There's no way to prevent it before the fact (but google for "SPF") The only IP you could reasonably trust would be the one that the recipient's mail server recorded. The spammer can't forge headers that haven't been added yet, so anything that the recipient's mail server recorded couldn't have been forged (by the spammer). Unfortunately, the most you'll be able to do with that IP is send off an abuse complaint to the ISP responsible. It will most likely turn out to be a hacked/trojaned/proxied Windows zombie, an open-relay in another country, a throw-away dial-up from some big nation-wide provider, or part of a hijacked IP block. Nothing useful in tracing the spammer. A popular approach for finding spammers is to follow the money - look and see who owns the spamvertised website (although they have some tricks to make this difficult), who owns the 800 number, etc. On Mon, 2004-05-24 at 07:06, Loren H. Burlingame wrote: > I am starting to get a lot of bounce messages due to some spammer using > my domain (lorenburlingame.com) in their mailings. > > It looks to me as though all of the relevant headers are forged and as > far as I can tell there is no way to trace the message back to an IP. > > Anyone have any advice on how to handle something like this? > > Thanks > > LB > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > Help beta test TCLUG's potential new home: http://plone.mn-linux.org > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list