How to Identify the REAL Source of an unsolicited E-mail

The Problem:

You get home from work and decide to check your e-mail. After signing in and downloading your e-mail, you see a message from your best friend or a relative. The subject line looks a little strange, but you open the e-mail anyway to see...an ad for pharmaceuticals of a dubious nature, or an ad for a pr0n site, or perhaps a virus. You double-check the e-mail address, and sure enough, it's from your friend. Or is it?

You see, e-mail is delivered using a protocol known as "SMTP"--Simple Mail Transfer Protocol, or, more likely now, "ESMTP", the Extended Simple Mail Transfer Protocol. When the original specifications for SMTP were written, the Internet was mostly used by researchers, academics and scientists, for whom the ethics of "forging" someone else's e-mail address was not a question--it wouldn't be done, period, or you would be shunned by your professional community. As a result, there was no mechanism written in to the SMTP protocol to verify that you were who you said you were. So, it is quite easy to forge an e-mail address. I'm not going to tell you how; I can't control who reads this document, and if you want to forge messages, I don't want to enable you. However, if you are interested in learning the process so that you can understand what's happening (rather than looking for a cookie-cutter template so you can send spam without getting caught), then you can probably find what you need to know by reading RFC821 which defines the SMTP protocol.

Now, of course, everyone in the world (well, almost everyone...) is on the Internet. While most of those people would abide by good netiquette, there are some who don't. (Need proof? Who writes all those viruses that you read about in the paper?). So, how do you know who really sent the e-mail when you receive spam or virii in the mail? And, even if you find out who sent the message, what do you do about it?

Next: Who Sent It???