Throughout the year, and typically always around holiday seasons, your inbox (like ours) fills up with true and utter junk. However, recently I had a conversation with a client who did not know it was possible to check the origins of any given email before opening it up.

So this post is intended to help anyone unfamiliar with safeguarding their privacy and their computer. I want to be sure that anyone receiving any email from any source (whether you think you know them or not) knows how to check that email before opening it.

We have a current situation that makes this post even more important… a few of our own emails from several of our own domains are currently circulating the net AS IF we were emailing people. We’re not of course. The only time you’d hear from us would be via either Getresponse or Aweber – both double opt in email programs.

However, of late, we’re getting the following notorious-type emails – each appearing as if we are stupid enough to mail something from us to ourselves. We then thought a, “Let’s cover some basics” post was in order.

Many times we get suspicious looking emails. If you’re running a great anti-virus detection program (our preference is Kaspersky), it catches a lot of spam and suspicious emails.

But what about those emails that don’t trigger alerts, the ones that look like they are coming from someone you know. Only when you open it up do you get a clue that hey this might not be from who you thought it was. It’s either crass material, a link to a questionable website, or is filled with gibberish.

Has your friend or business associate suddenly gone mad?

The answer most likely is no. And there is a way to tell:

1. First, highlight (one click) but do NOT open the email

2. If you are using Outlook Express choose Properties, then Details and look in the box labeled Internet headers for the underlying code of the message that isp servers read.

a. The ReturnPath may give you a clue as to who really sent this

b. If X-Original-To and Delivered-To are the same, the chances are very good that this is not from the person you thought was emailing you. The odds of it being legitimate would be minuscule.

3. If you use Outlook, choose Options – look in the box labeled Internet Headers

a. Deeper into the code, [SPF failed… is a sure sign someone has hijacked the email address and is using it without permission and/or the owner’s knowledge.

b. Here’s a little something I found upon close investigation down near the bottom of this Internet Header: “Delivered to trusted network by a host with no rDNS” – another tip off. The domain (in this case one of ours) is legitimate, but the mailing itself originated from a “no rDNS.” A sure indication it’s not from who you think it’s from…

Both #2 and #3 will show you much more information, much of it meaningless to the average internet user, but close observation should be enough to decide whether #6 (below) is in order without opening and reading it.

4. Any email you receive that is using YOUR own domain name, where the From and To are the same address, means that your email account has been hijacked by some idiot. They collect these email addresses from forms on your site or exposed email addresses you kindly provide as clickable links to your visitors. (We get some really weird ones… Sigh).

Chances are you’ll never be able to trace them, but you should report these to your domain hosting support team since they involve your own website domain. Let them know someone is using your email address for spam purposes. Better safe than sorry. When you report it, make it clear this is not you doing it but someone else using your domain. Don’t overlook this step, it could mean the difference between them allowing you to continue hosting or them closing your access (sometimes without notice).

5. Along with a bit of private eye work of your own, we also feel the need to state the obvious; never click on a link in a suspect email. We even go so far as to highly advocate that if you really want to know what the url is (if you’ve chosen to open the email), then copy and paste said url into our browser versus clicking out from the email itself.

6. When in doubt, it’s just better and safer to delete the suspect email regardless.

If you’re thinking of protecting your website’s precious email information, numerous scripts have been invented to try to thwart these criminals, however, very little time passes before these same criminals find a way around them. A good suggestion would be to eliminate the email altogether. Create an image with your email address embedded as a picture and do not make it click-able.

For those using forms, etc., unfortunately you might have to just bite the bullet and keep a close eye on your accounts. The only way to know is when you receive one of this infamous emails from yourself to yourself.

For those just receiving email, do use the steps above if anything looks suspect.

For those with the same troubles above AND you are the domain owner being abused, be sure to follow all the steps, too, and report the issue immediately.

We cannot stress the importance of not believing or opening every piece of mail that comes your way. This past year alone, we know of at least four individuals whose identity was stolen because they really believed the email they received was legitimate.

Here’s to a safe and Happy Holiday season, and awareness as we start a brand New Year.

* * * * * * * * * * *

Comments, Questions, Feedback? We love comments!

This morning, catching up (I write that phrase a lot!), a new friend of ours over at blogcatalog has a post that caught my attention.

If you’re like us, getting good software is always a treat. However, more often than not, we are guilty of not reading the fine print as the thing is installing. I guess we just hope for the best, keep our fingers crossed, and go for it – especially if we really, really want to test it out.

But, there is that “agreement” you make as you (more…)