Solved

How do I find out who is spaming me?

Posted on 2006-11-27
13
149 Views
Last Modified: 2010-04-11
We are using w2k3 exchange svr.  On it we have symantec 4.6 antispam.  It rejects a message it says came from 67.140.158.87 and of course some spoofed email name.  So I tried a tracert but that looks like it just takes me to the providor.  Wha tother tools can I use to find out who this is?  Thanks.
0
Comment
Question by:Sp0cky
13 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18022873
End result of your search will be your contacting a lot of people who have no idea they're spam zombies and will vehemently deny it.

That IP resolves to a private Alltel account (likely a home DSL customer), and you're probably not going to get much further than that.

If you must do more digging, you can find plenty of tools at www.dnsstuff.com 

0
 

Author Comment

by:Sp0cky
ID: 18022952
Thanks man.  Ok, I dont know much in the areas but by "zombie," you mean the spammer is using someone elses machine (that is not adequately protected) as a relay to confuse their identity?  

Also, how do you know that is a home computer address?  I am guessing that altel svcs mainly home computers?..

How would you go about contacting the person if yo uwanted to?  I am just curious as to how this is done.  The only way I could think of is contacting the svc provider who isnt going to give that out.  Thanks.
0
 

Author Comment

by:Sp0cky
ID: 18022965
oops darn,, that ip was 67.140.58.87 sorry.
0
 

Author Comment

by:Sp0cky
ID: 18023002
Here is one entry that came up on dns stuff.. http://moensted.dk/spam/no-more-funn/?addr=67.140.58.87
What does this mean?  Thanks.
0
 
LVL 7

Expert Comment

by:killbrad
ID: 18023013
You can contact the owner of the IP block.

http://www.arin.net/index.shtml
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18023023
Different range, same company.  

In the case of the first link, some of the DNS tools on the link I gave above show that IP block as being reserved to a DSL pool.  It could be business DSL, or home DSL.  

And you're spot on with the zombie part.  In fact, a lot, if not most, spam is sent from unsuspecting computer users who fail to lock down their systems properly.  Botnets farm zombies, who essentially are compromised relays as you state, and fire of mail at any and every domain they can.  

You will likely not be able to contact the person directly, unless the IP resolves to a particular domain with a registered administrator's actual contact information.

Needless to say, once the spam starts rolling in for you, it may be hard to stop it.  If you're using Exchange 2K3, you can try adjusting IMF a bit.  If this is for a business, you can also try an outsourced exchange filtering service like Postini.

0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18023072
Sp0cky,

What you are seeing is the IP address or range's listing on various spam abuse databases.  Please be sure to keep an eye on the (Do Not Use!) sections.  

That IP is listed on 4 different services as having hit a spamtrap within the last 7 days, though.

0
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 500 total points
ID: 18023095
Last thing, Killbrad's post is a direct link to one tool I already gave through DNSStuff, but I really would not waste your time doing this.  Contacting the owner of the block is a lot like contacting a Condo Association -- you're only going to get as far as the owner's care level, which is usually about 0.  That IP Block has quite a few listed in the spam lists, and it seems unlikely the owner of the block would be unaware of it.

0
 

Author Comment

by:Sp0cky
ID: 18023108
Ok.  Thanks.  I will check out the do not use.  Not sure what that is.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18023114
Do not use, as in, do not use this as proof the IP is a spammer, normally ;)

0
 

Author Comment

by:Sp0cky
ID: 18023129
o ok.
0
 

Author Comment

by:Sp0cky
ID: 18023318
I'll keep it open for a little longer to see if anyone else has any suggestions as well.
0
 
LVL 12

Expert Comment

by:kneH
ID: 18044221
Do you want to know who it is or do you want to stop the spam?
The first bit will be impossible through legal ways.
The latter can be acchieved by sending the ISP an email with the reference to the ip and proof of spam
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now