First, let's talk about some email basics. Each email message has two primary parts to it -- the actual message itself, and the "headers". The headers function much like an envelope does in the postal mail world. It has some information about where the letter supposedly came from (the "From" header), who the letter is supposed to go to (the "To" header), anyone that's supposed to get a carbon copy of the letter (the "Cc" header), and postmark-like information ("Received" headers) so you can see which computers processed the message as it made its way from sender to recipient. In the example below, you can see who the letter is from (in this case, scott@human.com), who the letter is supposed to go to (in this case, dwelch@phoneboy.com), and each machine that was responsible for delivering the message from Scott to me.
Received: (from phoneboy@localhost)
by shell3.ba.best.com (8.8.5/8.7.3) id JAA08354
for dwelch; Wed, 16 Jul 1997 09:14:51 -0700 (PDT)
Received: from proxy2.ba.best.com
(root@proxy2.ba.best.com [206.184.139.13])
by shell3.ba.best.com (8.8.5/8.7.3) with ESMTP id JAA08327
for <phoneboy@shell3.ba.best.com>; Wed, 16 Jul 1997 09:14:47 -0700 (PDT)
Received: from people.human.com (people.human.com
[165.227.247.2])
by proxy2.ba.best.com (8.8.5/8.8.3) with ESMTP id JAA18910
for <dwelch@phoneboy.com>; Wed, 16 Jul 1997 09:12:53 -0700 (PDT)
Received: from icrunch.human.com
(icrunch.human.com [205.179.92.132])
by people.human.com (8.8.5/8.8.5) with SMTP id IAA23977
for <dwelch@phoneboy.com>; Wed, 16 Jul 1997 08:34:40 -0700 (PDT)
Message-ID: <2.2.32.19970716161250.00a0cc30@people.human.com>
X-Sender: scott@people.human.com
X-Mailer: Windows Eudora Pro Version
2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed,
16 Jul 1997 09:12:50 -0700
To:
"Dameon D. Welch" <dwelch@phoneboy.com>
From: Scott
Deardorff <scott@human.com>
Subject: Re: Meeting tommorow.
When a friend, associate, or family member sends you an email, the header information will usually be accurate, thus facilitating easy response to an email message. It's also easy to tell that a message is directed at you because the "To" or "Cc" headers include your email address. Messages that you get from mailing lists do not appear directly addressed to you. Instead, they appear addressed to some other address. When you send the RadioNet staff email at radionet@radionet.com, you are actually sending it to a small mailing list. When the staff receives messages addressed to radionet@radionet.com, the "To" or "Cc" header in the email appears addressed to radionet@radionet.com just as it was sent. Once the mail is received at RadioNet's servers, the mail is blind carbon copied to each person on this mailing list. Blind carbon copies are used to "hide" each person that is getting a copy of the message. A similar mechanism is used for our RadioNet mailing list.
Spammers use special email programs that will "blind carbon copy" thousand upon thousands of people at once. Based on the email headers, the intended recipient of the email they send out appears to be a bogus email addresses. The "From" and "Reply-To" headers are intentionally given incorrect information so that it will be impossible to easily send the spammer a reply. Advanced spammers also delete or otherwise tweak the various "Received" headers so that you can not tell what servers the email traversed before it got to your inbox. All of these techniques make it difficult to track down a spammer.
With this in mind, an easy, though not completely foolproof method for filtering spam is to check for known addresses in email headers. Messages from associates, friends, or relatives will most likely be addressed directly to you. This means your email address will either appear in the "To" header or the "Cc" (or carbon copy) header. If the email address is not contained in the "To" or the "Cc" header, it was most likely sent via a blind carbon copy from some kind of mailing list. If you subscribe to mailing lists, you can usually filter these messages on the basis of the "To" or "Cc" headers as well. Once you've accounted for these sorts of messages, most everything else is probably spam. These messages can be directed to a "spam" folder of some sort or deleted altogether, depending on the capabilities of the mail filter you use and your personal preferences.
My filtering program of choice a powerful filtering program called "procmail" that allows you to process email in just about any conceivable way. I use it to filter wanted email into various folders. I also scan the email for both random and known spammers and, in some cases, I actually send an email back. This doesn't always work since spammers often use invalid return addresses, but those that do use valid addresses get email back. For those of you with Unix shell accounts, you may want to check out this link to "The Spam Bouncer," which uses a comprehensive procmail 'recipe' to filter out known spammers. I have incorporated it into my own procmail recipes that I use for my own filtering needs. The Spam Bouncer page also goes thru some basics of the procmail program, which is more geared towards intermediate and advanced Unix users.