Re: Tracing spammer - please help
- From: "Ant" <not@xxxxxxxxxx>
- Date: Wed, 22 Mar 2006 03:36:36 -0000
"Neil Hindry" wrote:
I have been receiving spam of late and I want to report the sender to their
ISP but I have a problem. I have looked at the header of the email to see
who it is from but what I do not know is how to find out what ISP the
spammer is using to send the spam.
For example I have a message with the following header (I am pasting just
the relevant information):-
If you're unclear about decoding headers, how do you know what is
Based on the the information you gave, The spam appears to have come
from a proxified machine in Brazil. There's no point in looking at
headers below this, since they are very likely to have been forged by
the spammer. This is almost always the case with spam these days; i.e.
you can only trust in the headers what your ISP says about from where
it received the mail.
Received: from [220.127.116.11] (helo=2F31F468)
by feynman.zen.co.uk with smtp (Exim 4.43)
id 1F9nPB-00024b-G2; Thu, 16 Feb 2006 17:59:03 +0000
I assume this header was added by your ISP (Zen) and is correctly
reporting that the host feynman.zen.co.uk received the mail from
18.104.22.168. If you go to http://www.dnsstuff.com and plug the
number into their spam database lookup tool you will see it appears
on a few blocklists as an open proxy. You can also find out to whom
the IP address is allocated by using their "whois" lookup tool.
See the links here for information about reading headers:
- Prev by Date: Resource for developing your own accounting software using MS technologies
- Next by Date: Re: I can't post to this group
- Previous by thread: Re: Tracing spammer - please help
- Next by thread: Websense Reports Organized Phishing Attack on More Than 100 Financial Institutions