n IP address. You can find the IP's hostname (most IP addresses do have a hostname) by doing 'nslookup ip-address' without the quotes on a Unix system or going to http://www.samspade.org and using their DNS(17) Lookup Tool. If you still can't get it, try doing a whois.To overcome this problem, you need to do two things:1) Send this mail from Microsoft's Sendmail server.2) Send this mail from an account that is connected to the web through Microsoft. If you can't get one, it will clearly show in the headers that the mail wasn't sent from Microsoft.Note: nice trick to pull on someone: if your ISP is blah.com, you can send your friends an Email from admin@blah.com which will look 100% authentic!Anyway, the next few characters give us the MID (Message ID), as well as other pieces of info. I promised we'll get to the MID, didn't I?If you think someone is trying to trick you into thinking he's somebody else, send an Email to abuse@your.ISP.com or abuse@the.ISP.where.the.message.came.from.com (in this case Microsoft.com) or abuse@the.server.who.stores.the.MID.com.To know which server stores the MID, we'll need to skip a few lines (two lines actually - time and date) and get straight to this:Message-ID: *199907092355. CAA15313@alpha.someone.com*Aha! Look at these interesting numbers! And check this out: CAA15313@alpha.someone.com! This means all the info regarding the MID is stored at alpha.someone.com! Let's send an Email to abuse@alpha.someone.com and tell them that we think we received a fake mail, and include the entire header. Next thing we'll do the same with the ISP of the sender (in our case, the sender is some.hostname.crap.com [62.0.146.225], meaning his ISP is probably crap.com).Now, on to the next line:X-Authentication-Warning: alpha.someone.com: some.hostname.crap.com [62.0.146.225] didn't use HELO protocolDamn! I knew we forgot something! Now let's do it all over again, but this time we'll type HELO microsoft.com at the beginning....
