E-mail is Dead, Long Live E-mail
You may have at one point in time replied to each piece of spam you received. Perhaps you politely requested to be removed from the spammer's list. Perhaps you weren't so polite. Perhaps you gave that spammer a piece of your mind, feeling better about the whole thing until you got back a message from a bewildered person who couldn't fathom why you were e-mailing them, much less why you were so angry at them. So, did they or did they not send that piece of spam?
Usually, the answer is no, they didn't. But you hit the reply button? You sent the message back to the person listed in the "From" field of the message. How could the "From" field not be who the message was from?
The answer is that, in a way, e-mail is fundamentally broken. E-mail dates back to a time when the Internet was primarily the domain of researchers, system administrators, and the military. Lists of all the addresses on the Internet were kept in text files and distributed to all the hosts. The concept of spam was alien. And then came the World Wide Web and the commercial explosion of the Internet. Systems that used to be based on trust became the targets of abuse by spammers.
Though that may explain the environment that bred the current situation, it doesn't necessarily explain how e-mail is broken. It certainly doesn't explain why the "From" address does not always tell us who the message is from or why the "To" address is not always your address. The answer is that, simply put, those fields are meaningless. The person sending their e-mail can manipulate those fields any way they want to. They don't affect the delivery of the message.
What most people are not aware of is that a piece of e-mail actually has two parts. They resemble the parts of a snail mail message, the envelope and the message itself. Unlike snail mail, however, you never see the envelope. You only see the message. Only the servers involved in receiving and delivering the message see the envelope.
The envelope contains the real "To" address. Without that, the message could not be delivered. The envelope also contains the purported "From" address, but even in the envelope, that may not be correct. Again, this goes back to earlier, more trusting days on the Internet. Anyone could use anyone's server to send mail. There was no system for authentication, proving who you are before you send a piece of e-mail. That is generally no longer the case, but there are still quite a few misconfigured mail servers out there that allow anyone to send e-mail. These servers go a long way towards enabling the spammers.
So, before you fire back a hasty reply to a piece of spam with a few choice words, keep in mind that the you may be unleashing your wrath on an unwitting, innocent person. In fact, many spammers will actually use other addresses on their mailing list, other people just like yourself, in the "From" field to get by spam filters. So, your reply may just find its way to another one of the spammer's victims.
If, however, you absolutely must track down the origin of a piece of message, spam or otherwise, for whatever reason, it is sometimes possible. First, review the literature on the subject, which can be found throughout the Internet. If you have questions, or need information from our mail server, you can contact c4.net and we will help you in anyway we can.
Keep in mind, however, that the origin of a piece of e-mail, especially of the more offensive messages, is just as likely to be a foreign country, one that doesn't speak English, and where US laws don't apply. Locating the source of message rarely reveals more than a misconfigured server thousands of miles away whose administrator is, for all intents and purposes, unreachable or unwilling.