How to Identifying the Source of E-mail that has a Virus or is Abusive
How to Report it to the Internet Service Provider (ISP)

1.How to View the E-mail Header

OUTLOOK EXPRESS
Open the message first. Select 'FILE' from the options menu. Listed as an option is: 'PROPERTIES'. Another window should open showing two tabs. Choose the one titled 'DETAILS'. Cut and paste the headers into the message you want to send (back to us).

OUTLOOK 2000
Click on the email (do not double click on the mail to open it and do not open the attachment), right mouse click while the mail is highlighted in your inbox, select options; a window will open; highlight the 'internet headers' section from the indented box at the bottom of the window; right mouse click and then copy and paste the headers into a new email.

NETSCAPE MAIL
 Open the mail. Select 'OPTIONS' from the options menu. There is an option : 'Show Headers', then select full headers.

2. How to Identifying a User from an E-mail Header

Note:-
 When reporting E-mail abuse, it is important that you give as much information as possible, to allow the originating ISP to investigate the problem. The information they (the originating ISP) needs is the FULL headers from E-mail/s (I cut and past the Header info into an E-mail to the originating ISP), it is important to include all lines.

Obtain the Header information as given in 1 above then read the instruction below.
E-mail Headers look something like this one:

From a_user@think.of.a.system.com Sat May 31 08:02:29 2002
Received: from mail10.svr.pol.co.uk (mail10.svr.pol.co.uk [195.92.193.214]) by badguy.com
(8.9.1a/8.9.1) with ESMTP id HAA02478 change@badguy.com for ; Sat, 31 May 2002 08:02:28 -0800 (PST)
Received: from modem-86.dead.dialup.pol.co.uk ([51.120.195.26] helo=default) by mail10.svr.pol.co.uk with smtp (Exim 2.10 #1) id 10EaOm-0004st-00 for changed@badguy.com; Sat, 31 May 2002 18:03:25 +0000
Message-ID: <00a401be5dab$10fd9e80$02000003@peterste>
From: "Roger Rabit" a_user@think.of.a.system.com
To: "A N Other" changed@badguy.com
Date: Sat, 31 May 2002 18:04:30 -0000

The email headers show the path that the message has taken from the sender to the recipient. To identify where the E-mail actually originated from you need to identify the originating IP address. Note that the line begin with "Received: from…" and not "Received: by…" (must begin with).

From the example above the relevant details are highlighted in RED; the originating IP address is 51.120.195.26 and the E-mail was sent on 31 May 2002 18:03:25 +0000 (this date is the first date that appears after the originating IP address, not the date in the "Date:" field). When reporting E-mail abuse always forward the entire header.

Once you have obtained the email headers, go to http://www.ripe.net/perl/whois Query the Ripe Whois Database. Enter the ISP ("Received: from…") in the search box, then click on the search button, all the information on the originating ISP will be displayed.

From the originating ISP send a (E-mail) report with the FULL Header information (paste it into the E-mail) and contents or details of the offending E-mail to abuse@theISP.com (theISP.com is the "Received from" i.e. for Freeserve it would be:- abuse@freesereve.com.

  



HOME PAGE - Feasibility Study - Some History - Distance Table - Accommodation - SITE MAP - Links

Gallery The Locks - Gallery Places - Gallery Scenery & Misc. - Gallery The Past