Spammers often try to hide their email and IP address in order not to be “traced”, or they make out as if the email were from a known address, and therefore trusted, by the user.
In order to trace the real email sender (or at least the IP address) you need to analyze the message HEADERS.
In order to visualize the headers, for instance on the email client used the most , outlook express, you need to make rightmouse on the message and choose property
therefore choose details and follow the procedure given in this example, which contains some explanations relating to the fields which are most important
[sender email address: this field is not reliable because it can be disguised. It is useless to contact the address indicated in this field because it might be false or belong to a complete stranger]
Received: (qmail 850 invoked from network); 17 Jun 2003 16:53:39 -0000
Received: from unknown (HELO computername) (188.8.131.52)
by mx1.aruba.it with SMTP; 17 Jun 2003 16:53:39 -0000
[Passages, so called hops, made by the mail: the last one in order of appearance is the server of the sender, in this example (184.108.40.206): this is the most important field in order to individualize the sender or the server of the sender. Therefore we remind you to view starting from top to the bottom of the various received fields, there could be more than 2 and consider that the first one at the top will always be the receiver and the last one on the bottom will be the sender.]
All the following fields can be easily falsified, including the From field which therefore must not be taken into consideration: this is the reason why you can receive 'advertising' emails from your own email address and also why you receive mails which don't seem to be addressed to you, when in reality they are actually addressed to us but the field 'to' has been modified on purpose in order to create confusion.
Date: Tue, 17 Jun 2003 18:53:37 +0200
Organization: Aruba staff
X-Priority: 3 (Normal)
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Rating: mx1.aruba.it 1.6.2 0/1000/N
We advise you to forward the entire message as an attachment, so that, in the indication of the preset addresses, the headers remain unchanged.