- Sample extended email message header
- Determing IP address of Sender's Mail Server
- Using Whois Site to Determine Owner of IP Address
- Where to Report the Junk or spam Mail Message
- Return-Path: firstname.lastname@example.org
- Received: from mailmule0.mindspring.com (mailmule0.mindspring.com [126.96.36.199]) by mailgrunt1.mindspring.com (8.7.4/8.7.3) with ESMTP id TAA09377 for ; Mon, 24 Feb 1997 19:30:43 -0500 (EST)
- Received: from LOCALNAME (user-37kb512.dialup.mindspring.com [188.8.131.52]) by mailmule0.mindspring.com (8.8.4/8.8.4) with SMTP id TAA00875; Mon, 24 Feb 1997 19:30:34 -0500 (EST) Date: Mon, 24 Feb 1997 19:30:34 -0500 (EST)
- Message-Id: email@example.com
- X-Sender: firstname.lastname@example.org X-Mailer: Windows Eudora Light Version 1.5.4 (16)
- Organization: MindSpring Enterprises Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"
- To: MindSpring Technical Support Desk From: email@example.com Subject: Reading Mail Headers Cc: firstname.lastname@example.org
From the examples given above, the third example contains the IP address of the sender's email server.
Received: from LOCALNAME (user-37kb512.dialup.mindspring.com [184.108.40.206])
The IP address of the sender's mail server is 220.127.116.11.
You will now need to go to a Web site that will identify who owns the IP address. One such site is
There are other sites that provides information on IP addresses. Use the site that you are most comfortable with.
You will see a field to enter the IP address. Either copy and paste or manually enter the IP address and press the Submit button. A search for 18.104.22.168 IP address yields the following information:
Search results for: 22.214.171.124
Address: 1375 PEACHTREE ST, LEVEL A
If the message is not from an EarthLink customer, you will need to notify the domain's support department of the email. This will require a small amount of detective work. You will need to find the support email address of the ISP responsible for the IP address. First, use whois to get IP information on the original IP address that sent the spam email. Then try finding the Web site of the company or ISP based on the whois information. Seach for the Web site or ISP's contact information - most companies will use either support@domain or abuse@domain formats. You will need to forward the original email including the full or extended headers. You should also include a note stating that you received this from one of their customers and need to take the appropriate action.