Spam will loiter evolving in that far thanks to it makes profit. If nobody buys from spammers or acts upon their scams, spam will extremity. This is the lucid and easiest way to fight spam. You can forget and omit spam emails you gather. But you can and take downfall on the spammer by lamentation to the spammer ‘ s Internet Service Provider ( ISP ). The ISP will block their connection and conceivably impose a fine ( depending on the ISP ‘ s acceptable usage policy ). Spammers beware of resembling complaints and crack to hold back their messages. That ‘ s why selection the right ISP is not always easy.
Let’s look inside a spam message. Every email message includes two parts, the body and the header. The body is the actual message content and attachments. The header is a kind-hearted of the envelope of the message. The header shows the address of the message sender, the address of the message taking, the message subject and other information. Email programs regularly splendor these header fields:
From: shows the sender ‘ s name and email address.
To: shows the acceptance ‘ s proper name and email address.
Date: shows the date when the message was sent.
Subject: shows the message subject.
The From: field recurrently contains the sender ‘ s email address. This lets you know who sent the message and allows you chewed reply. Spammers, of course, don’t want you to reply and don’t want you to know who they are. Thereupon, they put pseudo email addresses into the From: merchandise of their emails. So the From: field won’t help you if you want to determine where the spam email comes from.
Tip! With G - Lock SpamCombat you can young preview not solitary the message topic but and all the fields of the message header. You can choose the preview format by yourself. You can opening the message now HTML, decoded message, or message source. Well-qualified are again several Manifest: fields in the header of every message. Email programs don’t ofttimes pomp the Conscious: goods but the Familiar: merchandise can be very helpful in paste-up the spam origin.
Just like a postal letter goes through a number of post aegis before it’s delivered to the receiving, an email message is refined by several mail servers. Each mail server adds a line to the message header - a Notorious: line - which contains
- the server place name and IP address of the machine the server plain the message from and
- the proper name of the mail server itself.
Each Familiar: line is inserted at the top of the message header. If we want to reproduce the message’s path from sender to receiving, we start from the topmost Hackneyed: line and turn down until the last one, which is where the email originated.
Just like the From: field the Accepted: wares may constitute assumed information to fool those who would want to picture the spammer. As every mail server inserts the Accepted: line at the top of the header, we start the analysis from the top.
The Familiar: wares fraudulent by spammers regularly look like average Acknowledged: fields. We can infrequently broadcast whether the Received: line is fake or not at first sight. We should analyze all the Manifest: commodities chain to find out a forged Received: field.
As we mentioned above, every mail server registers not only its name but also the IP address of the machine it got the message from. We simply need to look what name a server puts and what the next server in the chain says. If the servers don’t match, the earlier Received: line is forged.
The origin of the email is what the server immediately after the forged Received: line says about where it received the message from.
Let ‘ s see how determining of the spam email origin works in real life. Here is the header of a spam message we’ve recently received:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Return - Path:
Delivered - To: press@mydomain. com
Received: from unknown ( HELO 60. 17. 139. 96 ) ( 221. 200. 13. 158 ) by mail1. myserver. xx with
SMTP; 7 Nov 2006 10: 54: 16 - 0000
Received: from 164. 145. 240. 209 by 60. 17. 139. 96; Tue, 07 Nov 2006 05: 53: 35 - 0500
Date: Tue, 07 Nov 2006 12: 48: 35 + 0200
From: Pharmacy
Reply - To: umceqhzjmndfy
X - Priority: 3 ( Normal )
Message - ID:
To: press@mydomain. com
Subject: Cheap Med * s V! agra Many Med_s QnNXpRy9
MIME - Version: 1. 0
Content - Type: text / html; charset=us - ascii
Content - Transfer - Encoding: quoted - printable
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
At first, look at the forged From: field. The email address in the From: and Reply - To: lines doesn’t exist. So, the spammer took care about directing bounced messages and all the indignant replies people may send to a non - existing email account.
Secondly, the Subject: line. It contains the variations of the “Meds” and “Viagra” words that are known to be met in spam messages. Plus, the subject contains a range of random characters. It’s obvious that the subject line is skillfully tailored to fool anti - spam filters.
Lastly, let’s analyze the Received: lines. We start from the oldest one - Received: from 164. 145. 240. 209 by 60. 17. 139. 96; Tue, 07 Nov 2006 05: 53: 35 - 0500. There are two IP addresses in it: 60. 17. 139. 96 says it received the message from 164. 145. 240. 209.
We check if the next ( and last in this case ) mail server in the chain confirms the state of the first Received: line. In the second Received: field we have: Received: from unknown ( HELO 60. 17. 139. 96 ) ( 221. 200. 13. 158 ) by mail1. myserver. xx with SMTP; 7 Nov 2006 10: 54: 16 - 0000.
mail1. myserver. xx is our server and we can trust it. It received the message from an ” unknown ” host, which says it has the IP address 60. 17. 139. 96. Yes, this confirms what the previous Received: line says.
Now let’s find out where our mail server got the message from. For this purpose, we look at the IP address in brackets before the server name mail1. myserver. xx. It is 221. 200. 13. 15. This is the IP address the connection was established from, and it is not 60. 17. 139. 96. The spam message originates from 221. 200. 13. 15. It’s important to note that it’s not necessarily that the spammer is sitting at the computer 221. 200. 13. 15 and sending spam over the world. It may happen the computer’s owner doesn’t even suspect of being sending spam. The computer may be hijacked by a Trojan, which is spreading spam without the machine’s owner knowing it.
We hope this information will help you identify the spammer ‘ s ISP and report them about spam so they can take proper measures.
Julia Gulevich is a technical expert associated with development of computer software like AATools, Advanced Email Verifier, G - Lock EasyMail, Anti - Spam Software Blocker sc / ” >http: / / www. glocksoft. com / sc / More information can be found at Anti Spam Filter Resources http: / / www. glocksoft. net / sc /
No comments yet.
RSS feed for comments on this post. TrackBack URI