View the mail header to find the real sender of the spam mail

Spam is generally sent using a group of software, and the sender's address can be forged at will. Viewing the mail header allows you to find the real sender. You can view the header by using the following methods:

1) if you are reading the mail on the web page, open the mail directly and click "original" in the menu at the top of the mail display page to view the mail header.

2) if Outlook Express is used to receive mail, point to the mail. Do not open it. Right-click the mail, view the mail attributes, and click details to view the mail header. If there is a sender, the sender is followed by the real sender; if there is no sender, the last received ed from is the SMTP server used by the sender.

The basic expression format of the Receive statement is: from Server A by Server B, Server A is the sending Server, and Server B is the receiving Server. For example:

ReturnPath:

Received: from ns.enet.com.cn ([202.106.124.167])

By mail.777.net.cn (8.9.3/8.8.7)

With SMTP id TAA13043;

Thu, 28 Oct 1999 19:51:28 + 0800

Received: (from list @ localhost)

By ns.enet.com.cn (8.9.3/8.9.0) id RAA19714

For enewsdailylist; Thu, 28 Oct 1999 17:50:30 + 0800

Received: from chinanetweek.com ([210.72.235.218])

By ns.enet.com.cn (8.9.3/8.9.0)

With ESMTP id RAA19690

For <enewsdaily@enet.com.cn>; Thu, 28 Oct 1999 17:50:28 + 0800

Received: from chinanetweek.com ([10.1.2.105])

By chinanetweek.com (8.9.3/8.9.0)

With ESMTP id RAA05935

For; Thu, 28 Oct 1999 17:49:26 + 0800

(CST) In the last sentence, Server A in Receive is the sender's address, Server B is the sender's Server, and is the starting point of the mail. Server B in the first Receive statement is your own email receiving Server. The content of various servers in the header is not the same. Sometimes you cannot find any IP address or domain name in a row of Receive. In this case, you can ignore it and continue to search for it.

As shown in the preceding example, this email is sent from 10.1.2.105 (Dynamic Address). The transmission path is chinanetweek.com → ns.enet.com.cn → mail.777.net.cn.