From: Smith Paul [smithpaul479@gmail.com]Now look at the full headers and see what you can see:
Subject: Mail Order
Hello Sales, Top of the day to you. I am Smith Paul, I would like to place an order from your store but before i proceed, i would like to know if you can ship to AUSTRALIA and accept credit card as a method of payment, If you do kindly get back to me with your valid website address for selection of items needed. I await to read from you today. Regards Smith Paul
Return-path: [alfuraih@l1.fancytech.com]
Delivery-date: Mon, 23 Aug 2010 15:53:26 -0500
Received: from l1.fancytech.com ([74.200.215.226]:59448)
(envelope-from [alfuraih@l1.fancytech.com]) id 1One1G-0004cI-KY
Subject: Mail Order
From: Smith Paul [smithpaul479@gmail.com]
Message-Id: [E1OndlA-0007mM-P6@l1.fancytech.com]
Date: Mon, 23 Aug 2010 15:36:48 -0500
X-AntiAbuse: Primary Hostname - l1.fancytech.com
X-AntiAbuse: Sender Address Domain - l1.fancytech.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/alfuraih/public_html/aa.php
X-Source-Dir: alfuraih.com:/public_htmlYou'll notice that this scammer is using php software to send these emails and it even has the folder address on his server computer where the software lives that is generating these scam emails. You'll notice the actual server origin is registered to fancytech.com, which no surprise is a foreign entity. You'll notice the actual IP of the originating server that sent the email: 74.200.215.226.
He probably doesn't even get that he probably got his faked name backwards...
