In order to 'go to the source' in tracking down spam. there is
no substitute for having the 'full headers' which show every server
along the way that a given piece of spam took.
With this information, we can more effectively contact the administrator for
an unsecured server, and help that admin close down the (often
inadvertently) unsecured servers. The principle of accepting email from
properly configured, and 'acountable' remote email servers underlies the
objective DSBL 'realtime block list'.
See the narrative on reading email headers
here
(gone dark) ( local copy) is pretty
good.
Several recipient side tools for detecting likely 'spam' content in real
time exist. One is Spam Assassin, which allows an email server to 'look
for' several indicia of 'spam' and to mark as 'suspect'. (local copy of InfoWorld
analysis [pdf], and detail graphic
(local copy).
See also: email, No spam policy
