[Novalug] Spamming

Bud Roth junk@taiotoshi.org
Wed Jan 28 17:27:08 EST 2009


Jay:

I'm afraid that the "art" behind IP tracing is beyond my scripting
ability and I suspect borders on AI.  When I was an SEC staff attorney,
I traced IP addresses all the the time and subpoenaed ISPs.  (Didn't
always make me very popular, but I was chasing real bad guys and didn't
care.)  The basic technique is to look in the email header and going
from top down, find the lowest email server that you recognize and
trust.  Look at the IP address that it captured and you likely have the
originating IP address.  I don't know of anyway to replicate that with a
script, although you could probably write a script that workered for a
particular email server and captured the IP address of all email sent to
it.  

Sorry I couldn't be more helpful,

Bud


On Wed, 2009-01-28 at 11:15 -0500, Jay Hart wrote:
> Bud,
> 
> Would you happen to have a script that locates the IP address?
> 
> Jay
> 
> > Subbarao:Hunting down email addresses in spam is a fruitless effort and I
> > would
> > not recommend it.  Spammers forge the "FROM" email address and only use
> > it once.
> >
> > Here is a tutorial on tracking down the IP address from which the spam
> > originated.  The best thing (though not always effective) is to complain
> > to the ISP that owns the IP address.  Read this:
> >
> > http://email.about.com/cs/spamgeneral/a/spam_headers.htm
> >
> > You can also investigate using a spam filter such as spamassassin.  I do
> > that with my email server, but evolution can be configured to use
> > spamassassin as well.  Results are not perfect, but pretty good.
> >
> > Good luck!
> >
> > Bud Roth
> >
> >
> > On Wed, 2009-01-28 at 06:28 -0800, Subba Rao wrote:
> >> Hello everyone,
> >>
> >> Typically I do get about 5 spam emails a day.  Now I noticed that I am
> >> getting 50+ spam emails a day. Dating sites, credit sites, business
> >> sites, you name it and I am getting them.  Is anyone else experiencing
> >> this sudden brust of spam email?
> >>
> >> I am trying to look at the header information to see what email
> >> address they using but can find one.  Yahoo does have a good spam
> >> filtering system and it ends up in the Spam folder.  I do have
> >> disposable email addresses but cannot find any information in the full
> >> header.  If I can find which disposable address the spammers are using
> >> then atleast I can delete that address and hope that spamming will
> >> stop.
> >>
> >> Any ideas how to get more header information from spam emails?
> >>
> >> Thank you in advance.
> >>
> >> Subbarao
> >>
> >> GPG public key ID - 5D5F91F8
> >> Key Fingerprint - ABA2 6057 ABF3 6D56 8F5F 80FE 5214 B661 5D5F 91F8
> >> _______________________________________________
> >> Novalug mailing list
> >> Novalug@calypso.tux.org
> >> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> > _______________________________________________
> > Novalug mailing list
> > Novalug@calypso.tux.org
> > http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> >
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20090128/49e19adf/attachment.asc>


More information about the Novalug mailing list