- View the e-mail headers that come with the email. Different e-mail clients will have different steps for this but for Outlook Express you can open the e-mail, select File->Properties, and then select the Details tab. The e-mail headers will be visible now. You can either cut and paste this data into another text editor or read it from there.
- Identify the "Received:" headers. Each "Received:" header has a meaning:
- The first will most likely be the IP address and name of your mail server
- The second will most likely be the IP address of the mail server that actually sent the e-mail
- Check out the "Return-path:" or "From:" headers. These will most likely have an email address of the source. While this is most likely spoofed, in some cases they are legitimate. You can take the domain name and search for the administrative contact by looking it up here.
The task of tracking back an e-mail address is more of an art than a science and can take up hours of your time (and the SPAMers depend on this deterrent). The best recommendation I can give you is to get a good SPAM filter and continually tune it to catch as much as you can. Also, stay aware of anti-SPAM legislation and contribute your voice to it.
This was first published in March 2004