Deb, I see (from your message's headers) that you're using Windows Thunderbird/3.0.8.  To view messages with full headers: 

  1. Open a message the usual way
  2. On the View menu, pick Headers > All

(That will be in effect for all messages, so when you want to go back to seeing normal headers, go back to the View menu and choose Headers > Normal.)  

The spam-rating information is in a section near the end of the headers, beginning with "X-Puremessage-Spam:".   (You'll only see that in messages from outside UVM; messages from addresses aren't ever tagged as spam.)  


On Sep 30, 2010, at 9:07 AM, Deb Smith wrote:

I received an email this morning from Linkedin but did not open it.  I have a question though, how do you check the full header to see what the spam probability is?

On 9/30/2010 9:03 AM, Dean Williams wrote:
[log in to unmask]" type="cite">Yes, I received several (pointing to a variety of addresses).  They even sent it to [log in to unmask] (gotta love it when spammers report their own abuses).  

If you check the full headers, you'll see that UVM's PureMessage spam filters ranked it "Probability=28%", not high enough to earn the "[SPAM?:#]" designation in the Subject line.  Best way to fix that is to send the message as an attachment, or at least with full headers, to: 

    Sophos Spam Reporting <[log in to unmask]>

If you do that, you can cc:

    FTC UCE Spam Reporting <[log in to unmask]>
    CERT Phishing Report <[log in to unmask]>

Oh, one other thing.  When you examine the full headers in messages like these, please check the message's origin to be sure it's not coming from UVM.  Spam from outside is a nuisance; spam from a bot-infected on-campus computer rises to a whole 'nother level of seriousness.  FOr example, the first "Received" header in today's message is: 

Received: from ( []) by (8.13.8/8.13.8) with ESMTP id KQZB6L1434584 for <[log in to unmask]>; Thu, 30 Sep 2010 20:35:14 +0800 (EDT)

Forgery, anyone?  

-Dean Williams  

On Sep 30, 2010, at 8:47 AM, Moody, Michael D wrote:

It appears that messages that are purportedly from LinkedIn Communications are being received by some UVMers.  The subject, today, is “LinkedIn Messages, 9/30/2010.”  Hovering over the message links shows that the destination is anything but LinkedIn.  Has there been other reports of this spoofing attempt?
Michael Moody

Deb Smith
Office of International Education
University of Vermont

UVM is subject to the Vermont Public Records Act and communications to and from this email address, including attachments, are subject to disclosure unless exempted under the Act or otherwise applicable law.