When email fails to be received or sent and delivered (often resulting in a bounced error being returned to the sender) it may be necessary to check the email headers of a message to determine what issue caused the email to fail.
Email headers are included in every email and provide detailed information about the journey an email has taken. Details will include basic information like the recipient, time and sender, but also include exhaustive information on every server the message passed through on its way from the sender to the recipient. Email headers often contain extra details about why an email may have failed to be delivered successfully or why it was rated as spam.
Note that if you see multiple Received: from sections in the message header, use the last one in the sequence.
EarthLink abuse can only investigate spam or junk mail that originated from our network. If you are unsure where the spam message originated, please use the following document to determine the ISP or company from where the message originated.
From the examples given above, the third example contains the IP address of the sender's email server.
The IP address of the sender's mail server is 207.69.148.34.
You will now need to go to a Web site that will identify who owns the IP address. One such site is
There are other sites that provides information on IP addresses. Use the site that you are most comfortable with.
You will see a field to enter the IP address. Either copy and paste or manually enter the IP address and press the Submit button. A search for 207.69.148.34 IP address yields the following information:
OrgName: EarthLink, Inc.
OrgID: ERMS
Address: 1439 PEACHTREE ST NE
City: ATLANTA
StateProv: GA
PostalCode: 30309
Country: US
If the message is not from an EarthLink customer, you will need to notify the domain's support department of the email. This will require a small amount of detective work. You will need to find the support email address of the ISP responsible for the IP address. First, use whois to get IP information on the original IP address that sent the spam email. Then try finding the Web site of the company or ISP based on the whois information. Search for the Web site or ISP's contact information - most companies will use either support@domain or abuse@domain formats. You will need to forward the original email including the full or extended headers. You should also include a note stating that you received this from one of their customers and need to take the appropriate action.