Problem solve Get help with specific problems with your technologies, process and projects.

Can I trace email origin locations to thwart email attachment viruses?

Can tracing an email back to its origin help to prevent the threat of future viruses via email? Learn more in this expert response.

What are the best methods for tracing the origins of malicious email, and can doing so help mitigate the threat of malware-laden messages?
Tracing the source of a malicious email is difficult in most scenarios. First, to trace email origin locations, you can't trust the 'From' or the 'Reply-to' fields; you must look into the headers of the emails. (The methods for finding email headers will vary depending on the email clients, so check with your client vendor about how to view the headers.)

The headers will generally list the SMTP server where the email originated and the servers used to send the email to your server. Once you've traced the email in question back to its origins, you will most likely find a botnet or some other infected systems was used to send it, which makes identifying the origins less useful . Emails sent from botnets will show up as coming from compromised PCs as SMTP servers or relays, whereas legitimate users' emails will display their ISP or employer's servers. If you do identify the origin of the email as a botnet-infected system, you will have only opened the first layer in identifying the source of the malware; stopping the malware will require more effort. However, if you do to determine the origins, you may want to consider reporting the systems used to the organization or ISP responsible for those systems, so they can try to get the systems cleaned up.

However, identifying the source of a malicious email or email attachment viruses and individually blocking an SMTP server is not an effective way to block spam. There are blacklisting, whitelisting and antispam services that will essentially do this for you and save you the effort of doing it yourself. Some services or software allow you to upload suspected or confirmed malicious email, so it can be added to the block list; these services will check many factors to see if the email is malicious. Also, it's a good idea to configure your email system and clients securely. For example, blocking any executable files being sent via email is a common way to prevent the spread of malware.

This was last published in October 2010

Dig Deeper on Email and Messaging Threats-Information Security Threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.