1

I just recieved a spam mail. They asked me to "confirm my amazon account / identity". The button links to a subdomain of ad-new.xyz (not sure if I am allowed to post this. Please remove the link if not allowed). Nothing special, it was not that hard to confirm it as spam.

But here's the part I don't understand: I am not able to find the sender. I've looked at the source code of the mail, but the sender is just Amazon.Support:

From: Amazon.Support (Part of he mail's source code)

My web-based email inbox show's the sender like this:

Amazon.Support@missing_domain

So, here are my questions:

  • How can I find out the sender domain?
  • How did the sender did this? Every E-Mail has a sender (domain), so it must be somewhere I guess
  • Should I report this to Amazon.com?

Maybe you can help me out with this.

Have a nice day! :)

jdstaerk
  • 111
  • 3
  • 3
    You can write anything in the mail header, including having no sender, multiple senders, incomplete senders or whatever. For more details on spoofing see [How can PayPal spoof emails so easily to say it comes from someone else?](https://security.stackexchange.com/questions/9487/how-can-paypal-spoof-emails-so-easily-to-say-it-comes-from-someone-else) – Steffen Ullrich Apr 27 '17 at 16:59

1 Answers1

0

You'll only be able to identify which server the email came from by checking the 'Received' headers. This isn't reliable though, since systems can be hijacked for sending spam. The FROM header isn't reliable since it can be manipulated using an SMTP client to be just about anything. Changing it is trivial really.

You can report phishing attempts to Amazon using the information on this page: https://aws.amazon.com/security/report-suspicious-emails/

alexcline
  • 111
  • 3