Risk management: Email

From ProZ.com Wiki

(Difference between revisions)
Jump to: navigation, search
(On IP addresses)
(Getting the source IP address of an incoming email)
 
(17 intermediate revisions not shown)
Line 1: Line 1:
[[Category: Risk management]]
[[Category: Risk management]]
-
<font color="purple"><b>Note: This article is a joint project of ProZ.com members and guests. All translators are invited
+
{| style="clear:both; background:none; color:black;"
-
to contribute freely. (Click "Edit" above; you must be logged in.)<br>
+
|-
-
If you don't know how wiki formatting works, see: http://en.wikipedia.org/wiki/Wikipedia:Cheatsheet</b></font>
+
| width="13%" style="padding:1em 1em 1em 1em; border:1px solid #A3B1BF; background-color:#ffffcc" valign="top" |
 +
<font color="#000000">'''Note:''' This article is a joint project of ProZ.com members and guests. '''All translators are invited to contribute freely.'''
 +
(Click "Edit" above; you must be logged in.)<br>  
 +
If you don't know how wiki formatting works, see: http://en.wikipedia.org/wiki/Wikipedia:Cheatsheet</font>
 +
|}
 +
 
= Overview =
= Overview =
Line 9: Line 14:
= Attached files =
= Attached files =
 +
* Files attached to emails may contain viruses, Trojans and other sources of risk.
 +
 +
* Use your antivirus program to check all incoming emails, and in particular check all attached files before double-clicking on them. Double clicking will run the program associated with the correspoding file type.
 +
 +
* You should not open executable files unless they are sent by a trusted sender and you expect an executable file to arrive. Remember that sending addresses can be simulated to make you believe the email comes from somebody you know.
 +
 +
* Word files (extension .doc) may contain macro viruses, so it is good practice to request files to be sent in Rich Text Format (extension .rtf), as RTF is a pure text format that does not hold executable code (and therefore no viruses).
 +
 +
* You can use WordPad to open an attached file safely. Distrust any garbled text you find in a document that should contain text.
 +
 +
* Further reading:
 +
** [http://hubpages.com/hub/Basic-Steps-To-Keep-You-Safe-From-Email-Viruses  Basic Steps To Keep You Safe From Email Viruses]
 +
** [http://css.psu.edu/news/nlfa98/macrovirus.html Beware the Macro Virus]
 +
** [http://www.novatone.net/mag/mailsec.htm E-Mail Attachment Safety - How to avoid getting infected by E-Mail Worms, Viruses and Trojans]
 +
** [http://www.webbworks.com/emailvir.html Webbworks, Inc]
= The use of free email services =
= The use of free email services =
Line 29: Line 49:
== On IP addresses ==
== On IP addresses ==
-
According to [http://en.wikipedia.org/wiki/Ip_address Wikipedia], an Internet Protocol (IP) address is a numerical label that is assigned to devices participating in a computer network, that uses the Internet Protocol for communication between its nodes. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name  indicates what we seek. An address indicates where it is. A route indicates how to get there."
+
* According to [http://en.wikipedia.org/wiki/Ip_address Wikipedia], an Internet Protocol (IP) address is a numerical label that is assigned to devices participating in a computer network, that uses the Internet Protocol for communication between its nodes. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name  indicates what we seek. An address indicates where it is. A route indicates how to get there."
-
The designers of TCP/IP defined an IP address as a 32-bit number[1] and this system, known as Internet Protocol Version 4 or IPv4, is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new addressing system (IPv6), using 128 bits for the address, was developed in 1995[3] and standardized by RFC 2460 in 1998.[4] Although IP addresses are stored as binary numbers, they are usually displayed in human-readable notations, such as 208.77.188.166 (for IPv4), and 2001:db8:0:1234:0:567:1:1 (for IPv6).
+
* In other words, the IP address of an incoming email will give you valuable information about the physical location of the sender. Some users have dedicated IP addresses while some other IP addresses are shared by the users of a given Internet Service Provider (ISP).
-
The Internet Protocol is used to route data packets between networks; IP addresses specify the locations of the source and destination nodes in the topology of the routing system. For this purpose, some of the bits in an IP address are used to designate a subnetwork. The number of these bits is indicated in CIDR notation, appended to the IP address; e.g., 208.77.188.166/24.
+
* IP addresses are usually displayed in human-readable notations, such as 41.219.217.131.
-
As the development of private networks raised the threat of IPv4 address exhaustion, RFC 1918 set aside a group of private address spaces that may be used by anyone on private networks. They are often used with network address translators to connect to the global public Internet.
+
* IP addresses provide an useful and simple risk management tool. If you receive a job offer from someone claiming to be a London based agency and the sender IP address of the email is 41.219.217.131, a simple investigation may show you that the email really comes from Lagos, Nigeria instead of London. This inconsistency is indicative of a probable scam.
-
 
+
<br>
-
The Internet Assigned Numbers Authority (IANA), which manages the IP address space allocations globally, cooperates with five Regional Internet Registries (RIRs) to allocate IP address blocks to Local Internet Registries (Internet service providers) and other entities.
+
== IP addresses and how to decode them ==
== IP addresses and how to decode them ==
Line 43: Line 62:
* Once you have the source IP of the email you can investigate this information using a tool like to one provided by [http://www.melissadata.com/Lookups/iplocation.asp?ipaddress= Melissa]
* Once you have the source IP of the email you can investigate this information using a tool like to one provided by [http://www.melissadata.com/Lookups/iplocation.asp?ipaddress= Melissa]
* To do that you should enter the IP address in the corresponding field and click on "submit".  
* To do that you should enter the IP address in the corresponding field and click on "submit".  
-
** You will get the following information:
+
** You will get the following information: city, state or region, country and Internet Service Provider (ISP)
-
 
+
** For instance if you enter the IP 41.219.217.131 you will get
-
http://www.proz.com/file_resources/other/cba0130e90d829a532f25bbbb47e5218_Melissa_Nigeria.JPG
+
City Lagos
 +
State or Region Lagos
 +
Country Nigeria
 +
ISP Assigned To Lagos Dial-Pool Customers.  
<br>
<br>
Line 52: Line 74:
=== Emails received through your ProZ.com profile ===
=== Emails received through your ProZ.com profile ===
-
* When you receive an email through your ProZ.com profile, the header of the message includes the following information:
+
* When a logged-in user sends you an email through your ProZ.com profile, the header of the message includes the following information:
-
** When the sender was not logged-in:
+
 
 +
You have been sent a message via ProZ.com.
 +
Author: Enrique (ProZ.com Member)
 +
Author's Profile: http://www.proz.com/profile/xxxxxx
 +
Author's IP address: 41.219.217.131
 +
Message type: {subject line entered by the sender}
 +
 
 +
* When the sender was not logged-in the header shows:
 +
 
  You have been sent a message via ProZ.com.
  You have been sent a message via ProZ.com.
  Author: XXXX [NOTE: The author is not a registered ProZ.com user or was not logged in when sending this message.]
  Author: XXXX [NOTE: The author is not a registered ProZ.com user or was not logged in when sending this message.]
-
  Author's IP address: 82.128.21.90
+
  Author's IP address: 41.219.217.131
-
  Message type: Job-related
+
  Message type: {subject line entered by the sender}
=== Using Gmail ===
=== Using Gmail ===
 +
* Open the received email
 +
* Click on the down-pointing arrow immediately to the right of the "Reply" button, at the top-right corner of the message pane.
 +
* Select the "Show original" option.
 +
* A new window will open including the full header including the information "client-ip=xxx.xxx.xxx.xxx"
 +
<br>
=== Using Yahoo email ===
=== Using Yahoo email ===
 +
 +
* Open the received email
 +
* Scroll to the bottom of page and click on the "Full header" link.
 +
* Look for the "Originating-IP: [xxx.xxx.xxx.xxx]" information<br>
 +
Alternatively,<br>
 +
- Select an email<br>
 +
- Right-click and select View Full Header<br>
 +
- Look for the "X-Originating-IP: [xxx.xxx.xxx.xxx]" information
 +
 +
 +
=== Using Windows Live Hotmail ===
 +
 +
*To see the full email including all header lines in Windows Live Hotmail:
 +
** Open the desired email in Windows Live Hotmail.
 +
** Click the down arrow next to Reply in the message's header area near the sender and subject.
 +
** Pick View message source from the menu.
 +
 +
=== Using Mozilla Thunderbird ===
 +
 +
 +
=== Using MS Outlook Express ===
 +
 +
<br>
 +
- Select an email<br>
 +
- Right-click and select Properties<br>
 +
- Open Details tab and Look for the "Received: from" information
 +
 +
=== Using Mail (Mac) ===
 +
 +
<br>
 +
- Select an email<br>
 +
- Click on View then select Message<br>
 +
- Click on All Headers

Current revision as of 10:25, 8 July 2012


Note: This article is a joint project of ProZ.com members and guests. All translators are invited to contribute freely. (Click "Edit" above; you must be logged in.)
If you don't know how wiki formatting works, see: http://en.wikipedia.org/wiki/Wikipedia:Cheatsheet


Contents

Overview

Attached files

  • Files attached to emails may contain viruses, Trojans and other sources of risk.
  • Use your antivirus program to check all incoming emails, and in particular check all attached files before double-clicking on them. Double clicking will run the program associated with the correspoding file type.
  • You should not open executable files unless they are sent by a trusted sender and you expect an executable file to arrive. Remember that sending addresses can be simulated to make you believe the email comes from somebody you know.
  • Word files (extension .doc) may contain macro viruses, so it is good practice to request files to be sent in Rich Text Format (extension .rtf), as RTF is a pure text format that does not hold executable code (and therefore no viruses).
  • You can use WordPad to open an attached file safely. Distrust any garbled text you find in a document that should contain text.

The use of free email services

  • When you receive a job offer from a company you never worked for sent by the alleged project manager (or equivalent) from a free email address (such as name@gmail.com ) you should consider this as a warning of possible problems ahead.
    • It would not hurt you to take some additional step to confirm that the assignment is real (for instance contacting the company by means of their webpage).
    • Check also for the correct spelling of the company name in the domain, as a scamming address could be created to resemble a legitimate address by means of a small typo.
  • A recent quick poll on the question "Do you distrust job inquiries sent from a free email account?" produced the following results:
    • 46.4% voted "No, not necessarily"
    • 40.8% voted "Yes, generally"
    • 10.0% voted "No, why should I?"
    • 2.8% selected the option "Other - N/A"
  • In the associated discussion some members reported being generally wary of free email addresses from an alleged company (agency, end client, etc.), but they found it quite normal in emails from translators.
  • A member added that it is easy and inexpensive to make a domain name and an email address with a format name@yourcompany.com so the email address data needs to be considered very carefully.


Reading and understanding the source IP address

On IP addresses

  • According to Wikipedia, an Internet Protocol (IP) address is a numerical label that is assigned to devices participating in a computer network, that uses the Internet Protocol for communication between its nodes. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there."
  • In other words, the IP address of an incoming email will give you valuable information about the physical location of the sender. Some users have dedicated IP addresses while some other IP addresses are shared by the users of a given Internet Service Provider (ISP).
  • IP addresses are usually displayed in human-readable notations, such as 41.219.217.131.
  • IP addresses provide an useful and simple risk management tool. If you receive a job offer from someone claiming to be a London based agency and the sender IP address of the email is 41.219.217.131, a simple investigation may show you that the email really comes from Lagos, Nigeria instead of London. This inconsistency is indicative of a probable scam.


IP addresses and how to decode them

  • Once you have the source IP of the email you can investigate this information using a tool like to one provided by Melissa
  • To do that you should enter the IP address in the corresponding field and click on "submit".
    • You will get the following information: city, state or region, country and Internet Service Provider (ISP)
    • For instance if you enter the IP 41.219.217.131 you will get
City	Lagos
State or Region	Lagos
Country	Nigeria
ISP	Assigned To Lagos Dial-Pool Customers. 


Getting the source IP address of an incoming email

Emails received through your ProZ.com profile

  • When a logged-in user sends you an email through your ProZ.com profile, the header of the message includes the following information:
You have been sent a message via ProZ.com.
Author: Enrique (ProZ.com Member)
Author's Profile: http://www.proz.com/profile/xxxxxx
Author's IP address: 41.219.217.131
Message type: {subject line entered by the sender}
  • When the sender was not logged-in the header shows:
You have been sent a message via ProZ.com.
Author: XXXX [NOTE: The author is not a registered ProZ.com user or was not logged in when sending this message.]
Author's IP address: 41.219.217.131
Message type: {subject line entered by the sender}

Using Gmail

  • Open the received email
  • Click on the down-pointing arrow immediately to the right of the "Reply" button, at the top-right corner of the message pane.
  • Select the "Show original" option.
  • A new window will open including the full header including the information "client-ip=xxx.xxx.xxx.xxx"


Using Yahoo email

  • Open the received email
  • Scroll to the bottom of page and click on the "Full header" link.
  • Look for the "Originating-IP: [xxx.xxx.xxx.xxx]" information

Alternatively,
- Select an email
- Right-click and select View Full Header
- Look for the "X-Originating-IP: [xxx.xxx.xxx.xxx]" information


Using Windows Live Hotmail

  • To see the full email including all header lines in Windows Live Hotmail:
    • Open the desired email in Windows Live Hotmail.
    • Click the down arrow next to Reply in the message's header area near the sender and subject.
    • Pick View message source from the menu.

Using Mozilla Thunderbird

Using MS Outlook Express


- Select an email
- Right-click and select Properties
- Open Details tab and Look for the "Received: from" information

Using Mail (Mac)


- Select an email
- Click on View then select Message
- Click on All Headers

Discussion related to this article

Please note that ProZ.com forum rules apply to this area.

Something went wrong...
Access to this topic may be restricted. Please login.
Personal tools