You can tell who the message is really from by reading the header and we follow up with a complaint to their ISP.
The people who send spam and so on, often pretend to be from an established company like Redwood Games (or CityBank or Microsoft -- that's a favorite). Unfortunately, Redwood Games has been around long enough and is popular enough that we are being "spoofed" now too.
For those of you who are tired of spam and virus emails, you can do the same thing we do. Look at the header info Here's an example of a real spoofed email I got. The header is generated by my mail program which happens to be Mozilla. You are most likely using Microsoft Outlook which may look a little different. The principals are the same, though:
|From - Thu Nov 25 09:38:28 2004 <== ignore this
X-UIDL: 643076a836401104f0e2d0f330224674 <== ignore this
X-Mozilla-Status: 0201 <== ignore this (I use mozilla instead of outlook)
Return-path: <email@example.com> <==I changed the email
Envelope-to: firstname.lastname@example.org <==this is my ISP's handling computer
Delivery-date: Thu, 25 Nov 2004 14:34:19 -0500 <== ignore this
Received: from email@example.com with local-bsmtp (Exim 4.43)
id 1CXPNd-00037M-St <== ignore this
for firstname.lastname@example.org; Thu, 25 Nov 2004 14:34:16 -0500 <== ignore this
Received: from [22.214.171.124] (helo=ypjtpkr.com) <== THIS IS IT!
by myisp.hmdnsgroup.com with smtp (Exim 4.43)
for email@example.com; Thu, 25 Nov 2004 14:34:09 -0500
From: the faked email (such as Kc@RedwoodGames.com)
Date: Thu, 25 Nov 2004 18:46:59 GMT
Subject: Your Password
Turns out this email did not originate with the spoofed address (which I changed to protect the innocent). But rather it appears to come from some not very nice person in New Zealand. In order to find this out I first went to our US "whois" database at Network Solutions. There I inputted the "IP" address (see above in red) and found out that the bad guy was not on our "ARIN" system but rather on the "APNIC" system that serves the Pacific Rim. I followed the APNIC link to their system and again put in the IP number from above and found out the name of the bad guy.
Often you will recognize their domain name as one of the big providers like Oceanic Cable or Earthlink and then you are in good shape because all you have to do is send an email to firstname.lastname@example.org with the message (minus any attachments) and they will take care of the guy.
To find out more about tracking down the bad guys see this page.