Many times we have been contacted by a worried caller, describing a situation where some of their email contacts claim they are sending them spam, and they want to know if they are. Surprisingly, this is a more difficult question to answer than one might think!

We are used to trusting email: where it came from, whom it was sent to, and so on. Leaving aside encryption, which is beyond the scope of this article, the surprising part is how little of a message can be verified. There is only one component of an email message that cannot be forged or invented. Any guesses?

The only component that cannot be falsified is the network address of the last mail server that handled your message before delivering it to you. Every server that handles your message puts its stamp on it, and while even the other stamps might be faked, the final one is not.

Everything else within the message – the date, who it was from, the recipients (even though you received it!), the subject, the body – every other entry can be falsified by the sender, and is a technique frequently used for spam.

This is why determining whether or not an individual is responsible for sending spam is not easy. There are email accounts I have had for years, and I periodically get spam emails that say they are from other users on the service, or even from myself! But if I look closely, I find out that none of those messages originated from my server, which they would have if they were sent legitimately from that service.

I’ll give you an example. Let us say that you are on GMail, and are receiving a spam message from a Hotmail user.

Every email contains a ‘header’, which is a list of technical information about the path that email took to get to you. Unfortunately, as it is technical, most clients hide that information, and forwarding on a message to your computer technician does not include those headers, so a simple forward may be insufficient.

If the header can be obtained, then the technician can see what path the email took. If the email originated on Microsoft’s servers, and was delivered to Google’s servers, then the message was not forged, and the sender of the message is most likely the culprit (possibly due to malware than actual ill-intent). But if he sees that the message actually originated in some server that has nothing to do with Microsoft or Google – possibly originating from another country – then the message is fraudulent, and the listed sender of the message may well be innocent.

You may also notice that there is, in the end, no reliable way to verify exactly who sent an email, if the actual sender denies having sent it and you don’t have direct access to the originating server (as most people don’t). However, most major email hosts will take action if someone is sending spam directly from their server, so the likelihood of, say, an AOL user sending you a message pretending to be from another AOL user is small.

This doesn’t mean every email you get is a fake, of course, but it should shed some light on how email has very little integrity-checking built-in. If a you get a message from anyone that does not read like a message you would expect from the sender, or they are including attachments when they usually never send them, be on your guard. Someone might just be trying to trick you into infecting your computer.