Re: Tracing spammer - please help



"Neil Hindry" wrote:

I have been receiving spam of late and I want to report the sender to their
ISP but I have a problem. I have looked at the header of the email to see
who it is from but what I do not know is how to find out what ISP the
spammer is using to send the spam.

For example I have a message with the following header (I am pasting just
the relevant information):-

If you're unclear about decoding headers, how do you know what is
relevant?

Based on the the information you gave, The spam appears to have come
from a proxified machine in Brazil. There's no point in looking at
headers below this, since they are very likely to have been forged by
the spammer. This is almost always the case with spam these days; i.e.
you can only trust in the headers what your ISP says about from where
it received the mail.

Received: from [200.250.218.247] (helo=2F31F468)
by feynman.zen.co.uk with smtp (Exim 4.43)
id 1F9nPB-00024b-G2; Thu, 16 Feb 2006 17:59:03 +0000

I assume this header was added by your ISP (Zen) and is correctly
reporting that the host feynman.zen.co.uk received the mail from
200.250.218.247. If you go to http://www.dnsstuff.com and plug the
number into their spam database lookup tool you will see it appears
on a few blocklists as an open proxy. You can also find out to whom
the IP address is allocated by using their "whois" lookup tool.

See the links here for information about reading headers:
http://spamlinks.net/track-trace-headers.htm


.



Relevant Pages

  • Re: Need antispam software - mysterious spam encountered
    ... especially with respect to spam that ALWAYS has fake headers. ... >communication or transaction or payment for the ink. ... Has your ISP address ever been seen on the Internet ANYWHERE? ...
    (alt.computer.security)
  • Re: Cant copy "Message Source" area ?
    ... It didn't bring up the message source. ... > into the spam for the ISP to block them? ... The people designing the filters want to see the full headers ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Need antispam software - mysterious spam encountered
    ... > especially with respect to spam that ALWAYS has fake headers. ... >>communication or transaction or payment for the ink. ... > Has your ISP address ever been seen on the Internet ANYWHERE? ...
    (alt.computer.security)
  • Re: Cant copy "Message Source" area ?
    ... Forwarding the full message to ISP ... analyze the contents of Spam email, ... Microsoft Online Partner Support ... The people designing the filters want to see the full headers ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Cant copy "Message Source" area ?
    ... You were saying that you knew that that is what you should be able to do to capture headers but were unable to for some reason. ... into the spam for the ISP to block them? ... BTW have you misunderstood Sean Wu's second tip about using ... If your ISP would accept that it would be ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)