Spammers Introduce New Email Internet Headers

Symantec has been tracking a recent phishing email attack that is targeting the users of a number of prominent global banking institutions. In this phishing attack it was observed that the spammers are using meaningless, random email headers—possibly in an attempt to circumvent anti-spam message filters. The spam attack was observed starting in July and is still active.
Let’s first understand what email headers are. Every email message comprises two parts: the message body and the message header. The header can be thought of as the envelope of the message, containing the address of the sender and the recipient, the subject, and other important tracking information. The body contains the actual textual content of the message and file attachments, if any.
Here are some of the most common email header fields:
Received:
Return-Path:
Sender:
X-Mailer:
From:
Date:
To:
Subject:
Message-ID:
MIME-Version:
In-Reply-To:
Content-Type:
Content-Transfer-Encoding:
By default, in most email programs the headers displayed to users when viewing a message are the “From,” “Date,” “To,” and “Subject” lines. Users can choose to view some of the other header lines of an email by adjusting the user settings, if provided by the email program. In the case of spam emails, spammers often forge the information in these and/or other headers in an attempt to circumvent anti-spam filters and at the same time make it difficult to trace the origin of spam (continue reading...)