Learn how to examine the header of an email message to determine where it originated and what mail servers and relays it passed through. While this information certainly is not needed to use the SpamStopsHere service, you can use it to:
While email programs do not normally display the full Internet headers for an email message by default, all Internet email messages have a very detailed header that shows where the email originated, to whom it was sent, what relays it passed through, when it was received, and more.
All Internet email clients should be capable of showing you the full Internet headers of an email message, but you may need to read the documentation that came with it to determine how to do this. There are too many email clients for us to list instructions for them all, but following are some instructions for viewing headers on some versions of the two most popular email clients.
If these instructions do not seem to work for you, you may have a different version of these programs. Please consult the documentation for your email program for instructions on viewing the full Internet headers of an email message.
Some office or home environments may use a local email client for delivery, rather than an Internet client, which can result in messages being stored on a local server. If this is the case, you may not be able to retrieve the Internet headers, as your Internet email message will have been converted into a local email message. Please contact your mail server administrator about how to retrieve the Internet headers for your messages.
The header contains the "Return-Path:", "Subject:", "From:", and "To:" fields with which you may be familiar. Note that in spam, the "From:" and "To:" fields are usually fake.
The "Received:" field is the key to this discussion; there are often two or more of these fields. Typical header fields when using the SpamStopsHere service is:
Received: from fwd.spamh.com ([188.8.131.52]) by mail.example.com (8.12.11/8.12.9) with ESMTP id i44J35uS038665 for ; Tue, 4 May 2004 15:05:12 -0400 Received: from relay.spamh.com (relay.spamh.com [184.108.40.206]) by out.example.com (8.12.11/8.12.11) with ESMTP id i44J58dF005675 for ; Tue, 4 May 2004 15:05:09 -0400
Each mail server or relay involved in sending the message from the source to your mail server adds a detailed "Received:" field.
In the example above, the top "Received:" field indicates that the email was received from "fwd.spamh.com" (the forwarding server) by "mail.example.com" the destination mail server.
relay.spamh.com is one of the possible SpamStopsHere filtering "relays". Other names are possible at the spamh.com domain. This confirms that the SpamStopsHere service is active and that this message passed through our service instead of bypassing it.
The X-SpamH-CheckIP header shows the IP address of the actual mail server that delivered the email message to our servers. The X-SpamH-IP-RBL header shows that that IP address was black listed by the bl.spamcop.net third party Real-Time Blacklist. This user is modifying the subject for messages identified by this filter.
Received: from fwd.spamh.com ([220.127.116.11]) by mail.example.com (8.12.11/8.12.9) with ESMTP id i44J35uS038665 for ; Tue, 4 May 2004 15:05:12 -0400 Received: from relay.spamh.com (relay.spamh.com [18.104.22.168]) by out.example.com (8.12.11/8.12.11) with ESMTP id i44J58dF005675 for ; Tue, 4 May 2004 15:05:09 -0400 X-SpamH-CheckIP: 22.214.171.124 X-SpamH-Recipient: X-SpamH-ID: i44J58dF005675 X-SpamH-IP-RBL: IP Blacklisted in RBL bl.spamcop.net X-SpamH-Action: MODIFY SUBJECT
You can create a domain whitelist to ensure that important clients and contacts are never blocked, even if they send you spam.
To create the whitelist, you must determine the IP address of the mail server used by your client/contact. This can be done by examining the header of an email sent by them to you and looking at the X-SpamH-CheckIP header. This is the IP address which you enter into your domain whitelist.
Refer to Using the Control Panel for directions for creating a personal whitelist.
Once the IP address has been added to your personal whitelist, it will never be blocked for your domain.
You can also create a domain "black list" to block e-mail from certain sources. We do not recommend using it to block any remaining spam. However, it can be used to block someone who is harassing your employees.
Refer to Using the Control Panel for directions and many cautions!
To create the blacklist, you must determine the IP address of the mail system you wish to block. The method is exactly the same as for the Whitelist.