Ask the Expert

Tracking down SPAMers

Is there any way I can trace or track where anonymous e-mails are coming from? If so, can I find out either the location, or which computer it was sent from?

    Requires Free Membership to View

Over the past 5-6 years, malicious e-mails and SPAM have surfaced as the scourge of the Internet world. These e-mails are difficult to prevent without significant effort, and identifying the original sender of this garbage can be next to impossible. However, while it is practically impossible to find the actual computer user that hit the enter key on the e-mail you received (as many SPAMers hack into mail servers not owned by them), there are a number of steps you can take to actually track the e-mail back to the original mail server that sent it. An entire paper could be written on the subject but for brevity, here are a couple of quick steps:

  1. View the e-mail headers that come with the email. Different e-mail clients will have different steps for this but for Outlook Express you can open the e-mail, select File->Properties, and then select the Details tab. The e-mail headers will be visible now. You can either cut and paste this data into another text editor or read it from there.
  2. Identify the "Received:" headers. Each "Received:" header has a meaning:
    - The first will most likely be the IP address and name of your mail server
    - The second will most likely be the IP address of the mail server that actually sent the e-mail
  3. Check out the "Return-path:" or "From:" headers. These will most likely have an email address of the source. While this is most likely spoofed, in some cases they are legitimate. You can take the domain name and search for the administrative contact by looking it up here.

The task of tracking back an e-mail address is more of an art than a science and can take up hours of your time (and the SPAMers depend on this deterrent). The best recommendation I can give you is to get a good SPAM filter and continually tune it to catch as much as you can. Also, stay aware of anti-SPAM legislation and contribute your voice to it.

This was first published in March 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: