Recently members of one of my mailing lists received e-mail purportedly from me, and thought that I had been hacked. I am quite paranoid about computer security, so know that my systems are all secure. It takes several hours a week (at least) to do this. What I believe happened is that someone on my list has been hacked, and one of my e-mail messages to the list was intercepted, and the list was used for phishing purposes.

We all need to know how to identify perhaps innocent-looking e-mails that are maliciously directed at us. I really recommend using Google's Gmail because it is very effective at filtering out such messages. Here is an example of a phishing message from my gmail spam folder: (I have highlighted suspicious things for your edification, but the whole message reeks of unreality.)

Bank of America
115 W 42nd St, New York, NY 10036, USA
From Desktop of Mr. Jeff Anderson
Our Ref: BOF-0XX2/987/20

It is my modest obligation to write you this letter as regards the Authorization of your owed payment through our most respected financial institution (Bank of America). I am Mr. Jeff Anderson, TRANSFER INSPECTION OFFICER, foreign operations Department Bank of America, the British Government in Conjunction with us government, World Bank, united Nations Organization on foreign Payment matters has empowered my bank after much consultation and consideration to handle all foreign payments and release them to their appropriate beneficiaries with the help of a Representative from Federal Reserve Bank of New York.

As the newly Appointed/Accredited International Paying Bank, We have been instructed by the world governing body together with the committee on international debt reconciliation department to release your overdue funds with immediate effect; with this exclusive vide transaction no.: wha/eur/202,password: 339331, pin code: 78569, having received these vital payment numbers, you are instantly qualified to receive and confirm your payment with us within the next 96hrs.

Be informed that we have verified your payment file as directed to us and your name is next on the list of our outstanding fund beneficiaries to receive their payment. Be advised that because of too many funds beneficiaries, you are entitled to receive the sum of $14.5M,(Fourteen Million Five Hundred Thousand Dollars only), as to enable us pay other eligible beneficiaries.

To facilitate with the process of this transaction, please kindly re-confirm the following information below:

1) Your Full Name:
2) Your Full Address:
3) Your Contact Telephone and Fax No:
4) Your Profession, Age and Marital Status:
5) Any Valid Form of Your Identification/Driver's License:
6) Bank Name:
7) Bank Address:
8) Account Name:
9) Account Number:
10) Swift Code:
11) Routing Number:

As soon as we receive the above mentioned information, your payment will be processed and released to you without any further delay. This notification email should be your confidential property to avoid impersonators claiming your fund. You are required to provide the above information for your transfer to take place through Bank to Bank Transfer directly from Bank of America

We Look Forward To Serving You Better.

Mr. Jeff Anderson,
Bank of America

The information they request is sufficient for the sender to clean out your banking account!

Note that it is trivially easy to change the From: name of the message sender, so you can never trust this. But you can go further to see who really sent this; in Thunderbird, you can do this in the View menu and selecting headers/all. Or, you can use View/Message Source. You will then be presented with the full route that the e-mail took through the internet:

Received: by 2002:a67:dd83:0:0:0:0:0 with SMTP id i3-v6csp981460vsk;
        Sat, 1 Sep 2018 16:10:47 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdZP5hl5aj9eEycLEMUKsu50rwHbVtD3eFwrpKkxQHSyScHj/buTJ31eUH8T0iuli8JSma2P
X-Received: by 2002:a63:24c:: with SMTP id 73-v6mr20914277pgc.252.1535843447249;
        Sat, 01 Sep 2018 16:10:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535843447; cv=none;; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816;
ARC-Authentication-Results: i=1;;
       spf=pass ( domain of designates as permitted sender)
Return-Path: <>
Received: from ( [])
        by with ESMTP id 81-v6si15855928pfw.261.2018.;
        Sat, 01 Sep 2018 16:10:47 -0700 (PDT)
Received-SPF: pass ( domain of designates as permitted sender) client-ip=;
       spf=pass ( domain of designates as permitted sender)
Received: from mf-smf-unw008c1 ( [])
	by (Postfix) with ESMTP id 44E042005B0;
	Sun,  2 Sep 2018 08:10:28 +0900 (JST)
Received: from ([])
	by mf-smf-unw008c1 with ESMTP
	id wF2CfsSribXPgwF2CfG9li; Sun, 02 Sep 2018 08:10:28 +0900
Received: from User ( [])
	by (Postfix) with SMTP id 42B83C59D61;
	Sun,  2 Sep 2018 08:09:52 +0900 (JST)
Reply-To: <>
Date: Sun, 2 Sep 2018 01:10:29 +0200
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <>
To: undisclosed-recipients:;

Notice that the real sender was from Japan: This is clearly not from Bank of America in New York.

While reading a e-mail text will not infect your computer, embedded images and especially attachments can. Good e-mail clients will block images in e-mails until you approve them. Never open an attachment unless you follow the above steps to verify that the sender is legitimate.

To end this brief tutorial, here is a legitimate e-mail from me so you can see the difference in the header:

Return-Path: <>
Received: from
	by with LMTP id kEaPKwUTnVtWbwAArTHMMg
	for <>; Sat, 15 Sep 2018 08:11:17 -0600
Return-path: <>
Delivery-date: Sat, 15 Sep 2018 08:11:17 -0600
Received: from ([]:50042)
	by with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.91)
	(envelope-from <>)
	id 1g1BI5-0007Me-7w
	for; Sat, 15 Sep 2018 08:11:17 -0600
Received: from ([2607:f8b0:4864:20::b29])
	by with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
	(Exim 4.89)
	(envelope-from <>)
	id 1g1BHt-0002M6-4O
	for; Sat, 15 Sep 2018 16:11:05 +0200
Received: by with SMTP id k5-v6so5973773ybo.10
        for <>; Sat, 15 Sep 2018 07:10:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025;
X-Gm-Message-State: APzg51DRQXBu1kZmfKiLNGdb5gjnzpPyb6dlwtANv2zZsxBhEEg/xYvW
X-Google-Smtp-Source: ANB0VdZ4YojFZbWTwWzBxm9Uuw3wijVl0a965Mhid4ztbMrBLuOwNbbpJp+19XWqOJ7/EiYI4W5YBg==
X-Received: by 2002:a25:cbc8:: with SMTP id b191-v6mr7519987ybg.223.1537020651508;
        Sat, 15 Sep 2018 07:10:51 -0700 (PDT)
Received: from JARMAC.local ( [])
        by with ESMTPSA id s63-v6sm5566520ywd.63.2018.
        for <>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 15 Sep 2018 07:10:51 -0700 (PDT)
From: James Rome <>
Subject: This is a test
Message-ID: <>
Date: Sat, 15 Sep 2018 10:10:50 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0)
 Gecko/20100101 Thunderbird/60.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Received-SPF: pass ( domain of designates 2607:f8b0:4864:20::b29 as permitted sender) client-ip=2607:f8b0:4864:20::b29;;;
X-SPF-Result: domain of designates 2607:f8b0:4864:20::b29 as permitted sender
Authentication-Results:; dmarc=pass
Authentication-Results:; spf=pass; dkim=pass
X-AntiSpamCloud-Class: whitelisted
X-AntiSpamCloud-Evidence: sender
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5k4vttopaznJi+Oy9Zlg/zMoS0oCIPR/rZSAJyoppnqc4iF/GF/s/jIX
X-Spam-Status: No, score=1.5
X-Spam-Score: 15
X-Spam-Bar: +
X-Ham-Report: Spam detection software, running on the system "",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Legitimate e-mail from me. -- James A. Rome 116 Claymore Lane
    Oak Ridge, TN 37830-7674 865 482-5643 // [...] 
 Content analysis details:   (1.5 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                              for more information.
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  0.5 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
  0.1 AWL                    AWL: Adjusted score from AWL reputation of From: address
X-Spam-Flag: NO

Legitimate e-mail from me.

Notice that I have been authenticated by the sending organization, Gmail. It even has the name of my computer.

How to view headers on mobile devices

Apple Mail

  1. Open Apple Mail.
  2. Double-click to open the email message.
  3. Choose "View" at the top menu and select "Customize Toolbars."
  4. Drag the "Full Headers" or "Long Headers" icon into your toolbar and save changes. See Figure 1. Figure 1.
  5. Now, you can click on "Full Headers" or "Long Headers" to the top of the toolbar.


You cannot view headers in the Gmail app (Android or IOS). You will have to use a browser to go to Once there:

  1. From a browser, open Gmail.
  2. Open the email you want to check the headers for.
  3. Next to Reply Reply, click the Down arrow Down Arrow.
  4. Click Show original.

The headers will show in a new window, including fields like authentication results. To get the full message header, copy everything below "Download original."


Add new comment


  • No HTML tags allowed.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA

Enter the characters shown in the image.