Note that if you see multiple Received: from sections in the message header, use the last one in the sequence.

EarthLink abuse can only investigate spam or junk mail that originated from our network. If you are unsure where the spam message originated, please use the following document to determine the ISP or company from where the message originated.

How Can I Determine the Origin of an Email Message

Sample extended email message header

1. Return-Path: mailbox@mindspring.com
   
2. Received: from mailmule0.mindspring.com (mailmule0.mindspring.com [204.180.128.191]) by mailgrunt1.mindspring.com (8.7.4/8.7.3) with ESMTP id TAA09377 for ; Mon, 24 Feb 1997 19:30:43 -0500 (EST)
   
3. Received: from LOCALNAME (user-37kb512.dialup.mindspring.com [207.69.148.34]) by mailmule0.mindspring.com (8.8.4/8.8.4) with SMTP id TAA00875; Mon, 24 Feb 1997 19:30:34 -0500 (EST) Date: Mon, 24 Feb 1997 19:30:34 -0500 (EST)
   
4. Message-Id: 1.5.4.16.19970224193529.22e79a46@pop.mindspring.com
   
5. X-Sender: mailbox@pop.mindspring.com X-Mailer: Windows Eudora Light Version 1.5.4 (16)
   
6. Organization: MindSpring Enterprises Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"
   
7. To: MindSpring Technical Support Desk From: mailbox@mindspring.com Subject: Reading Mail Headers Cc: mailbox@mindspring.com
   

From the examples given above, the third example contains the IP address of the sender's email server.

Received: from LOCALNAME (user-37kb512.dialup.mindspring.com [207.69.148.34])

The IP address of the sender's mail server is 207.69.148.34.

Using Whois Site to Determine Owner of IP Address

You will now need to go to a Web site that will identify who owns the IP address. One such site is

http://whois.arin.net/ui

There are other sites that provides information on IP addresses. Use the site that you are most comfortable with.

You will see a field to enter the IP address. Either copy and paste or manually enter the IP address and press the Submit button. A search for 207.69.148.34 IP address yields the following information:

Search results for: 207.69.148.34

OrgName: EarthLink, Inc.
OrgID: ERMS
Address: 1439 PEACHTREE ST NE
City: ATLANTA
StateProv: GA
PostalCode: 30309
Country: US

 Where to Report the Junk or spam Mail Message

If the message is not from an EarthLink customer, you will need to notify the domain's support department of the email. This will require a small amount of detective work. You will need to find the support email address of the ISP responsible for the IP address. First, use whois to get IP information on the original IP address that sent the spam email. Then try finding the Web site of the company or ISP based on the whois information. Search for the Web site or ISP's contact information - most companies will use either support@domain or abuse@domain formats. You will need to forward the original email including the full or extended headers. You should also include a note stating that you received this from one of their customers and need to take the appropriate action.