Is there a way to REALLY find out who's sending me spam?

[Mani]

I keep getting spam sent to me from dummy e-mail addresses (I'll reply to unsubscribe and will get a love letter from MILLER DAEMON). Is there a way to find out who really sent something? I use outlook express 6.

 

[Descartes]

Open OE, open the email in question, File->Properties->Details->Message Source. The first several lines indicates the true source (usually, unless they were able to spoof the ip, which any spammer is probably not capable of doing).

It's easy to send pseudo-anonymous email, unfortunately. Negotiating an SMTP session manually is easy.

 

[ChrichtonsGirl]

That would be Mailer Daemon.

I doubt there's a way to really, accurately trace where mail's coming from, although if you look at the entire header, you can get a pretty good idea of the server and find the originating IP address. Of course, none of that helps at all if the sender is using an e-mail account like Yahoo or Hotmail.

 

[Saltin]

Mail sent from a Hotmail account actually will show and origintaing x-IP. As long as they arent behind a proxy you can see the IP in the header. I can't say if that is true for yahoo.

 

[MajesticMoose]

if that happens to me i just reply to it with "f*** off". Sure it may not accomplish anything but i feel better.

m00se

 

[911paramedic]

View the source of the mail, like this one (I replaced my info with xxxx's):

Return-Path: <etradeservice@etrade.0mm.com>
Received: from p-route-4.lvcm.net (p-route-4.xxxx.net [xx.xxx.x.xx])
by mt1.xxxx.net (Mirapoint)
with ESMTP id AXZ32581;
Wed, 16 Jan 2002 18:35:42 -0800 (PST)
Received: from ms2out1.messagemedia.com (ms2out1.messagemedia.com [208.169.22.2])
by p-route-4.xxxx.net (Postfix) with SMTP id 5E0002FA1A
for <xxxxxxxxxx@xxxxxxxxxx.com>; Wed, 16 Jan 2002 18:24:54 -0800 (PST)
X-EntryID: 649514
X-MsgID: 640251
X-SubID: 124831918
X-ListID: 3419
Date: Wed, 16 Jan 2002 19:04:20 -0700
Message-Id: <20020116190420.000103@ms2out1.messagemedia.com>
X-Sender: etradeservice@etrade.0mm.com
Errors-To: etradeservice@etrade.0mm.com
To: xxxxxxxxxxx<xxxxxxxxxx@xxxxxxxxxxx.com>
From: E*TRADE <etradeservice@etrade.0mm.com>
Subject: E*TRADE News January 2002
Content-Type: multipart/alternative;
boundary="==_MIME-Boundary-1_=="
Mime-Version: 1.0

If you notice it has their ip as well as who sent the info, if you keep getting spammed use NeoTrace or something to find their Host and report them. Most Hosts hate spam as much as we do, it uses up too many of their resources.

 

[Antisocial Virge]

www.spamcop.net

They have a free part of there site you have to sign up for where you can copy/paste the whole email in. It then decodes where it came from, site hostings of websites that are mentioned in the spams and also emails everyone a complaint for you. Easiest way there is.

 

[WA261]

so if you jumped on a proxy.. then sent an email... it could notbe traced?

 

[Saltin]

<< so if you jumped on a proxy.. then sent an email... it could notbe traced? >>



Well, nothing is untraceable. It just makes it harder, increasing the paperwork needed to get the spammer.
You could contact the owner of the proxy and let them know what was going on. If they are responsible, they will pass on the guy's IP to you. It really depends on thier attitude.

It is also possible for the spammer to have contected to a proxy through a proxy through a proxy, etc. This can make the trail even harder to figure out.

 

[Captain4]

<< I keep getting spam sent to me from dummy e-mail addresses (I'll reply to unsubscribe and will get a love letter from MILLER DAEMON). Is there a way to find out who really sent something? I use outlook express 6. >>



One more thing I would recommend would be to not reply to the unsubscribe address. Lots of spammers use random mailings and when they get a reply to the unsubscribe account, they know they have a valid address. I'm an email administrator, and we get users all the time that complain about spam and then say that they always click on unsubscribe. It can just make it worse. One other possibility to stop the spam would be to forward it to your domain's postmaster. If they have reverse-DNS enabled on the SMTP server, they may be able to trace the offender back to their ISP. It's a painstaking process, but it might help.

 

[Nitemare]

Just take their email address and sign them up for spam...the more the better and the worse the pr0n the better