So It Came From a Mailing List — Where Did It Come From Before That?

This is the third in a series of arti­cles on read­ing inter­net mes­sage head­ers. If you haven’t already done so, please read the first two arti­cles, Read­ing Inter­net Mes­sage Head­ers, and Where’d That Email Come From?

Mes­sages sent through mail­ing lists are a bit dif­fer­ent than those sent directly to one or more email addresses. There are many dif­fer­ent pro­grams that run mail­ing lists, and each of them seems to do slightly dif­fer­ent things to the head­ers depend­ing on the soft­ware and how it is con­fig­ured. Unless you have access to the mes­sages before they go through the mail­ing list soft­ware, it can be very dif­fi­cult to really know the ori­gin of those mes­sages. Lis­town­ers may or may not have access to the records of where the mes­sages orig­i­nated, depend­ing on whether they run their own server and list soft­ware or are using a ser­vice like EGroups or List­Bot.

Here’s an exam­ple of a mes­sage sent through EGroups:

Received: (from root@localhost)
	by (8.10.2/8.10.2) id e6M6ouU25336
	for; Sat, 22 Jul 2000 02:50:56 -0400
Received: from ( [])
	by (8.10.2/8.10.2) with SMTP id e6M6olc25331
	for <>; Sat, 22 Jul 2000 02:50:47 -0400
Received: from [] by with NNFMP; 22 Jul 2000 06:48:27 -0000
Received: (qmail 11241 invoked from network); 22 Jul 2000 06:48:22 -0000
Received: from unknown ( by with QMQP; 22 Jul 2000 06:48:22 -0000
Received: from unknown (HELO ( by mta1 with SMTP; 22 Jul
 2000 06:48:22 -0000
Received: from localhost (spoons@localhost) by (8.9.3/8.9.2/ with
ESMTP id XAA04661 for <>; Fri, 21 Jul 2000 23:48:22 -0700 (PDT)
X-Authentication-Warning: spoons owned process doing -bs
Message-ID: <>
From: Barbara Mikkelson <>
MIME-Version: 1.0
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Fri, 21 Jul 2000 23:48:22 -0700 (PDT)
Subject: [ulrp-update] Urban Legends Reference Pages Update #33  
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

As you can see, EGroups is con­fig­ured so that you can tell where the mes­sage orig­i­nated — from a shell acount user at who had the IP address when she sent the mes­sage. The fol­low­ing lines:
X-eGroups-Return: sentto-125177–
Mailing-List: list; con­tact
Delivered-To: mail­ing list
List-Unsubscribe: <>

dif­fer from mes­sages sent with­out mail­ing list soft­ware, but all are fairly clear. The first is used by EGroups to track mes­sages that bounce. The sec­ond is used to indi­cate which mail­ing list the mes­sage came from (, and gives the con­tact address for the owner of that list. The third is, again, just the mail­ing list name. The fourth gives the address to which an unsub­scribe request would be sent, in case the recip­i­ent doesn’t want to receive fur­ther mes­sages from that list.

I’m also on mail­ing lists run through List­Bot, and some are con­fig­ured so that I can see where mes­sages orig­i­nated, while some are not. I’m assum­ing that’s some­thing con­trolled by the indi­vid­ual list owners.

Return-Path: <>
Received: (qmail 17645 invoked from network); 24 Nov 2000 21:23:22 -0000
Received: from unknown (HELO (
  by with SMTP; 24 Nov 2000 21:23:22 -0000
Received: (qmail 3820 invoked by uid 0); 24 Nov 2000 22:08:24 -0000
Date: 24 Nov 2000 22:08:24 -0000
Message-ID: <975103704.2299.qmail@ech>
To: List Member <>
Mailing-List: ListBot mailing list contact
From: "Dead Troll News" <>
Delivered-To: mailing list
Subject: Dead Trolls & Lost Scrolls at Christmas

All I know about the above mes­sage is that it was sent through List­Bot by the owner of the Dead Troll mail­ing list (they’re a com­edy group, in case you were won­der­ing). That list is announce­ment only, so only the lis­towner can send mes­sages. If I had rea­son to try find­ing out where the mes­sage orig­i­nated, I’d have to try to con­tact the lis­towner or some­one at List­Bot.

In the next arti­cle we’ll talk about mes­sages posted to news­groups.

Orig­i­nally pub­lished Feb­ru­ary 12, 2001

Leave a Reply

Comments links could be nofollow free.