All of us receive email from persons
who wish to remain anonymous: especially spammers. Often such email
will have a false email address in the header, etc. but there are ways
to determine its origin: In Outlook Express, to see where the message
actually came from:
- Right-click on the message
- Click on Properties
- Click on the Details tab
Displayed here is the header of the email
message. It contains information about what program was used to send
the email, what servers were used, the date and time, and a few other
nicknacks. An example header:
Return-Path: <bob@bobsdomain.com>
Delivered-To: j0ej1mb0b@mail.pennswoods.net
Received: from bobscomp (du81-639584.dialupat.pennswoods.net [63.95.84.81])
by mail.pennswoods.net (Postfix) with SMTP id 7B50823F638
for <j0ej1mb0b@pennswoods.net>; Fri, 1 Jun 2001 07:44:15 -0400
(EDT)
Message-ID: <003c21f0ea9b$dcf493c0$11545f9f@bobscomp>
From: "Bob Baughb" <bob@bobsdomain.com>
To: <j0ej1mb0b@pennswoods.net>
Subject: Re: hi
Date: Tue, 29 May 2001 09:37:49 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Status:
This person is on a Pennswoods.net dial-up
account using IP address 63.95.84.81 which resolves to the name du81-639584.dialupat.pennswoods.net;
thus the domain it was sent from is pennswoods.net. The message
was sent using the server mail.pennswoods.net. The "name" of the computer
used to send this message is probably bobscomp. The message was sent
using Outlook Express 5.00. Here is an actual spam header:
From elissabeth3408@hotmail.com
Tue May 15 09:46:39 2001
Received: from [216.97.198.232] by hotmail.com (3.2) with ESMTP id
MHotMailBCCAA5F700634004318FD861C6E8078216; Tue May 15 09:46:19 2001
Received: from tot-tn.proxy.aol.com (tot-tn.proxy.aol.com [152.163.207.1])
by rly-ip01.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0) with ESMTP id VAA14375;
Tue, 15 May 2001 12:09:38 -0400 (EDT)
From: <elissabeth3408@hotmail.com>
Message-Id: <2nHp-.2nHyh.2nHyR.2nHphl.2nHph.2nHpR.2n1s89.2n1sa2.2n1QxoRCdyw@Received:
from rly-yc01.mx.aol.com>
Subject: look..i was just kidding
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Date: Tue, 15 May 2001 12:44:05
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Apparently-From: Mikeotepiee@aol.com
This message appears to have been actually sent from the IP 216.97.198.232,
which resolves to 216-97-198-232.ppp.mpinet.net - you may
use this utility; it appears to be a dial-up on the
mpinet.net domain. Upon going to that ISP's website, I see a contact
page showing me the address to report aduse to is abuse@mpinet.net.
Hopefully they have some access logs to determine who was using that
IP at that time and can prevent this user from future spamming.
On a side note, Mikeotepiee@aol.com may be
the identity of the AOL user; I could also contact AOL about this.
While I cannot tell anything about the true identity of the sender
except what he specified as his name and reply address; I can see
what ISP he's connected to, what email server he used to send the
message, when it was sent, etc. Using this information I can contact
the administrators of the ISP and/or administrators of the mail server
that was used. Usually abuse@domain.com, admin@domain.com,
postmaster@domain.com, or webmaster@domain.com will
put you in contact with the appropriate people.
One way to determine who to contact is to
look up the domain on Network Solutions. Go to http://www.networksolutions.com/cgi-bin/whois/whois
and type in the domain name the email was sent from, then click Search.
If you selected a valid domain that is listed on Network solutions,
information on the domain registrant will be displayed. Good luck!
