Search

How to Display Full Email Header Information and report SPAM

Spam usually never comes from the email address that shows up as the FROM: field of your email!  Spammers are more sneaky to that.  They generally use fake email addresses to hide their identity.

To find out the real source of a spam email you need to examine the email header information.  The header is the section of code that contains where the email came from how it reached you.  The header information will provide the originating IP address and/or the computer the originator was using.  Given an IP address and a time stamp, most providers or sites can find the end user who was using the IP address at the specific time.

If you follow the instructions on extracting headers you should be able to identify the origin from various email clients and programs.

Outlook for Windows

  1. Open the mail message.
  2. In Outlook 98, 2000, 2002, and 2003, from the View menu, select Options ..
    In Outlook 97, at the top of the message, click the Options tab
  3. The message headers are at the bottom of the window, in a box labeled "Headers:" Outlook 2001 for Mac OS

Outlook 2001 for Mac OS

  1. Open the mail message in a separate window
  2. File menu, select Properties….
  3. In the window that appears, click the Headers tab.  The headers will appear in the box labeled "Headers for this message."

Microsoft Exchange (prior to Outlook)

  1. Open the mail folder containing the mail message.
  2. Right-click the mail message for which you want the headers, and select Properties .
  3. Click the Headers tab to read the full headers.

Outlook Express for Windows:

  1. Right-click the message, then select Properties . (If you have the message open, from the File menu, select Properties .)
  2. Click the Details tab.  This will display the full headers of the message.

Entourage or Outlook Express for Mac OS:

  1. Open the message in a separate window.
  2. From the View menu, select Internet Headers .

Here is an example of an email header:

Received: (qmail 87418 invoked from network); 16 Mar 2006 23:17:08 -0000
Received: from incoming.succeed.net (HELO barracuda.succeed.net) (192.168.1.16)
by freebsd.succeed.net with SMTP; 16 Mar 2006 23:17:08 -0000
X-ASG-Debug-ID: 1142551035-20424-250-1
X-Barracuda-URL: http://barracuda.succeed.net:8000/cgi-bin/mark.cgi
Received: from tserver (c-67-191-210-227.hsd1.ga.comcast.net [67.191.210.227])
by barracuda.succeed.net (Spam Firewall) with SMTP
id 2B4B3200ACCF; Thu, 16 Mar 2006 15:17:15 -0800 (PST)
From: "P.a.y.P.a.l." <pp-update@example.org>
X-ASG-Orig-Subj: New email address added to your account
Subject: New email address added to your account
Date: Thu, 16 Mar 2006 18:15:54 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20060316231715.2B4B3200ACCF@barracuda.succeed.net>
X-Virus-Scanned: by Barracuda Spam Firewall at succeed.net
X-Barracuda-Spam-Score: 2.53
X-Barracuda-Spam-Status: No, SCORE=2.53 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=3.0 KILL_LEVEL=6.0 tests=FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML, MIME_HTML_ONLY, MISSING_HEADERS, MSGID_FROM_MTA_ID, TO_CC_NONE, X_PRIORITY_HIGH
X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.9810
Rule breakdown below pts rule name description
---- ---------------------- --------------------------------------------------
0.12 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
0.70 MSGID_FROM_MTA_ID Message-Id for external message added locally
0.19 MISSING_HEADERS Missing To: header
0.00 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.13 TO_CC_NONE No To: or Cc: header
0.02 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
1.36 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

Usually the spammers email server IP address is close to the bottom of the stack, nearer to the actual body of the message and listed after “Received: from”.  In this example it is 67.191.210.227 .  You can look up the “owner” of this IP address by looking it up at www.arin.net  In this case it is a comcast.net subscriber.

To cut and paste the full header text in the box and press the Ctrl key and the ‘c' key simultaneously on your keyboard in Windows or the Cmd key and the ‘c' for Mac OS.   This will copy the text to the clipboard.  Press Ctrl key and the ‘v' key simultaneously or the Cmd key and ‘v' for Mac OS to paste the headers into the text box of the web form.

You should always copy and paste the email header into any emails you send to report abuse to get the best results.

Please forward any spam that gets by our anti-spam filters to spam@succeed.net

Didn't find what you were looking for?
 call 530-674-4638 option 1
for technical support

home feedback sign up terms privacy policy support contact us

Copyright © 1996 - 2008 SUCCEED.NET.  All rights reserved. 
SUCCEED.NET™ and the SUCCEED.NET™ Logo are Trademarks of SUCCEED.NET Company
(530) 674-4200 - 1634 Starr Drive, Yuba City, CA  95993