Reporting Spam
Spam Blockers Home About Contact Products Support Lastest News
Spam Blockers
 Qurb
 Email Protect
 Mail Washer
 Spam Killer
 I Hate Spam
 all Spam Blocker Software
 Enterprise Spam Blockers
Spyware Removal
 Spy Sweeper
 Spyware Eliminator
 Spyware Doctor
 McAfee AntiSpyware
 all Spyware Remover Soft
Privacy Software
 Window Washer
General Internet Safety
 Zone Alarm Pro firewall
 Registry Mechanic

Misc Product Reviews:

Pc Remote Access
Access Your PC Anywhere with GoToMyPC . Allows for Remote Email Access and more. PC Remote Control

Net Meeting Web Conferencing Software

People PC - Cheap Internet

Adware Spyware Removal
Delete Spyware
Detect Spyware
Spyware Checker
Get Rid of Spyware

Who are the Villians and Reporting Spam
     Your Source for Internet Protection Software

In this article we discuss where the spam is being sent from, so you can report it. (article 5)

Remember when the villains used to laugh maniacally and twist the ends of their mustache? Watching Dudley Do Right as a kid I always wondered, why do the villains do that, it makes them so easy to find. Well apparently, the loathsome spammers were thinking the same thing. They have gone to great lengths to mask their identities and to cover their tracks. Now, in our fifth installment on stopping spam, we are going to learn how to see past the charade. To see who is really tying Nell to the railroad tracks (metaphorically of course)

Let us say you have a spam email in your inbox, which of course would be a lot less likely if you were running a spam filter for your email client. But, we will just say you have a spam in your inbox. We have already established that the “from” field is worthless. So what else do we have to go on? Fortunately when email servers where first connected to each other, the routes were somewhat convoluted and troublesome. In an effort to aid troubleshooting route issues, the basic mail server protocol included a “stamp” for each mail server that carried a message.

The stamp has different formats, but in general, contains some critical information we need to facilitate our tracing efforts. Usually the following information is in a stamp, “Received By:”, “Received From:”, “Localized Time” and “Message ID”. “Received By” is the name and / or the IP address (an IP Address is four numbers ranging between 0 and 255 each separated with a period) of the mail server that received the email. “Received From” is the name and / or the IP Address of the mail server that sent the message. “Localized Time” is the time when the message was received by that server and the “Message ID” is a serial number the mail server used to identify the message. To view these “Stamps” using outlook express, open a message, from the file menu select “properties”, there should be a “Details” tab, select it. You will see that “Received From” and “Received By” may have some very cryptic values, but don’t dismay the information you are looking for is inside the parenthesis, you want both the name and the IP Address. Very few messages are touched by only one server so you should see multiple stamps.

The order is, the oldest is on the bottom, the newest is on the top.
I know what you are thinking… That’s great, but how does it help me stop spam? Well, we are almost there. What we are looking for is the first mail server that touched the message. Why? Because that is the server the spammer used, and if we are going to report spam abuse, that is the server we need to report. Another thing that you can do with this information is find out if the mail server that initially sent the spam is a known Spam Sender. Using the information from the stamp, copy the IP Address of the first email server into your clipboard, then, point your browser to http://www.dnsstuff.com . Find the “Spam Database Lookup” and paste the IP Address the field next to the button “Lookup”.

Now if the mail server isn’t in the database, it is because one of two things. One, it’s a new spam server that hasn’t been reported yet, or two, it is a mail server that has been “Hi-jacked” or tricked into sending mail for spammers. This is done by means of “Open Relay” or worse a “Trojan Relay”. To clarify these two terms: Open relay is a left over from a time when not all mail servers where directly connected to the internet and one mail server would act as a message router for other mail servers. Back then there wasn’t as much concern about people hiding who they were, so rules for who was allowed to send through a server were left out by default. There are still some mail servers that when first installed act in this manner, also there are several “hacks” out there that will revert a server back to this behavior. A Trojan Relay is much more malicious, it involves a computer that has been remotely taken over to at least the extent that the spammer can run programs on the remote machine. When it comes time for the spammer to send out his mail, which is usually all the time, he sends a network message to the computer specifying what email to send and who to send it to. Either way, you will want to report this spam sender, because if we ignore every email server that sends spam, it will be very hard to keep getting it.

We have covered how to find out who the bad guys are so you can report spam and we have talked about some of their tricks. To help us put some of these pieces together, next time we’ll cover who the good guys are and how we can use our new found information to report spam abuse.

Until next time, remember to have fun and take care.

Spam Blocking Software - Click Here

Back to Articles Home
About Contact Products Support News
© 2003-2005 Spam-Blockers.com
Rights reserved. Spam Blocker Home