Reporting an Email Incident
After you compose a message and send it, the message is processed by the e-mail server. If the message is for someone who does not have a mailbox on your e-mail server, the server forwards the message to another e-mail server. The message is forwarded from server to server. It may go through several e-mail servers until it reaches the e-mail server on which the recipient of the message has a mailbox.
From the time when the message is first created, information about it is added to a hidden section of the message known as the Internet header. The information includes technical details, such as who created the message, the software used to compose it, and the e-mail servers it passed through on its way to the recipient. You can use these details to identify problems with the e-mail message or help discover the sources of unsolicited commercial e-mail messages.
The practice of providing false information in message headers is a growing problem. This is also known as spoofing. For example, a message might indicate that it is from Eric Smith at Alpine Ski House (email@example.com) when it is actually from a bulk e-mail service that promotes schemes to get rich quickly. This will sometimes result in you receiving a spam email that appears to have been sent from your own account. Other times, spammers will spoof email messages from your address and the replies to (or complaints about) those emails may be sent to you (this is called Joe jobbing).
To investigate your complaint, the Incident Response team needs to see the full headers of the email you are reporting. The full email headers reveal the true source of the email message.
If you are using Outlook 2007:
- Open a message.
- On the Message tab, in the Options group, click the Dialog Box Laucher.
- In the Message Options dialog box, the headers appear in the Internet headers box.
- Copy the message header into a word document.
- Forward the email and the header information to the IT incident response team member.