E-Mail Source

How to find the real sender of your message.

Graphic version

Right click the message you want to trace.
Click properties
Select the details tab

You will see a bunch of stuff in there that looks like this
************************************************************
Received: from [64.26.149.99] by LT.linetap.com with smtp
id 0b0e2bb8 ; Sat, 8 Nov 2003 11:17:42 -0500
Received: from harfang.cira.ca (harfang.cira.ca [64.26.149.118])
by grive.cira.ca (8.10.1/8.10.1) with ESMTP id hA8GH7k27138;
Sat, 8 Nov 2003 11:17:07 -0500 (EST)
Date: Sat, 8 Nov 2003 11:17:07 -0500 (EST)
From: CIRA - ACEI
Message-Id: <200311081617.hA8GH7k27138@grive.cira.ca>
To: mbarber@linetap.com
Reply-to: caprd@cira.ca
jbin-id: 6759498
Subject: Domain Name Registration(S) Renewed
**********************************************************
This is what they call the mail header information. This information has to be there or the message can not be delivered. So, when the "computer experts" say ... "Oh, we can't trace the messages" they are lying. There is just too much money to be made fooling people with Spam.

So as you can see, this the very first line is what you want.
Select and copy the IP address in the first line eg: 64.26.149.99 (it will likely be a different one than this.
Open this website whois.bw or this website ARIN whois
Paste the IP address in the box that says "Enter a domain name:"
Then click the WHOIS button

This should bring up information about where the message came from. Sometimes you will have to click other IP's in the list that comes up because the list is to general. But this is definitely the source of the message.

This whois can also be used to find out who you are really dealing with.
Check out some of the websites you visit by typing their name in the box
try linetap.com now you see why all the crooks don't want this type of information displayed at the registrars database. I think it should always be their freedom of information.