Spammers or attackers simply send a fake mail using hundreds of fake mail services that are available on the internet . Just google them out and you can find plenty .
However you yourself can determine weather a mail is fake or not . A careful examination of the email header can help you distinguish weather the email is fake or real . Its a simple process and it doesnt require much technical knowledge. All it needs is attention . Here I will demonstrate how we can examine a mail in one of the popular email service providers - Gmail . The same process applies to other providers too .
Begin the trace
Lets start with the mail you want to verify for its originality .
Suppose I get a mail from Barak Obama stating that I have been appointd as the next president of United States .
Here is the screenshot of my inbox .
Instead of getting excited i go on to find out weather its a fake or real mail(although its easy to guess :-) )
At the top right corner of the mail there is a small option of "Rply" and a drop down menu alongside .
Click on the dropdown menu and go to "show original" .
Then a new tab opens which contains the original content of the email sent to you . We call it as the "email header" . This is the part that contains all the information from IP address to the SMTP services of the sender . This can help you identify the location from where the mail actually generated .
The screen looks somthing like this :
Most of the part may appear Greek to a newbie but it reveals the originality of the mail .
See the highlighted part of this header , This is tha part which contains the information of the sender of the mail.
There are two things that should be carefully looked out in an email header- one is Recieved - SPF and other is Authentication - Results .
The recieved SPF tells us the origin of the mail . In this case it is sendfail which has got nothing to do with Barak obama or white house .
The Authentication Results shows weather the mail adress matches with any available SMTP server and does it corrospond with the SMTP server of the origin mail .
In this case gmail has reported that - domain of transitioning firstname.lastname@example.org does not designate 188.8.131.52 as permitted sender .
This again gives us a clear idead that the mail is a fake mail as the IP address of the mail dont corrospond with
either the origin IP address of the origin SMTP server.
This small trck can very well help you protect yourself from fraud and spams .
Do comment if you liked it ,