thfarrell
Apr 22, 2004, 6:38 AM
Post #9 of 15
(948 views)
Shortcut
|
Hi Donnie...
Answers to questions like yours are not simple.
The first thing you need to do is find out where the spam is coming from. You need an email client (the thing you use on your computer to read email) that will show you the complete "header" for messages. That will let you find out the address from which the spam is coming. You may or may not be able to contact the folks with control over that address.
So - step one: here's the way an abbreviated header looks in my email client (I've replaced identifying info with "yyyy" or "xxxx"):
-------------------------------------------+
X-Originating-IP: [206.206.100.110]
X-Originating-Email: [xxxxx@xxxxxx.com]
X-Sender: xxxxx@xxxxxx.com
From: "XXXX XXXXX" <xxxxx@xxxxxx.com>
To: yyyyy@yyyyyyy.com
Subject: Norton or MacAfee?????????????????????????????????/
Date: Thu, 22 Apr 2004 06:31:23 -0600
X-OriginalArrivalTime: 22 Apr 2004 12:31:23.0681 (UTC) FILETIME=[B92DC910:01C42865]
X-RCPT-TO: <yyyyy@yyyyyyy.com>
Status: U
-------------------------------------------+
Notice that at the beginning, it says:
Originating-IP: [206.206.100.110]
So it appears that that's the "internet address" of the sender of the message.
We can also look at a more complete form of the header:
-------------------------------------------+
Received: from hotmail.com [64.4.27.90] by mail.pvs.k12.nm.us with ESMTP
(SMTPD32-8.05) id A9462DA0126; Thu, 22 Apr 2004 07:31:50 -0600
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Thu, 22 Apr 2004 05:31:23 -0700
Received: from 206.206.100.110 by xxxxx@xxxxxx.com with HTTP;
Thu, 22 Apr 2004 12:31:23 GMT
X-Originating-IP: [206.206.100.110]
X-Originating-Email: [xxxxx@xxxxxx.com]]
X-Sender: xxxxx@xxxxxx.com]
From: "XXXX XXXXX" <xxxxx@xxxxxx.com]>
To: yyyy@yyyyyyy.com
Subject: Norton or MacAfee?????????????????????????????????/
Date: Thu, 22 Apr 2004 06:31:23 -0600
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY8-F905dBKlrWJ3fv00002767@hotmail.com>
X-OriginalArrivalTime: 22 Apr 2004 12:31:23.0681 (UTC) FILETIME=[B92DC910:01C42865]
X-RCPT-TO: <yyyy@yyyyyyy.com>
Status: U
X-UIDL: 377322898
-------------------------------------------+
Notice that this one starts out with:
Received: from hotmail.com [64.4.27.90]
so it appears that the sender used a hotmail account (though this may be spoofed or "faked") and that the email came through an email server at "internet address" 64.4.27.90.
So, now we have two good clues (the names of email accounts and email services isn't much help, they're too easy to fake), namely, the two IP numbers ("internet addresses") that we've spotted,:
64.4.27.90
206.206.100.110
We can now visit a website such as:
http://dnsstuff.com/
and paste the above addresses into, for example, the "reverse DNS" and "ip whois lookup" boxes. Doing so may give us a way to backtrack the spam.
In this case, the 64.4.27.90 address probably won't get us anywhere, because Microsoft won't cooperate unless the police and /or legal action is involved (if, say, you received a death threat or an attempt at extortion).
The 206.206.100.110 address will help, though, and notice that the "ip whois lookup" tool gives us a page with three clickable links. The middle one, to the Pojoaque Schools, gives us an address and the phone number and email address for the technical contact for the domain (me). So we can write/call him (me) and he may be able to pursue the matter.
Post a reply regarding the email headers you find on your messages and we can proceed, or you might take the next step as well, visiting the dnnstuff website to see what you come up with.
tom
---
"Beauty is in the i of the Beholder"
(Julia Mandelbrot)
|
Forums Index
Search Posts
Who's Online
Log In or Sign Up
April Daze in Maz 010.jpg
