Viewing the headers on a spam email is the only way to track spam email to determine the originating email server's identity for blocking or identification purposes. The "From" line and the "Reply To" line of spam emails cannot be considered valid, as the common practice among spammers is to falsify these items in order to hide the spammer's true identity as well as to thwart tracking attempts. An example from an actual spam email follows.

The actual email arrived displaying the following information in the email program:

From: sender@aol.com
To: support@montana.net
Sent: Monday, February 04, 2002 7:35 PM
Subject: bonus

It looks like the message came from an aol.com user. Displaying the headers, however, reveals this:

Received: from aol.com ([211.252.11.2]) by montana.net ; Mon, 04 Feb 2002 19:35:17
Reply-To: <sender@aol.com>
Message-ID: <002e08d28deb$6657d3d2$8ea00bd7@pqxybq>
From: <sender@aol.com>
To: <support@montana.net>
Subject: bonus
X-Mailer: Microsoft Outlook, Build 10.0.2616
Return-Path: <sender@aol.com>
Date: Mon, 04 Feb 2002 19:35:21 -0700
X-Rcpt-To: <support@montana.net>

It still looks, on the surface, like it came from aol.com. It will do no good to complain to aol.com about receiving this email, however, because a check of the IP address given for the originating server ( 211.252.11.2 ) shows that, in fact, the server belongs to:

inetnum: 211.252.11.0 - 211.252.11.63
netname: ANCHANG-ES-KR
descr: ANCHANG ELEMENTARY SCHOOL
descr: 756 Daeri Anzwamyun Sinankun
descr: CHONNAM
descr: 530-090
country: KR

So, the originating server for this spam email was actually an elementary school in Chonnam, Korea. That's a far cry from aol.com. This server can be blocked so that future emails from it will be rejected by our server, but that is still no guarantee that messages from this spammer won't be received in the future since this particular server was probably used by the spammer because he could relay through it, but he could use a different vulnerable server for his next mass-mailing.

How are headers viewed?

In Outlook Express, email headers can be viewed by following these steps:

(1) In your Inbox listing of messages, click on the message you are interested in to highlight it, then right-click on it and selecte Properties from the pop-up menu....

(2) When the message properties window opens, select the Details tab, then click on the "Message Source" button....

(3) In the Message Source window, click with your mouse anywhere within the window, then right-click and select "Select All" from the pop-up menu....

(4) Right-click again, this time selecting "Copy" from the pop-up menu....

(5) Close both the Message Source and message properties windows to return to your main Outlook Express window.

(6) To forward the spam email, including headers, to another email address, open a new message window, enter the recipient's email address in the To line, then click anywhere within the message body portion of the window, then right-click and select Paste from the pop-up menu to paste the message source that you copied in step 4 into the body of this new email message.

Note: If you are forwarding a spam message to Montana.Net support for blocking, please do not forward common, every day spam messages. Please limit this procedure only to spam messages that are pornographic in nature or particularly offensive. This amount of effort isn't worth it for other types of spam...it's quicker to just Delete them.