DirectNET

Data Center Management Solutions including UPS Systems, Data Center Cooling, KVM over IP & IP Power Strips, Server Racks and Server Rack accessories; KVM Switches and KVM Extenders; Rackmount Monitors and Rackmount Keyboards.

NAVIGATION
	Home
	Store

INSIDE MAC
	Television Shows
	Broadcast Shows
	Daily News Shows
	Special Shows

EVENTS




DAILY TIPS
	Design
	Mac OS X
	Mac OS X UNIX

COMMUNITY
	Surveys

NEWS
	Current
	Press
	Archive

FEATURES
	Editorial
	Dr. Mac
	Reviews
	Reader Reports

RESOURCES
	FAQ
	Documentation
	Learning Center
	MAN pages
	Glossary
	Tutorials
	Tips
	Links

OUR PARTNERS

OSXFAQ Mac OS X Tip-of-the-Day

Mail.app - See the Hidden Details

By Adrian Mayo - Editor - OSXFAQ

When you view an email, Mail.app presents you with a pretty header showing a shortened where's and who's. This email came from PayPal...

... or did it.

To view the full header details, select menu item "View: Message: Long Headers". You'll see more detail, including the revealing envelope information 'Recevied: '. The rest can be easily faked.

The example above shows no proper hostnames in the 'Received:' lines. A genuine email from PayPal would have a 'Received:' line like this:

Received: from smtp-outbound.nix.paypal.com (smtp-outbound.nix.paypal.com [64.4.240.67])

The part in parenthesis shows the [IP address] from which the email originated, and the hostname associated with that IP address.

This should correspond to what you see with a DNS lookup:

$ host smtp-outbound.nix.paypal.com
smtp-outbound.nix.paypal.com has address 64.4.240.67
$
$ host 64.4.240.67
67.240.4.64.in-addr.arpa domain name pointer smtp-outbound.nix.paypal.com.
$

Selecting menu item 'View : Message: Raw Source' also reveals the raw message text, which is useful to check links. For example, an email may display like:

"In order to secure your account we may require some specific information from you.
We encourage you to log in by clicking on the link below and complete the requested
form as soon as possible. 

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run"

But the raw source reveals that the link points elsewhere"

"In order to secure your account we may require some specific information f=
rom you.
We encourage you to log in by clicking on the link below and complete the =
requested form as soon as possible.
<br><br><br><a href=3D"http://ns11.hiwit.net/~richard/"
  ...

The spam came from (a) Dick.

Note that where PayPal is concerned, one would never click a link anywhere, but type the PayPal URL into Safari or use a manually created bookmark.

Enjoy! :- )

Tiger 10.4.3

Discuss this tip in the OSXFAQ Mac OS X Tip-of-the-Day Forum

E-mail your comments or suggestions to webmaster@osxfaq.com

Copyright © 2000-2010 Inside Mac Media, Inc. All rights reserved.
Apple assumes no responsibility with regard to the selection, performance, or use of the products or services. All understandings, agreements, or warranties, if any, take place directly between the vendors and prospective users.
Apple, the Apple logo, Mac, PowerMac G4, PowerMac G5, Xserve, Xserve RAID, PowerBook, iBook, Airport, AirPort Extreme, iMac, eMac, iLife, iMovie, iCal, iPhoto, iTunes, QuickTime, FireWire, iPod, iSight, AppleWorks, Macintosh, Jaguar, Panther, Mac OS, Mac OS X and Mac OS X Server are trademarks of Apple Computer, Inc.