r mouse cursor above it for a second or two.Compuserve automatically displays the full header.On Outlook, right click the message on your inbox, choose properties and choose details.On pine, you should have an option somewhere in the configuration screens that let's you choose what kind of header you want to view (full or briefed).Now let's take a look at the full header, shall we?Received: from alpha.netvision.net.il (alpha.netvision.net.il [194.90.1.13]) by cmx.netvision.net.il (8.9.3/8.9.3) with ESMTP id CAA15313 for victim@victim.com*; Sat, 10 Jul 1999 02:49:59 +0300 (IDT)From: bgates@microsoft.comReceived: from some.hostname.crap.com (some.hostname.crap.com [62.0.146.225]) by alpha.someone.com (8.9.3/8.8.6) with SMTP id CAA15313 for victim@victim.com; Sat, 10 Jul 1999 02:55:46 +0300 (IDT)Date: Sat, 10 Jul 1999 02:55:46 +0300 (IDT)Message-ID: *199907092355. CAA15313@alpha.someone.com*X-Authentication-Warning: alpha.someone.com: some.hostname.crap.com [62.0.146.225] didn't use HELO protocolSubject: Fake mailStatus:X-Mozilla-Status: 8001X-Mozilla-Status2: 00000000X-UIDL: 3752da3b000002ffYeehaw! Look at all those numbers and letters and shiny things!Let's start from the top, shall we?Received: from alpha.someone.com (alpha.someone.com [194.90.1.13]) by cmx.someone.com (8.9.3/8.9.3) with ESMTP id CAA16970 for *; Sat, 10 Jul 1999 02:49:59 +0000 (GMT)Okay, so the mail was received from alpha.someone.com (alpha.someone.com [194.90.1.13]). What does that mean?A quick checkup on InterNIC(25)'s databases (type 'whois alpha.someone.com' without the quotes on a Unix system or download SamSpade for Windows at www.samspade.org) reveals that it is owned by someone.com. This is probably some kind of a sub-server they use to send mail. Let's leave it alone, it's not important to us right now. The (alpha.someone.com [194.90.1.13]) part shows you the hostname(10) and the IP address (9) of the server the Email was sent from.Ooh, ooh, wait! Wasn't the ...
