[accesscomp] Fw: Dvorak Keyboard and How Can I Find Out Where an Email Really Came From?, Tip for August 28 2013

  • From: "Bob Acosta" <boacosta@xxxxxxxxxxx>
  • To: "tektalk discussion" <tektalkdiscussion@xxxxxxxxxxxxxxxxxxx>, "access comp" <accesscomp@xxxxxxxxxxxxx>
  • Date: Wed, 28 Aug 2013 10:39:35 -0700

        
----- Original Message ----- 
From: dan Thompson 
To: dan Thompson 
Sent: Wednesday, August 28, 2013 9:27 AM
Subject: Dvorak Keyboard and How Can I Find Out Where an Email Really Came 
From?, Tip for August 28 2013


 

 

Special note from Dan:

Yesterday I posted an article regarding fixing a conflect between JAWS and 
Windows Seven that also involved Microsoft Office.  I did mention that the 
problem could happen in MS Office 2007 through 2013.  However, the error had 
occurred on a computer using Office 2010.  But it couldhappen in Office 2007 
through 2013.

Hope that was not too confusing.

 

Now on with the show!!

Daily Tech Term:

 

Dvorak Keyboard

The Dvorak Keyboard layout was created in the 1930s by Dr. August Dvorak and 
his brother in-law Dr. William Dealey. The two created the layout in order to 
alleviate problems with the popular QWERTY keyboard configuration (the very 
configuration still in use today by hundreds of millions of typists worldwide).

The problems they identified with the QWERTY layout (and sought to fix with 
their alternate arrangement) included the fact that many English letter 
combinations required that the user jump over the home row, most letters are 
typed with the left hand, the letter distribution over the three rows of keys 
is irregular and unbalanced, and many common words are typed with a single hand 
instead of spreading the load across all the fingers.

The Dvorak layout was successful in solving these problems by carefully 
rearranging the keys to allow for more efficient typing with less strain-there 
are 1,200 words in English that require the user to jump the home row on a 
QWERTY keyboard, for example, but less than a handful on the Dvorak layout. 
Despite the ergonomics and efficiency of the Dvorak layout it was introduced 
half a century after the QWERTY layout and given the number of typists and 
typing instruction schools firmly set on existing layout, it failed to gain 
much traction outside of specialized use and dedicated fans.

 

Next is the article for today

 

How Can I Find Out Where an Email Really Came From?

Source WebPage:

http://www.howtogeek.com/169539/how-can-i-find-out-where-an-email-really-came-from/
 

 

Just because an  email  shows up in your inbox labeled Bill.Smith@xxxxxxxxxxxx, 
doesn't mean that Bill actually had  anything to do with it. Read on as we 
explore how to dig in and see where a suspicious email  actually came from.

Today's Question & Answer session comes to us courtesy of SuperUser-a 
subdivision of Stack  Exchange, a community-drive grouping of Q&A web sites.

The Question

SuperUser reader Sirwan wants to know how to figure out where emails actually 
originate from:

How can I know where an Email really came from?

Is there any way to find it out?

I have heard about  email headers , but I don't know where can I see email 
headers for example in Gmail.

Let's take a look at these email headers.

 

 

The Answers

SuperUser contributor Tomas offers a very detailed and insightful response:

See an example of scam that has been sent to me, pretending it is from my 
friend, claiming she has  been robbed and asking me for  financial aid . I have 
changed the names - suppose that I am Bill, the scammer has send an email to  
bill@xxxxxxxxxx, pretending he is alice@xxxxxxxxx. Note that Bill has forward 
to bill@xxxxxxxxx.

First, in Gmail, use show original:

Then, the full email and its headers will open:

Delivered-To: bill@xxxxxxxxx

Received: by 10.64.21.33 with SMTP id s1csp177937iee;

        Mon, 8 Jul 2013 04:11:00 -0700 (PDT)

X-Received: by 10.14.47.73 with SMTP id s49mr24756966eeb.71.1373281860071;      
   Mon, 08 Jul 2013 04:11:00 -0700 (PDT)

Return-Path: <SRS0=Znlt=QW=yahoo.com=alice@xxxxxxxxxx>

Received: from maxipes.logix.cz (maxipes.logix.cz. 
[2a01:348:0:6:5d59:50c3:0:b0b1])         by mx.google.com with ESMTPS id 
j47si6975462eeg.108.2013.07.08.04.10.59         for <bill@xxxxxxxxx>

        (version=TLSv1 cipher=RC4-SHA bits=128/128);

        Mon, 08 Jul 2013 04:11:00 -0700 (PDT)

Received-SPF: neutral (google.com: 2a01:348:0:6:5d59:50c3:0:b0b1 is neither 
permitted nor denied by  best guess record for domain of 
SRS0=Znlt=QW=yahoo.com=alice@xxxxxxxxxx) client-ip=2a01:348:0:6:5d59 
:50c3:0:b0b1; Authentication-Results: mx.google.com;

       spf=neutral (google.com: 2a01:348:0:6:5d59:50c3:0:b0b1 is neither 
permitted nor denied by  best guess record for domain of 
SRS0=Znlt=QW=yahoo.com=alice@xxxxxxxxxx) smtp.mail=SRS0=Znlt=QW=yaho 
o.com=alice@xxxxxxxxxx Received: by maxipes.logix.cz (Postfix, from userid 604)

    id C923E5D3A45; Mon,  8 Jul 2013 23:10:50 +1200 (NZST)

X-Original-To: bill@xxxxxxxxxx

X-Greylist: delayed 00:06:34 by SQLgrey-1.8.0-rc1

Received: from elasmtp-curtail.atl.sa.earthlink.net 
(elasmtp-curtail.atl.sa.earthlink.net  [209.86.89.64])     by maxipes.logix.cz 
(Postfix) with ESMTP id B43175D3A44

    for <bill@xxxxxxxxxx>; Mon,  8 Jul 2013 23:10:48 +1200 (NZST) Received: 
from [168.62.170.129] (helo=laurence39)

    by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67)     
(envelope-from <alice@xxxxxxxxx>)

    id 1Uw98w-0006KI-6y

    for bill@xxxxxxxxxx; Mon, 08 Jul 2013 06:58:06 -0400

From: "Alice" <alice@xxxxxxxxx>

Subject: Terrible Travel Issue.....Kindly reply ASAP

To: bill@xxxxxxxxxx

Content-Type: multipart/alternative; 
boundary="jtkoS2PA6LIOS7nZ3bDeIHwhuXF=_9jxn70" MIME-Version: 1.0

Reply-To: alice@xxxxxxxxx

Date: Mon, 8 Jul 2013 10:58:06 +0000

Message-ID: <E1Uw98w-0006KI-6y@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> 
X-ELNK-Trace: 
52111ec6c5e88d9189cb21dbd10cbf767e972de0d01da940e632614284761929eac30959a519613a350bad
 d9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 168.62.170.129

[... I have cut the email body ...]

The headers are to be read chronologically from bottom to top - oldest are at 
the bottom. Every new  server on the way will add its own message - starting 
with Received. For example:

Received: from maxipes.logix.cz (maxipes.logix.cz. 
[2a01:348:0:6:5d59:50c3:0:b0b1])         by mx.google.com with ESMTPS id 
j47si6975462eeg.108.2013.07.08.04.10.59         for <bill@xxxxxxxxx>

        (version=TLSv1 cipher=RC4-SHA bits=128/128);

        Mon, 08 Jul 2013 04:11:00 -0700 (PDT)

This says that mx.google.com has received the mail from maxipes.logix.cz at 
Mon, 08 Jul 2013  04:11:00 -0700 (PDT).

Now, to find the real sender of your email, your goal is to find the last 
trusted gateway - last  when reading the headers from top, i.e. first in the 
chronological order. Let's start by finding  the Bill's mail server. For this, 
you query MX record for the domain. You can use some  online tools ,  found at 
this site:

http://mxtoolbox.com/

 

or on Linux you can query it on command line (note the real domain name was 
changed to  domain.com):

~$ host -t MX domain.com

domain.com               MX      10 broucek.logix.cz

domain.com               MX      5 maxipes.logix.cz

So you see the mail server for domain.com is maxipes.logix.cz or 
broucek.logix.cz. Hence, the last  (first chronologically) trusted "hop" - or 
last trusted "Received record" or whatever you call it -  is this one:

Received: from elasmtp-curtail.atl.sa.earthlink.net 
(elasmtp-curtail.atl.sa.earthlink.net  [209.86.89.64])     by maxipes.logix.cz 
(Postfix) with ESMTP id B43175D3A44

    for <bill@xxxxxxxxxx>; Mon,  8 Jul 2013 23:10:48 +1200 (NZST)

You can trust this because this was recorded by Bill's mail server for 
domain.com. This server got  it from 209.86.89.64. This could be, and very 
often is, the real sender of the email - in this case  the scammer! You can  
check this IP on a blacklist . Some  are found here:

http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a209.86.89.64&run=toolpage


See, he is listed in 3 blacklists! There is yet another record below it:

Received: from [168.62.170.129] (helo=laurence39)

    by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67)     
(envelope-from <alice@xxxxxxxxx>)

    id 1Uw98w-0006KI-6y

    for bill@xxxxxxxxxx; Mon, 08 Jul 2013 06:58:06 -0400

but you cannot actually trust this, because that could just be added by the 
scammer to wipe out his  traces and/or lay a false trail. Of course there is 
still the possibility that the server  209.86.89.64 is innocent and only acted 
as a relay for the real attacker at 168.62.170.129, but  then the relay is 
often considered to be guilty and is very often blacklisted. In this case,  
168.62.170.129  is clean  so we can be almost sure the attack was done from 
209.86.89.64.

And of course, as we know that Alice uses Yahoo! and 
elasmtp-curtail.atl.sa.earthlink.netisn't on  the Yahoo! network (you may want 
to  re-check its IP Whois information ), we may safely conclude that this email 
was not from Alice, and that we should not send her any  money to her claimed 
vacation in the Philippines.

Two other contributors, Ex Umbris and Vijay, recommended, respectively, the 
following services for  assisting in decoding of email headers:  SpamCop  

Found here:

http://www.spamcop.net/

From the site:  "

      SpamCop is the premier service for reporting spam. SpamCop determines the 
origin of unwanted email and reports it to the relevant Internet service 
providers. By reporting spam, you have a positive impact on the problem. 
Reporting unsolicited email also helps feed spam filtering systems, including, 
but not limited to, SpamCop's own service."

       
      
     

      

and  Google's Header Analysis tool.

Found at this link:

https://toolbox.googleapps.com/apps/messageheader/

From the site:  "What can this tool tell from email headers ? 

  a.. Idenfities delivery delays. 
  b.. Identify approximate source of delay.
  c.. Identify who may be responsible."
 

Have something to add to the explanation? Sound off in the the comments. Want 
to read more answers  from other tech-savvy Stack Exchange users?  Check out 
the full discussion thread here.

http://superuser.com/questions/624509/how-can-i-find-out-where-an-email-really-came-from

 

 

Verse and inspirational thought for the week

Perfect Peace of Mind

Isaiah 26:3-4
You keep him in perfect peace whose mind is stayed on you, because he trusts in 
you. Trust in the LORD forever, for the LORD GOD is an everlasting rock. (ESV) 

This week's Inspiring Thought: Perfect Peace of Mind

Let's pick this verse apart and see what we find. The Lord God keeps (guards 
like a strong garrison) in perfect (complete, genuine) peace (inner 
tranquility) those who maintain their minds stayed (steadfastly steadied) on 
him. 

No matter what we encounter from the outside, if we trust in the Lord, he will 
keep our inner being wrapped in complete peace. Trusting in the Lord is a 
forever, lifelong, yet moment-to-moment state of mind that brings a sense of 
security, stability, wholeness, well-being, and a rock-like faith in God's 
faithfulness. 

 

 

To receive emails regarding Dan's daily Tips or the Daily HotSpot Devotional, 
send an email to dthompson5@xxxxxxxxx with "subscribe Dan's Tips" or "subscribe 
Hotspot Devotional" in the subjectline.   

This email has been scanned by MSA

 

Other related posts:

  • » [accesscomp] Fw: Dvorak Keyboard and How Can I Find Out Where an Email Really Came From?, Tip for August 28 2013 - Bob Acosta