You need to send the entire headers, including such things as recieved lines. Looking over those lines carefully will probably provide some clues. eg:
From owner-cypherpunks@toad.com Sun Sep 24 20:14:32 1995 Return-Path: owner-cypherpunks@toad.com Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by homeport.org (8.6.9/8.6.9) with ESMTP id UAA18842 for <adam@homeport.org>; Sun, 24 Sep 1995 20:14:30 -0400 Received: from toad.com by relay3.UU.NET with SMTP id QQziqi14036; Sun, 24 Sep 1995 20:10:07 -0400 Received: by toad.com id AA02191; Sun, 24 Sep 95 17:05:32 PDT Received: from crypto.com by toad.com id AA02182; Sun, 24 Sep 95 17:05:26 PDT Received: from tpc.crypto.com by crypto.com Sun, 24 Sep 1995 20:16:16 -0400 Message-Id: <199509250016.UAA19204@crypto.com>
| So I got this message. How would someone identify the sender of this | message? I'm writing an article on anonymity, with some discussion of | remailers, and want to argue that forging already permits people to raise | the costs of tracing significantly, anonymous remailers or no. | | Lee | | >From: freeh@fbi.gov | >Date: Tue, 24 Oct 95 16:07:08 -0400 | >Apparently-To: tien@well.sf.ca.us | >X-UIDL: 814570964.056 | > | >> How difficult is it to forge headers? How difficult is it to trace a | >> message to the actual sender if the header is forged? | > | >Not very difficult at all (to forge, that is). This is a quick and dirty | >example that should be somewhat traceable. If you want pointers on how to | >trace it, post the whole thing, including headers, to cypherpunks. -- "It is seldom that liberty of any kind is lost all at once." -Hume