Check and see if your mail program will let you see the full headers. Then check the Received lines.
That should enable tracing the source. If he is innocent, he'll be happy to have been informed that he's infected (or he'll be an asshole who won't believe it).
And if the guy (or gal) is an asshole about it (either because it's deliberate or because they're an asshole) you can report them to their ISP.
You need to be careful, though. I've received emails that claim to have come from people who couldn't possibly have sent them - but their addresses just happened to have been in someone else's address book. And that someone else is more likely (due to the very size of the address book) to be a spammer than a mutual acquaintance.
But to be honest, even now the flood has settled down to a mere 5.5Mb/hour, life's too short to do anything other than try and filter the stuff before it hits my inbox.
That's why I mentioned using the mailer's (often hidden) ability to view *all* the headers.
With virii and spam that have forged From lines, the Received headers will tell the real story.
The virii never forge those. And even wwith the spammers that do forge them, it's possible to spot where the forged lines start with a bit of work.
Here's tyhe *complete* headers (and start of the message) from the viruses attempt I got the other day:
Return-Path: <rwagner49@comcast.net> Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by draq.pmaco.net (8.10.2/8.10.2) with ESMTP id h8J0otI26545 for <brooke@shadowgard.com>; Thu, 18 Sep 2003 17:50:55 -0700 Message-Id: <200309190050.h8J0otI26545@draq.pmaco.net> Received: from sccrmhc12.comcast.net (localhost[127.0.0.1]) by comcast.net (sccrmhc12) with ESMTP id <200309190050460120032vl9e>; Fri, 19 Sep 2003 00:50:46 +0000 X-Comment: AT&T Maillennium special handling codes - xc Date: Fri, 19 Sep 2003 00:42:24 +0000 (GMT) X-Comment: Sending client does not conform to RFC822 minimum requirements X-Comment: Date has been added by Maillennium. Received: from rnaa (pcp04369429pcs.nrockv01.md.comcast.net[69.140.213.219]) by comcast.net (sccrmhc12) with SMTP id <2003091900421901200hfuo6e>; Fri, 19 Sep 2003 00:42:22 +0000 X-Comment: AT&T Maillennium special handling code - c FROM: "Network Security Center" TO: "Client" <client@pzvufi.net> SUBJECT: Newest Network Update Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="yeaipsvlsglw" X-PMFLAGS: 570949760 0 1 P256D0.CNM
this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to continue keeping your computer secure from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your system. This update includes the functionality = of all previously released patches.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
momijizukamori and
no subject
Date: 18 Sep 2003 19:58 (UTC)Hmmm...with my main email address, I have yet to get a single virus. Odd.
no subject
Date: 18 Sep 2003 22:57 (UTC)That should enable tracing the source. If he is innocent, he'll be happy to have been informed that he's infected (or he'll be an asshole who won't believe it).
And if the guy (or gal) is an asshole about it (either because it's deliberate or because they're an asshole) you can report them to their ISP.
no subject
Date: 19 Sep 2003 17:07 (UTC)But to be honest, even now the flood has settled down to a mere 5.5Mb/hour, life's too short to do anything other than try and filter the stuff before it hits my inbox.
no subject
Date: 19 Sep 2003 18:59 (UTC)With virii and spam that have forged From lines, the Received headers will tell the real story.
The virii never forge those. And even wwith the spammers that do forge them, it's possible to spot where the forged lines start with a bit of work.
Here's tyhe *complete* headers (and start of the message) from the viruses attempt I got the other day:
Return-Path: <rwagner49@comcast.net>
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
by draq.pmaco.net (8.10.2/8.10.2) with ESMTP id h8J0otI26545
for <brooke@shadowgard.com>; Thu, 18 Sep 2003 17:50:55 -0700
Message-Id: <200309190050.h8J0otI26545@draq.pmaco.net>
Received: from sccrmhc12.comcast.net (localhost[127.0.0.1])
by comcast.net (sccrmhc12) with ESMTP
id <200309190050460120032vl9e>; Fri, 19 Sep 2003 00:50:46 +0000
X-Comment: AT&T Maillennium special handling codes - xc
Date: Fri, 19 Sep 2003 00:42:24 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from rnaa (pcp04369429pcs.nrockv01.md.comcast.net[69.140.213.219])
by comcast.net (sccrmhc12) with SMTP
id <2003091900421901200hfuo6e>; Fri, 19 Sep 2003 00:42:22 +0000
X-Comment: AT&T Maillennium special handling code - c
FROM: "Network Security Center"
TO: "Client" <client@pzvufi.net>
SUBJECT: Newest Network Update
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="yeaipsvlsglw"
X-PMFLAGS: 570949760 0 1 P256D0.CNM
--yeaipsvlsglw
Content-Type: multipart/related; boundary="sthjkfjznh";
type="multipart/alternative"
--sthjkfjznh
Content-Type: multipart/alternative; boundary="apfmqvszufedmgc"
--apfmqvszufedmgc
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
MS Client
this is the latest version of security update, the
"September 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to continue keeping your computer secure
from these vulnerabilities, the most serious of which could
allow an malicious user to run executable on your system.
This update includes the functionality =
of all previously released patches.