Monday, April 11, 2011

How to identify fake mails - what they don't teach in manuals

Every "wana be hacker" uses this trick to fool their friends(or enimies) by sending fake mails to them and fooling them . The mail engines are still not as good enough to identify the fake mails . Although they do detect fake mails to some extent but every now and then new methods are discovered to fool the email service providers so that the fake mail is not detected by their automated engine and the mail goes straight in your mailbox rather than in your spambox .


Spammers or attackers simply send a fake mail using hundreds of fake mail services that are available on the internet . Just google them out and you can find plenty .
However you yourself can determine weather a mail is fake or not . A careful examination of the email header can help you distinguish weather the email is fake or real . Its a simple process and it doesnt require much technical knowledge. All it needs is attention . Here I will demonstrate how we can examine a mail in one of the popular email service providers - Gmail . The same process applies to other providers too . 

Begin the trace

Lets start with the mail you want to verify for its originality .
Suppose I get a mail from Barak Obama stating that I have been appointd as the next president of United States . 
Here is the screenshot of my inbox .

Instead of getting excited i go on to find out weather its a fake or real mail(although its easy to guess :-) )
At the top right corner of the mail there is a small option of  "Rply" and a drop down menu alongside . 
Click on the dropdown menu and go to "show original" .

Then a new tab opens which contains the original content of the email sent to you . We call it as the "email header" . This is the part that contains all the information from IP address to the SMTP services of the sender . This can help you identify the location from where the mail actually generated . 
The screen looks somthing like this :

Most of the part may appear Greek to a newbie but it reveals the originality of the mail . 
See the highlighted part of this header  , This is tha part which contains the information of the sender of the mail.
There are two things that should be carefully looked out in an email header- one is Recieved - SPF and other is Authentication - Results . 
The recieved SPF tells us the origin of the mail . In this case it is sendfail which has got nothing to do with Barak obama or white house . 
The Authentication Results shows weather the mail adress matches with any available SMTP server and does it corrospond with the SMTP server of the origin mail . 
In this case gmail has reported that - domain of transitioning does not designate as permitted sender .

This again gives us a clear idead that the mail is a fake mail as the IP address of the mail dont corrospond with
either the origin IP address of the origin SMTP server.
This small trck can very well help you protect yourself from fraud and spams .
Do comment if you liked it ,



  1. Yeah really good articles...I like it!

  2. nice more so bcoz i could grasp

  3. bro....i tried in many sites to send fake mails but all of them are caught by gmail....were did you find this i mean sending fake mail without being caught

  4. @sai charan : Its a four month old post .. I forgot which email client I used.. Really sorry bro.. Will let you know if it comes to my mind..

  5. ok bro....i just started to read all your articles from the starting of your blog....dats y i commented now....anyway thnkz.......