Spam Headers

Viewing full headers

Below are instructions on how you can view full headers of an email message using two popular email clients:

Pine

In Pine there is a configuration option that allows one to view full headers. To enable this feature, go to the main menu of Pine and:

Select "S"etup
Select "C"onfig
Find the line which says:
```
  [ ]  enable-full-header-cmd
 
```
If the line looks like the above, press "x" to select this option. With this option selected the line will look like:
```
  [X]  enable-full-header-cmd
 
```
Select "E"xit Setup
View the message in question
Press "h" to display the full headers (and press "h" again to hide them)
Now forward the original message in question to security@u.washington.edu making sure that the delivery headers appear in the forwarded message

Outlook Express

In Outlook Express you can view the full headers for an email message by doing the following:

View the message
From the File menu select "Properties"
Select the "Details" tab located near the top of the Properties window
The window should now be full of text. Using your mouse, click the right-most button and, after letting go of the button select "Select All"
All of the text should now be highlighted
Again, use the right-most mouse button, click once and after having let go of the mouse button select "Copy" from the menu
Now forward the original message in question to security@u.washington.edu and, from the "Edit" menu select "Paste" to include the delivery headers in the forwarded message

Understanding full headers

You must be able to understand full email headers if you are to find the origin of the sender. Documentation on how to read full email headers can be found at Stop Spam's Reading Email Headers or Panix's Examining Email Headers pages.

Getting network contact information

You can get network contact information using tools such as "whois" or "jwhois" in the UNIX environment. "whois" will search the ARIN database by default. "jwhois" will search ARIN, RIPE, and APNIC databases.

You can perform "whois" searches online via the following URLs:

Additionally, about.com has a good resource on getting contact information for a spammer's source IP address.

Remember, it is very important to include the original unsolicited commercial email message, and it's full email headers when reporting "spam" to network contacts.