Have you ever received emails addressed to some strange-looking username that has no resemblance to your own email address? No doubt you have, and no, it is not your ISP's fault... well, not entirely. Although the attempts of most ISP's to control spam rank right down there with their usual "support" efforts (or lack thereof), that weird email address is just one of the tricks widely known to spammers. Spam is a bonafide four-letter word that ranks right along with the other dirty ones, but there are some things you can do about it, which we will get into right now.

Both the "From" and "To" headers you see in your email client can be easily forged by the spammer, and they are usually not reliable for tracing its true source. These obvious headers do not really determine where the message either comes from or where it gets delivered to. What actually determines the recipient is the header commands that are sent to the mail server, which tell it where to send the mail. These headers are hidden in most common email clients, but we'll show you how you can find them and also find the spammer's ISP, in most cases.

Spammers get email addresses by a number of different means. Some sites that require logging in will sell your signup information and email address. Some freeware or shareware apps that require registering will also do this. Spammers have tools to easily get your email address (and other sensitive information) while you are using any IRC client (Internet Relay Chat, i.e., AIM, MS Messenger etc.). There is also what is called a bot, short for robot, which is an application that crawls through websites in an effort to harvest any email addresses in your code... and these are just some of the various ways to deliver spam to you.

Protecting Your Address

Some of the things you can do to protect your address are fairly obvious: don't log into any site unless you feel you must, don't join internet "contests" or online lonely hearts clubs, don't "register" any software unless you feel you must, keep instant messaging to a minimum, and lastly, go Here to our Free Stuff page and download the script named "Hide Email Links from Spam Bots".

Also, I keep a Yahoo account open, solely for the purpose of providing an email address when I have to log on to a site or register a program; I never use my main email account address for these purposes.

Spammers are required by law in a few states to provide a link which will enable you to opt out of their mailing list; but in light of the fact that few of us ever "opted in" on the first place doesn't lend this offer very much credibility. As a matter of fact, some snooping and checking I have done has shown me that often, by hitting an "opt out" link, you are merely confirming your email address as being active, and you may then have your address sold to even more spammers. Some spamming operations rely on this method solely to target active email accounts for resale.

Following the Trail

All emails pass through various computers, or routers, before they reach their intended party, and each time the email passes through one of these computers it will leave behind some indentifying information, such as which server the mail came from, the machine's ID number, the date and time and the IP address, and other things. In any email there may be one 'Received' line or there can be several. The newest one is always on top of the list, so the bottom 'Received' line will show you the message's origin.

Finding Header Information

With all the above clients, except Eudora, in order to include all the message header information in the spam mail when you send it to your ISP's complaints section, or to the spammer's own ISP, you will have to cut and paste it into your email; simply forwarding it will not include all the necessary information. With Eudora however, once you have the headers opened as outlined above, you can simply forward it and all the pertinent information will get through.

What Can Be done

One of the most effective ways of stopping spam is to complain to the spammer's ISP, but as mentioned above, that can be hard to do when forged headers are used. So, let's get down to what we promised you earlier, and show some methods whereby you can usually find the origin of the spam.

Return-Path: 
Received: from mail.phoney.net (mail.phoney.net [123.156.789.0])
        by mail.pacbell.net (8.8.7/(97/09/12 5.12))
        id ABCDE123; Tue, Tue, 4 Jul 2010 09:25:27 -0500 (EST)
        Errors-To: 
Received: from mai1.test.com (mai1.test.com [098.765.432.1])
        by mail.phoney.net (8.8.5/8.8.5) with SMTP id ABC12345
        for ; Tue, 4 Jul 2010 09:25:25 -0500 (EST)
Message-Id: <XXXX$XXXX&XXX$XXXXXXXX@somecomputer>
X-Mailer: ccMail Link to SMTP X0.00.00
Date: Tue, 04 Nov 97 07:18:09 -0600
From: "LowLife"
To: 
Subject: CRUD
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

The above is just an example, not a real header, by the way. Depending on the circumstances, the headers may differ in some details. Look at the lowermost 'Received' line, in red. This is the part of the header that will tell you the originating ISP; note that the domain of the ISP and the IP address, both in blue, is where you can send your letter of complaint, if the header is not forged.

Verifying Headers

To verify that the header is not forged, you can do a NSLOOKUP for the IP address. From the UNIX shell, here is the command:

nslookup 098.765.432.1

If you don't have access to a UNIX shell, you can use a WHOIS program or go Here, where you can paste in an IP number and do the lookup. In either case, if the result of the NSLOOKUP matches your header information, then the header is valid. If not, then the header is forged.

If the header turns out to be forged, then you have to do a little more work, which we won't get into here (Or maybe we will, if I get enough feedback). You can find some very useful advanced information on headers Here that will tell you just about anything you want to know. StopSpam.org is a site that I would highly recommend.

That's about it, for now. I hope the above was helpful.