No. of Recommendations: 2
Welup, BB, I did a 'whois' on and got a domain. Going to I got redirected to the site.

The other thing is that it didn't tell you to "click here" to fill in your information.

This is a phishing email:

From: - Thu May 05 22:05:46 2005
X-Account-Key: account3
X-UIDL: GmailId103ae7dbc5cf52e7
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Gmail-Received: c506b29349543c66214fce0380a6df2c27651b93
Received: by with SMTP id 2cs3653wrc; Thu, 5 May 2005
13:28:25 -0700 (PDT)
Received: by with SMTP id x57mr704972rnd; Thu, 05 May 2005
13:13:25 -0700 (PDT)
Return-Path: <>
Received: from
( []) by with SMTP
id 70si919906rnb.2005.; Thu, 05 May 2005 13:13:25 -0700 (PDT)
Received-SPF: neutral ( is neither permitted nor
denied by domain of
Message-Id: <>
FCC: mailbox://
X-Identity-Key: id1
Date: Thu, 05 May 2005 14:08:17 -0700
X-Accept-Language: en-us, en
MIME-Version: 1.0

This is yours.

From: - Fri Jul 15 20:43:23 2005
X-Account-Key: account2
X-UIDL: 20050716004037014006i0i0e00774g
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from ([](untrusted sender))
by (mtiwmxc14) with ESMTP id <20050716004037014003mh4ae>; Sat, 16 Jul 2005 00:40:37 +0000
X-Originating-IP: []
Received: from localHostName ( by (LSMTP for Windows NT v1.1b) with SMTP id
<>; Fri, 15 Jul 2005 19:42:19 -0500
Subject: Secure, Instant Access to your Citi Card Statement is Available
From: Citi Cards <>
Date: Fri, 15 Jul 2005 19:40:17 -0600
Reply-To: Citi Cards <>
Content-Type: text/html; Windows-1252
Content-Transfer-Encoding: 8bit
X-PS-OMK-ID: annmn:[742lme042lme4ssmg0120000042lme0mRVWiRVZm]

You should know how to read an SMTP header. Start from the bottom "received" and work your way up; each one tells you what 'relay' the email went through to get to you.

Yours, for example started at (which is owned by the same owner as It then passed to and thence onto (which I guess is your ISP) for delivery to you.

Looks pretty up-and-up.

But look at the one that I received as a phishing attempt.
Started on the bottom again, but this time it was from
at IP address And the return path is Faint warning bells.

If I check out I see that it is indeed going to which doesn't seem to me to have anything to do with Southtrust Bank.

I think yours is ok, and I think it's worthwhile for everyone to see what's going on with their email. Turn on header view and poke around; you'll see some interesting stuff in there.
Print the post  


UGC Disclosure Notice Regarding Credit Card Posts
Community board discussions about credit cards are not provided or commissioned by banks who may have advertising relationships with The Motley Fool. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.
TMF Credit Center
The Motley Fool Credit Center arms you with real tools and simple messages, that will help you in every credit situation.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.