PPRuNe Forums - View Single Post - Tracing Spam
Thread: Tracing Spam
View Single Post
Old 19th June 2002 | 08:55
  #6 (permalink)  
RomeoTangoFoxtrotMike
20 Anniversary
 
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
Spam
rob,

Unfortunately, the only Received: header that you can believe with anything approaching certainty is the "last" one, added by your own ISP (yahoo in this case). Thie will be the first Received: header that you read in the message, as the server writes out its own Received: header first, then simply adds those taken from the message, so it's easy to see why you cannot rely on those. In this case we have:

Received: from 210.83.5.55 (HELO 209.99.226.105) (210.83.5.55) by mta559.mail.yahoo.com with SMTP; 17 Jun 2002 18:31:50 -0700 (PDT)

From this we can see that the mesage actually came from the host with the IP address 210.83.5.55 (the "from 210.83.5.55" clause). The host lied about who it actually was by claiming to be 209.99.226.105 (the "(HELO 209.99.226.105" clause).

A lookup of the records for 210.83.5.55 show it to being connected to a network in China:


inetnum: 210.83.5.0 - 210.83.5.15
netname: MODERN-WINDOW
descr: modern window,xi'an city
country: CN
admin-c: YQ13-AP
tech-c: YQ13-AP
mnt-by: MAINT-CN-ZM28
changed: [email protected] 20011024
source: APNIC

person: youjun qu
address: xi'an city
country: CN
phone: +86-029-8472775
e-mail: [email protected]
nic-hdl: YQ13-AP
mnt-by: MAINT-CN-ZM28
changed: [email protected] 20011130
source: APNIC


As What_does_this_button_do? suggests, this is probably because they are an open relay, but given that they are in China, your chances of getting them to close their relay or indeed help you identify the source of the spam are small.

We've seen significant increases in spam from this part of the world in recent months. Unless you can persuade your ISP to introduce more agressive anti-spam filtering, perhaps by using one of the realtime blocking lists mentioned by stickyb, you're going to be stuck getting these.

The big "free mail" providers don't seem to like doing much in the way of anti-spam. Whether that's just becasue it's too much effort (which it isn't, really) or for other reasons (go figure for yourself )

You could try reporting the message to www.spamcop.net

Get back to me if you need further advice on this,
Regards

DS
RomeoTangoFoxtrotMike is offline