We cannot accept scam email reports without the full headers above the text message

Filing Scam Email Reports with Fraud Aid: Once you have learned about finding the Full Headers in your email service, you can forward your emails to our research database where the gathered information is sent to and used by law enforcement in the US and abroad.  Please forward scam emails to scamreports@fraudaid.com.  Thank you for your crime-fighting efforts.

Click on the email service you are using (below) and you will be taken to step-by-step instructions with graphics for finding the Full Headers:

  • Click HERE to see what the tracking information looks like

  • AOL

  • Cox.net - see Outlook, Eudora, or one of the other email services on this list.

  • Eudora

  • Gmail - old and new

  • Hotmail & MSN/Windows Live

  • NOTE TO HOTMAIL USERS: Email Headers are only accessible in the full version

  • Lotus Notes

  • Lycos

  • Mail.com

  • Mozilla Thunderbird

  • Netscape

  • Outlook

  • Outlook Express

  • Rediffmail

  • Thunderbird (Mozilla)

  • Yahoo Classic

  • Yahoo NEW (Yahoo 7.0, aka Yahoo Beta)

  • Other: Look through the above samples since they pretty much cover the gamut of Full Headers access or click on the Help or Options for your email service.  If you still cannot find what you are looking for, contact your email service's Support.

  • NOTE: In some email services, including web-based email services such as SiteMail, the Full Header option is located in plain view once the email is opened.  Be sure to look around for any of these or similar terms: Full Headers, Details, Properties, Message Source, Origin, Original Email, Options, Original Message, Email Message Source, Internet Path.

  • ____________________________________________________ 
    Home < How to File a Scam Email Report

    Copyright ©2006-2007 Fraud Aid, Inc. - All Rights Reserved.

     

     
    Western Union and MoneyGram were designed to send money to friends and family, not to send money to strangers.

    NEVER WIRE MONEY TO A STRANGER!

    Reporting, crime-fighting, and victim resource links

    PROFESSIONAL SERVICES / Fraud Aid Advisory Council

    Copyright ©2000-2008 Fraud Aid, Inc.  -  All Rights Reserved

    Privacy Policy Disclaimer • Spam Policy