File000147

Module XXXIV – Tracking Emails and Investigating Email Crimes

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

News: Email Spamming Attacks Quadruple Since Start of 2008

Source: http://www.publictechnology.net/



News: Email Spam Has Been Annoying Us for 30 Years

Source: http://www.news.com.au/



News: Two Internet Spammers Charged By Information

R. Alexander Acosta, United States Attorney for the Southern District of Florida, and Jonathan I. Solomon, Special Agent in Charge, Federal Bureau of Investigation, Miami Field Office, announced today the filing of a one-count Information charging defendants, Jared Cosgrave and Mohammed Haque, with fraud and related activity in connection with electronic mail, in violation of the CAN-SPAM ACT of 2003, Title 18, United States Code, Section 1037(a)(2), by illegally transmitting over 25,000 electronic mail messages during a 30 day period.

Both Cosgrave, 25, of Plantation, Florida, and Haque, 26, of California, made their initial appearances in federal court this morning before U.S. Magistrate Judge Chris Mc Aliley.

Cosgrave and Haque subsequently pled guilty to the Information before United States District Court Judge Alan S. Gold. Sentencing is scheduled for November 16, 2007.

At sentencing, Cosgrave and Haque face a maximum statutory sentence of up to three years’ imprisonment, a fine of up to $250,000, and restitution of more than $58,000 to Earthlink Inc.

Source: http://miami.fbi.gov



Module Objective

• Email Systems• Email Clients• Email Servers• Real Email Systems• Email Crime• Spamming• Identity Fraud/Chain Letters• Investigating Email Crimes and Violations• List of Common Headers• Microsoft Outlook Mail• Tracing an Email Message• U.S. Laws Against Email Crime

This module will familiarize you with:



Module Flow

Email System

Email ClientInvestigating

Email Crimes and Violations

SMTP Server Microsoft Outlook Mail

List of Common HeadersEmail Server

Identity Fraud/Chain Letter

Email Crime Tracing an Email Message

Spamming U.S. Laws Against Email Crime



Email System

Email system consists of mail clients to send or fetch mails and two different, SMTP and POP3 or IMAP, servers running on a server machine



Email Client

Email client is a computer application to manage emails

• Retrieve messages from a mailbox• Display the headers of all the messages in mailbox• Header contains information such as who sent the mail, the subject of the

mail, time and date of the message, and the size of the message• Client allows to select a message header and read the body of the email

message • It allows user to create new messages and submit them to a mail server• Clients allow user to add attachments to the messages they want to send and

save the attachments from the received messages • Formats the messages• Internet Explorer, Mozilla Firefox, Netscape, and Safari are some of the

commonly used email clients

Email clients perform the following functions:



Email Server

• It contains a list of email accounts, with one account for each person• Mail servers reserve a text file for each account in the list which contains all the

information of the account • After a user presses the ‘Send’ button to send the message, email client connects to the

email server and passes the name of the recipient, sender, and the body of the message• The server formats those pieces of information and appends them to the bottom of the

recipients.txt file • If the addressed user wants to receive the email, he/she will connect to the server

through a mail client and request for the mail

Email server works as follows:

Email Client Email Server

Any mail for me?

Yes



SMTP Server

Simple Mail Transfer Protocol (SMTP) Server listens on port number 25 and handles outgoing mail

When the client sends an email, it connects to the SMTP server

The client has a conversation with the SMTP server, telling the SMTP server the address of the sender, the recipient, and the body of the message

The SMTP server takes the "to" address and breaks it into two parts:

•The recipient’s name •The domain’s name

SMTP server has a conversation with a Domain Name Server, gets the identifying information for the Domain of the remote Email server and connects to the SMTP of the remote Email server

SMTP server connects with the recipient’s SMTP server using port 25



POP3 and IMAP Servers

• When a message arrives, the POP3 server appends it to the bottom of the recipient's account file which can be retrieved by the mail client at any preferred time

• Email client connects to the POP3 server at port 110 by default to fetch mails

Post Office Protocol (POP3 ) Server:

• Email client connects to the IMAP server using default port 143• IMAP servers allow multiple concurrent client connection to the same mailbox, access

to MIME message parts and partial fetch, maintain message state information at server, multiple mailboxes on the server and Server-side searches

Internet Mail Access Protocol (IMAP) Server:



Importance of Electronic Records Management

Electronic records management may be defined as “The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of electronic records, including the processes for capturing and maintaining evidence of and information for legal, fiscal, administrative, and other business purposes”

• It helps in investigation and prosecution of email crimes• It acts as a deterrent for abusive and indecent materials in email messages• It helps in non-repudiation of electronic communication so that someone

cannot deny of being a source of communication

Importance of electronic records management:



Email Crime

Emails are used for criminal purposes

Email crime can be categorized into two crimes:

• Spamming, phishing, mail bombing etc.

Crime committed by sending emails:

• Harassment, cyber black mailing, identity frauds, pornography, etc.

Crime supported by email:



Spamming

Spamming can be defined as sending unsolicited mails

Spammers obtain email addresses by harvesting addresses from Usenet postings, DNS listings, or web pages

Common Subject headers of Spam mails



Mail Bombing/Mail Storm

• Sending huge volumes of emails to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted to cause a denial-of-service attack

• In many instances, the messages will be large and constructed from meaningless data in an effort to consume additional system and network resources

Mail Bombing

• It is a sudden spike of ‘Reply All’ messages on an email distribution list, caused by one misdirected message

Mail Storm



Crime via Chat Rooms

A chat room is a website, part of a website, or part of an online service that provides a venue for communities of users with a common interest to communicate in real time

Chat rooms are increasingly being used for different crimes such as child pornography, cyber stalking, and identity thefts

They can also be used as a social engineering tool to collect information for committing several other crimes

They are a regular feature of different adult sites and are extensively used to disseminate obscene materials over Internet



Identity Fraud/Chain Letter

“Identity fraud is the term used to refer all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain”

“A chain letter by definition is a letter directing the recipient to send out multiple copies so that its circulation increases exponentially ”





Phishing

Phishing is a criminal act of sending an email to a user falsely claiming to be a well-known and legitimate source in an attempt to trick the user into surrendering sensitive and private information

Phishers incite the targeted users to provide personal information in illegitimate websites

The main purpose of phishing is to get access to the customer’s bank accounts, passwords, and other security information

Phishing attacks can target millions of email addresses around the world using mass-mailing systems



Email Spoofing

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source

Spammers and perpetrators of phishing change the email header fields such as From, Return-Path, and Reply-To-Fields to hide the actual source



Investigating Email Crime and Violation

Trace an email

Examine attachments

Examine email headers

View email headers

Print an email message

Copy an email message

Examine an email message



Obtain a Search Warrant and Seize the Computer and Email Account

A search warrant application should include proper language to perform on-site examination of the computer and email server

Conduct a forensics test on only that equipment that is permitted to do so

Seize the computer and email accounts suspected to be involved in the crime

Email accounts can be seized by just changing the existing password of the email account either by asking the victim his/her password or from the mail server



Obtain a Bit-by-Bit Image of Email Information

Make a bit-by-bit image of all the folders, settings, and configurations present in the email account for further investigation in a removable disk using tools such as Safe Back

Encrypt the image using MD5 hashing to maintain integrity of the evidence



Email Message

An email message is composed of two parts:

• Email header contains information about the email origin such as the address from where it came, how it reached (path), and who sent it

Header

• Body contains the actual message

Body



Viewing Headers in Microsoft Outlook

Launch the Outlook program and open the copied email message

Right-click the message received and click Options to open the dialog box

Select the header text and make a copy of it

Paste the header text in any text editor and save the file with the name Filename.txt

Close the program



Microsoft Outlook Header



Viewing Headers in AOL

Initiate the program

Open the received message

Click the DETAILS link

Select message header text and copy it

Paste the text in any text editor and save the file as Filename.txt

Close the program



Viewing Headers in Hotmail

Log on to hotmail

Open the received message

Go to Options and click

Click Mail Display Settings

Select Message Headers - Full text and copy it


Close the program



Viewing Headers in Hotmail: Screenshot



Viewing Headers in Gmail

Log on to Gmail

Open the received mail

Click on More option

Click on Show original

Select Message Headers - Full text and copy it


Close the program



Gmail Header



Viewing Headers in Yahoo Mail

Initiate the yahoo mail

Open a received mail

Click on Full header

Check the header

Select message header text and copy it

Paste the text in any text editor and save the file

Log out from mail account and close the mail client



Yahoo Mail Header



Examining an Email Header

Mail originated from this IP address



Example: Rudy Sends an Email to Timmy

From: [email protected] (Rudy)

To: [email protected]

Date: Tue, Mar 18 1997 14:36:14 PST

X-Mailer: Loris v2.32

Subject: Lunch today?



Analysis of Email Header at Timmy

Received: from mail.bieberdorf.edu (mail.bieberdorf.edu [124.211.3.78]) by mailhost.immense-isp.com (8.8.5/8.7.2) with ESMTP id LAA20869 for <[email protected]>; Tue, 18 Mar 1997 14:39:24 -0800 (PST)

Received: from alpha.bieberdorf.edu (alpha.bieberdorf.edu [124.211.3.11]) by mail.bieberdorf.edu (8.8.5) id 004A21; Tue, Mar 18 1997 14:36:17 -0800 (PST)From: [email protected] (R.T. Hood)To: [email protected]: Tue, Mar 18 1997 14:36:14 PSTMessage-Id: <[email protected]>X-Mailer: Loris v2.32Subject: Lunch today?



Received: Headers

Received: headers provide a detailed log of a message's history, and so make it possible to draw some conclusions about the origin of a piece of email even when other headers have been forged

If, for instance, the machine turmeric.com, whose IP address is 104.128.23.115, sends a message to mail.bieberdorf.edu, but falsely says HELO galangal.org, the resultant Received: line might start like this:

• Received: from galangal.org ([104.128.23.115]) by mail.bieberdorf.edu (8.8.5)...



Forging Headers

Another trick used by forgers of email, this one increasingly common, is to add spurious Received: headers before sending the offending mail

• Received: from galangal.org ([104.128.23.115]) by mail.bieberdorf.edu (8.8.5)

• Received: from nowhere by fictitious-site (8.8.3/8.7.2)...Received: No Information Here, Go Away!

This means that the hypothetical email sent from turmeric.com might have Received: lines that looked something like this:



Forging Headers (cont’d)

Obviously, the last two lines are complete nonsense, written by the sender and attached to the message before it was sent

Since the sender has no control over the message once it leaves turmeric.com, Received: headers are always added at the top and the forged lines at the bottom of the list

This means that someone reading the lines from top to bottom, tracing the history of the message, can safely throw out anything after the first forged line; even if the Received: lines after that point looks plausible, they are guaranteed to be forgeries



List of Common Headers

• Messages with many recipients sometimes have a long list of headers of the form "Apparently-To: [email protected]" (one line per recipient)

• These headers are unusual in legitimate mail; they are normally a sign of a mailing list, and in recent times mailing lists have generally used software not sophisticated enough to generate a giant pile of headers

Apparently-To

• Bcc stands for "Blind Carbon Copy“. If you see this header on incoming mail, something is wrong. It is used like Cc: (see below), but does not appear in the headers

• The idea is to be able to send copies of email to persons who might not want to receive replies or to appear in the headers

• Blind carbon copies are popular with spammers, since it confuses many inexperienced users to get email that does not appear to be addressed to them

Bcc



List of Common Headers (cont’d)

• Cc stands for "Carbon Copy”• This header is sort of an extension of "To:"; it

specifies additional recipients. The difference between "To:" and "Cc:" is essentially connotative; some mailers also deal with them differently in generating replies

Cc

• This is a nonstandard, free-form header field. It is most commonly seen in the form "Comments: Authenticated sender is <[email protected]>"

• “Treat with caution”, A header like this is added by some mailers to identify the sender; however, it is often added by hand by spammers as well

Comments




Content-Transfer-Encoding: This header relates to MIME, a standard way of enclosing non-text content in email; it has no direct relevance to the delivery of mail, but it affects how MIME-compliant mail programs interpret the content of the message

Content-Type: Another MIME header, telling MIME-compliant mail programs what type of content to expect in the message

Date: This header does exactly what you expected; it specifies a date, normally the date the message was composed and sent. If this header is omitted by the sender's computer, it might conceivably be added by a mail server or even by some other machines along the route

Errors-To: Specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address). This is not a particularly common header, as the sender usually wants to receive any errors at the sending address, which is what most (essentially all) mail server software does by default

From (without colon) This is the "envelope From" discussed above




From: (with colon) This is the "message From

Message-Id: The Message-Id is a more-or-less unique identifier assigned to each message, usually by the first mail server it encounters. Conventionally, it is of the form "[email protected]", where the "gibberish" part could be absolutely anything and the second part is the name of the machine that assigned the ID. Sometimes, but not often, the "gibberish" includes the sender's username. Any email in which the message ID is malformed or in which the site in the message ID isn't the real site of origin, is probably a forgery

In-Reply-To: A Usenet header that occasionally appears in mail, the In-Reply-To: header gives the message ID of some previous message which is being replied to. It is unusual for this header to appear except in email directly related to Usenet; spammers have been known to use it, probably in an attempt to evade filtration programs

Mime-Version: (also MIME-Version:) Yet another MIME header, this one just specifying the version of the MIME protocol that was used by the sender. Like the other MIME headers, this one is usually ignorable; most modern mail programs will do the right thing with it




Newsgroups: This header only appears in email that is connected with Usenet---either email copies of Usenet postings, or email replies to postings. In the first case, it specifies the newsgroup(s) to which the message was posted; in the second, it specifies the newsgroup(s) in which the message being replied to was posted. The semantics of this header are the subject of a low-intensity holy war, which effectively assures that both sets of semantics will be used indiscriminately for the foreseeable future

Organization: It is a completely free-form header that normally contains the name of the organization through which the sender of the message has net access. The sender can generally control this header, and silly entries like "Royal Society forPutting Things on Top of Other Things" are commonplace

Priority: It is a free-form header that assigns a priority to the mail. Most software ignore it. It is often used by spammers, usually in the form "Priority: urgent" (or something similar), in an attempt to get their messages read

Received: This is the message received




References: The References: header is rare in email except for copies of Usenet postings. Its use on Usenet is to identify the "upstream" posts to which a message is a response; when it appears in email, it is usually just a copy of a Usenet header. It may also appear in email responses to Usenet postings, giving the message ID of the post being responded to as well as the references from that post

Reply-To: Specifies an address for replies to go to. Though this header has many legitimate uses (perhaps your software mangles your From: address and you want replies to go to a correct address), it is also widely used by spammers to deflect criticism. Occasionally, a naive spammer will actually solicit responses by email and use the Reply-To: header to collect them, but more often the Reply-To: address in junk email is either invalid or an innocent victim

Sender: This header is unusual in email (X-Sender: is usually used instead), but appears occasionally, especially in copies of Usenet posts. It should identify the sender; in the case of Usenet posts as it is a more reliable identifier than the From: line




Subject: A completely free-form field specified by the sender, intended, of course, to describe the subject of the message

To: The "message To: "described above. Note that the To: header need not contain the recipient's address!

X-headers is the generic term for headers starting with a capital X and a hyphen. The convention is that X-headers are nonstandard and provided for information only, and that, conversely, any nonstandard informative header should be given a name starting with "X-". This convention is frequently violated

X-Confirm-Reading-To: This header requests an automated confirmation notice when the message is received or read. It is typically ignored; presumably some software acts on it




X-Distribution: In response to problems with spammers using his software, the author of Pegasus Mail added this header. Any message sent with Pegasus to a sufficiently large number of recipients has a header added that says "X-Distribution: bulk". It is explicitly intended as something for recipients to filter against

X-Errors-To: Like Errors-To:, this header specifies an address for errors to be sent to. It is probably less widely obeyed

X-Mailer: (also X-mailer:) This is a freeform header field intended for the mail software used by the sender to identify itself (as advertising or whatever). Since much junk email is sent with mailers invented for the purpose, this field can provide much useful folder for filters

X-PMFLAGS: This is a header added by Pegasus Mail; its semantics are non-obvious. It appears in any message sent with Pegasus, so it does not obviously convey any information to the recipient that is not covered by the X-Mailer: header




X-Priority: Another priority field, used notably by Eudora to assign a priority (which appears as a graphical notation on the message)

X-Sender: It is the usual email analogue to the Sender: header in Usenet news; this header purportedly identifies the sender with greater reliability than the From: header. In fact, it is nearly as easy to forge, and should therefore be viewed with the same sort of suspicion as the From: header

X-UIDL: This is a unique identifier used by the POP protocol for retrieving mail from a server. It is normally added between the recipient's mail server and the recipient's actual mail software; if mail arrives at the mail server with an X-UIDL: header, it is probably junk (there is no conceivable use for such a header, but for some unknown reason many spammers add one)



Examining Additional Files (.pst or .ost files)

Email messages are saved as files either on client computer or server

Microsoft Outlook maintains email in .pst or .ost files

Online email program such as AOL, Hotmail, and Yahoo store Email messages in folders such as History, Cookies, and Temp

Unix stores email messages as per the user



Pst File Location



Microsoft Outlook Mail

Microsoft Outlook Mail acts like a personal information manager

The email database is normally located in the \user account\Local Settings\Application Data\Microsoft\Outlook directory

The files stored in Outlook Mail are known as *.pst files

The .pst files have archives of all folders such as Outlook, Calendar, Drafts, Sent Items, Inbox, and Notes



Examine the Originating IP Address

Look for the geographic address of the sender in the whois database

Search the IP in the whois database

Collect the IP address of the sender from the header of the received mail



http://centralops.net/co/

This website contains a tool known as Email Dossier

Email Dossier is an online tool used to check the email validity and investigate email



Exchange Message Tracking Center

By default, message tracking is not enabled in Exchange Server

This tool can help you track a message's path between servers, as well as determine when the user sent the message, to whom the user sent the message, and other important pieces of information

Tracking log files will be stored (by default) in a folder located at c:\Program Files\Exchsrvr\servername.log

Inside this folder, you will find a text file for each day that logs are being retained for



Exchange Message Tracking Center: Screenshot



MailDetective Tool

MailDetective is an effective tool for monitoring the corporate email usage in Microsoft Exchange Server

It is a monitoring application designed to control email use in the corporate network

It is a solid solution against frivolous employees who undermine corporate discipline and decrease productivity by sending and receiving non-work related emails

It analyzes mail server log files and provides the employer with detailed reports about private and business emails coming to and from the corporate network as well as traffic distribution by users and email addresses



Screenshot: MailDetective Tool



Examine Phishing

Search the received mail which contains the malicious link to any website

Check for that link in the phishing archive in the Honeytrap database tool

The Honeytrap database is a database of phishing websites, submitted by different users



Example of Phishing Email









Forensic Tool Kit (FTK)

AccessData FTK is known as the forensic tool to perform email analysis

The FTK features powerful file filtering and search functionality

• Email analysis supports Outlook, Outlook Express, AOL, Netscape, Yahoo, Earthlink, Eudora, Hotmail, and MSN email

• View, search, print, and export email messages and attachments • Recover deleted and partially deleted email• Automatically extract data from PKZIP, WinZip, WinRAR, GZIP,

and TAR compressed files• Supports file formats include: NTFS, NTFS compressed, FAT

12/16/32, and Linux ext2 & ext3

Features:



E-mail Examiner by Paraben

E-mail Examiner can recover deleted emails

It examines more than 14 mail types

It recovers email deleted from deleted items



Network E-mail Examiner by Paraben

‘Network E-mail Examiner’ examines a variety of network email archives such as Exchange Server and Lotus Domino Server

It views all the individual email accounts

It supports Microsoft Exchange and Lotus Notes



Recover My Email for Outlook

Recovers individual email messages deleted from a Microsoft Outlook email file

Simple to use, scans your Outlook .PST file now to see what email can be recovered

Saves deleted messages and attachments into a new .PST file



DiskInternal’s Outlook Express Repair

DiskInternals Outlook Express Repair scans email accounts for damage, and restores contents whenever possible



Tracing Back

The first step in tracing back fakemail is to view the header’s information

The header will show the originating mail server, ex: mail.example.com

With a court order served by law enforcement or a civil complaint filed by attorneys, obtain the log files from mail.example.com to determine who sent the message

• www.arin.net• www.internic.com• www.freeality.com

Information regarding the Internet domain registration can be found from:



Tracing Back Web-based Email

Web-based email accounts (Webmail) can make it more difficult to establish the identity of the sender

It is possible to create a new online webmail account easily

• www.hotmail.com• www.yahoo.com• www.lycosmail.com• www.hyshmail.com

The above sites maintain the source IP address of each connection that accesses the online webmail

Contact the mail provider (ex: Microsoft) to reveal the subscriber’s information



Abuse.Net

Abuse.net helps the Internet community to report and control network abuse and abusive users

It does not include blacklist or spam analysis services

Once registered, when you send a message to [email protected], where domain-name is the name of the domain that was the source of junk email or another abusive practice, the system here automatically emails your message to the best reporting address(es) known for that domain



Network Abuse Clearing House



Tool: LoPe

• It extracts all email messages and attachments from multiple PST files

• It automatically processes unlimited number of PST files

• It re-creates the internal PST folder structure • It extracts all message headers and properties• Files are exported in MSG, EML, or XML format• It hashes every message and it can be easily batch

scripted • XML output format is fully customizable using XSL

style sheets

LoPe is an email forensic tool comprised of the following features:



Tool: FINALeMAIL

FINALeMAIL Email search results

FINALeMAIL can restore lost emails to their original state

It can recover the entire email database files



Handling Spam

Before taking legal action, send a short notice on the illegality of spam to the system administrator of the domain



Tool: eMailTrackerPro

eMailTrackerPro analyzes the email header and provides the IP address of the machine that sent the email



Tool: Email Trace - Email Tracking

Email trace tool helps to track the email sender and IP address of the sender

• Open the received email and copy the headers

• Go to http://www.ip-adress.com/trace_email/

• Paste the email message headers

• Click on “Trace Email Sender”

• Email sender IP address location and IP address information are traced

To trace an email:



Tool: Email Trace - Email Tracking (cont’d)

Source: http://www.ip-adress.com/trace_email/

Paste the message header here



Tool: Email Trace - Email Tracking (cont’d)

Email sender IP address location and IP address information



Tool: ID Protect - www.enom.com

‘ID Protect’ prevents unauthorized access to your email address and other private information

Due to eNom's dynamic email system, the visible email address changes constantly, so while it is being harvested and redistributed, the address gets changed and the previous address does not work for the spammer

The Domain Privacy Protection Service secures and maintains the real email address on the file so that the user can receive important information regarding the domain



Tools: R-Mail & Email Detective

R-Mail is an email recovery tool, which recovers accidentally deleted emails

Email Detective is a Forensic Software Tool that is used in several investigations and data recovery



Tools: SPAM Punisher & SpamArrest

SPAM Punisher is an anti-spam tool that makes it easy for you to find out the address of the spammer's Internet Service Provider, as well as generate and send complaints

SpamArrest tool protects the account from spam



U.S. Laws Against Email Crime:CAN-SPAM Act

The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them

• It bans false or misleading header information • It prohibits deceptive subject lines • It requires that the email give recipients an opt-out method• It requires that commercial email be identified as an advertisement and

include the sender's valid physical postal address

Main provisions:



CAN-SPAM Act

• Each violation of the above provisions is subject to fines of up to $11,000 • Additional fines are provided for commercial emailers who not only violate the rules

described above, but also:• "harvest" email addresses from Web sites or Web services that have published a notice

prohibiting the transfer of email addresses for the purpose of sending email • generate email addresses using a "dictionary attack" – combining names, letters, or numbers into

multiple permutations • use scripts or other automated ways to register for multiple email or user accounts to send

commercial email • relay emails through a computer or network without permission – for example, by taking

advantage of open relays or open proxies without authorization

• The law allows the DOJ to seek criminal penalties, including imprisonment, for commercial emailers who do – or conspire to: • use another computer without authorization and send commercial email from or through it • use a computer to relay or retransmit multiple commercial email messages to deceive or mislead

recipients or an Internet access service about the origin of the message • falsify header information in multiple email messages and initiate the transmission of such

messages

Penalties :



18 U.S.C. § 2252A

This law states that:

• knowingly mails, or transports or ships in interstate or foreign commerce by any means, including by computer, any child pornography

• knowingly receives or distributes any child pornography that has been mailed, or shipped or transported in interstate or foreign commerce by any means, including by computer

• knowingly reproduces any child pornography for distribution through the mails, or in interstate or foreign commerce by any means, including by computer

• knowingly distributes, offers, sends, or provides to a minor any visual depiction, including any photograph, film, video, picture, or computer generated image or picture, whether made or produced by electronic, mechanical, or other means

• Shall be punished as fined under this title and imprisoned not less than 5 years and not more than 20 years

Any person who:



18 U.S.C. § 2252B

• Whoever knowingly uses a misleading domain name on the Internet with the intent to deceive a person into viewing material constituting obscenity shall be fined under this title or imprisoned not more than 2 years, or both

• Whoever knowingly uses a misleading domain name on the Internet with the intent to deceive a minor into viewing material that is harmful to minors on the Internet, shall be fined under this title or imprisoned not more than 4 years, or both

• For the purposes of this section, a domain name that includes a word or words to indicate the sexual content of the site, such as “sex” or “porn”, is not misleading

This law states that:



Email Crime Law in Washington: RCW 19.190.020

• No person may initiate the transmission, conspire with another to initiate the transmission, or assist the transmission, of a commercial electronic mail message from a computer located in Washington or to an electronic mail address that the sender knows, or has reason to know, is held by a Washington resident that: • Uses a third party's Internet domain name without permission

of the third party, or otherwise misrepresents or obscures any information in identifying the point of origin or the transmission path of a commercial electronic mail message; or

• Contains false or misleading information in the subject line

This law is for residents of Washington, it states that:



Summary

Emails are used for the criminal purpose are Email Crime

Spammers obtain email addresses by harvesting addresses from Usenet postings, DNS listings, or web pages

Chat rooms can also be used as a social engineering tool to collect information for committing several other crimes

Phishers incite the targeted users to provide personal information in illegitimate websites

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source





Technology

File000147