Hello,
Tracking down a spammer is actually the act of tracking down their
provider, and then lodging a complaint with that service provider. A
service provider is not likely to provide you with the actual name of
the person who sent the message without a court order or subpoena. If
the spam came from a known spamming gang, their identification may be
publicly posted on several anti-spam websites, such as
www.spamhaus.org or www.spews.org. you can also post a message to the
Usenet group news.admin.net-abuse.email (NANAE) asking for assistance
finding the persona behind the spam. (see Google Groups) There is a
good chance that one of the regular readers in NANAE knows who the
spammer is.
One important note about tracking down spammers: Spammers routinely
exploit weaknesses on innocent people's computers to send their spam,
or they spam from "throwaway" accounts that they know will be shut
down. Do not assume that the source IP of the spam belongs to the
actual spammer.
It is also common for spam to originate from a "rogue" provider that
allows their customers to send spam without consequences. Complaining
to the "rogue" providers can sometimes cause you more trouble than you
bargained for - as the "provider" may actually be a false front for
the spammers themselves.
See http://www.spamhaus.org for listings of known Rogue providers.
Because it is sometimes risky complaining to spammer-hosting ISPs, I
would like to suggest to you a free service called SpamCop at
http://www.spamcop.net. When you forward your spam to SpamCop,
SpamCop will automatically trace the message origin and the hosts of
the advertised websites, and alert the applicable administrators. Any
providers that do not shut down their spammers may end up on the
widely-used SpamCop blacklist.
While it is important to alert the ISPs involved in the spam's
transmission, it is even more important to "follow the money", and
track down who provides the hosting for the advertised website or the
advertised email address.
You did not provide the body of the spam message, so I will
concentrate only on showing you the path this particular message took.
The message header shows the path the message took, but some can be
misleading if you aren't careful. Spammers are known to inject false
information into the headers to thwart attempts to trace them.
Regardless of their header forgeries, the original path is ALWAYS
listed. Your message looks very straightforward, however it also
appears to be someone replying to an email you sent. (possibly forged)
-------------------------------------------------------------------
IReturn-Path: <mrcc4x4@yahoo.com>
Received: from rly-yb02.mx.aol.com (rly-yb02.mail.aol.com
[172.18.146.2]) by air-yb03.mail.aol.com (v90.10) with ESMTP id
MAILINYB33-1216132952; Mon, 16 Dec 2002 13:29:52 1900
Received: from web13408.mail.yahoo.com (web13408.mail.yahoo.com
[216.136.175.66]) by rly-yb02.mx.aol.com (v90.10) with ESMTP id
MAILRELAYINYB28-1216132935; Mon, 16 Dec 2002 13:29:35 -0500
Message-ID: <20021216182934.67488.qmail@web13408.mail.yahoo.com>
Received: from [68.162.31.191] by web13408.mail.yahoo.com via HTTP;
Mon, 16 Dec 2002 10:29:34 PST
Date: Mon, 16 Dec 2002 10:29:34 -0800 (PST)
From: ron wiseman <mrcc4x4@yahoo.com>
Subject: Re: Will I or Will I Not
To: Cdburner1015***munged***@aol.com
In-Reply-To: <bf.2b37c41a.2b2c0554@aol.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
-------------------------------------------------------------------
(note I "munged" your address so e-mail address harvesters cannot pick
it up)
Headers should be read from the bottom up. The topmost information is
when it was delivered to you at your AOL account.
This message appears to have been sent via a Yahoo Mail account by
Verizon Internet Services customer.
You should forward the entire message to both abuse@yahoo.com and
abuse@verizon.com. They will investigate your complaint, and take
action according to their Acceptable Use Policy. Verizon is a fairly
responsible provider, so you should be safe doing this.
-------------------------------------------------------------------
Yahoo sent the message that originated from a computer on
68.162.31.191, which is assigned to:
OrgName: Verizon Internet Services
OrgID: VRIS
NetRange: 68.160.0.0 - 68.163.127.255
CIDR: 68.160.0.0/15, 68.162.0.0/16, 68.163.0.0/17
NetName: VIS-68-160
NetHandle: NET-68-160-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: NSDC.BA-DSG.NET
NameServer: GTEPH.BA-DSG.NET
Comment:
RegDate: 2002-08-30
Updated: 2002-08-30
NOCHandle: ZV20-ARIN
NOCName: Verizon Internet Services
NOCPhone: +1-703-295-4583
NOCEmail: noc@gnilink.net
OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: +1-703-295-4583
OrgTechEmail: noc@gnilink.net
OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-703-295-4583
OrgAbuseEmail: abuse@verizon.net
Further information and resources:
SpamFAQ.net: http://www.spamfaq.net - FAQ for
News.admin.net-abuse.email
http://www.spamfaq.net/spamfighting.shtml - excellent spam-tracing
information
SpamCop: http://www.spamcop.net
UXN Spam Combat. http://combat.uxn.com - tools to trace spammers
The SpamHaus Blacklist: http://www.spamhaus.org
News.admin.net-abuse.email:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&group=news.admin.net-abuse.email
(Please read NANAE FAQ at spamfaq.net before posting)
I hope this answers your question. If you post the full body of the
spam, I can assist you in finding out where the website is hosted, and
who to complain to.
Good Luck,
Gregg56001 |
