1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Discuss in my forum

What Email Headers Can Tell You About the Origin of Spam


Middle Eastern man using laptop
Hill Street Studios/Blend Images/Getty Images
Updated June 04, 2014
Spam will end when it is no longer profitable. Spammers will see their profits tumble if nobody buys from them (because you don't even see the junk emails). This is the easiest way to fight spam, and certainly one of the best.

Complaining About Spam

But you can affect the expenses side of a spammer's balance sheet, too. If you complain to the spammer's Internet Service Provider (ISP), they will lose their connection and maybe have to pay a fine (depending on the ISP's acceptable usage policy).

Since spammers know and fear such reports, they try to hide. That's why finding the right ISP is not always easy. Fortunately, there are tools like SpamCop that make reporting spam correctly to the right address easy.

Determining the Source of Spam

How does SpamCop find the right ISP to complain to? It takes a close look at the spam message's header lines. These headers contain information about the path an email took.

SpamCop follows the path until the point where the email was sent from. From this point, also know as an IP address, it can derive the spammer's ISP and send the report to this ISP's abuse department.

Let's take a closer look at how this works.

Email: Header and Body

Every email message consists of two parts, the body and the header. The header can be thought of as the envelope of the message, containing the address of the sender, the recipient, the subject and other information. The body contains the actual text and the attachments.

Some header information usually displayed by your email program includes:

  • From: - The sender's name and email address.
  • To: - The recipient's name and email address.
  • Date: - The date when the message was sent.
  • Subject: - The subject line.

Header Forging

The actual delivery of emails does not depend on any of these headers, they are just convenience.

Usually, the From: line, for example, will be set to the sender's address. This makes sure you know who the message is from and can reply easily.

Spammers want to make sure you cannot reply easily, and certainly don't want you to know who they are. That's why they insert fictitious email addresses in the From: lines of their junk messages.

Received: Lines

So the From: line is useless if we want to determine the real source of an email. Fortunately, we need not rely on it. The headers of every email message also contains Received: lines.

These are not usually displayed by email programs, but they can be very helpful in tracing spam. Find out how helpful they are, and how the analysis works on page 2.

Related Video
Create Email Aliases and Forwarding Addresses in Gmail

©2014 About.com. All rights reserved.