I have read quite a few of the Manuals and Tutorials that came with the SamSpade tool That I got from www.samspade.org

I have also read RFC 821 regarding SMTP.

Periodicaly I still recieve the odd spam in my inbox, as a result I decided that I would help reduce spam by traceing the ocasional spam I get in my inbox. I have set up my hotmail account to show the full email headers. From there I have all the information I need to trace down and report a spammer. What I do is fist identify the point of forgery, then use that information to further trace down the origin of the letter. I have been useing www.samspade.org www.internic.com and the Samspade tool that you can find at www.samspade.org

Recently I have reposrted two spamm emails to the Federal Trades Commission and to what I believed to be the ISP of the senders. I recieved a reply from a few of recipitants basicaly stateing that the person in question is not related to them but rather a customer, and kindly they redirect me to the whois database where I can find more spasific information on that particular user.

So here are my questions:

If I have determined the ISP or IP block owner of a spam letter, are they responsible to further investigate their system logs to determine the user in question, or is it my responibility to futher find that particulat user given the whois server spesified in the e-mail.

If i get some fake DNS responce from a tracerout done at www.samspade.org does that mean the "spammers" server is suplying a host name not belonging to them and is that illegal?

How can I determine the real host name if supplyed with a fake DNS responce from a traceroute?