Sp0cky
asked on
How do I find out who is spaming me?
We are using w2k3 exchange svr. On it we have symantec 4.6 antispam. It rejects a message it says came from 67.140.158.87 and of course some spoofed email name. So I tried a tracert but that looks like it just takes me to the providor. Wha tother tools can I use to find out who this is? Thanks.
ASKER
Thanks man. Ok, I dont know much in the areas but by "zombie," you mean the spammer is using someone elses machine (that is not adequately protected) as a relay to confuse their identity?
Also, how do you know that is a home computer address? I am guessing that altel svcs mainly home computers?..
How would you go about contacting the person if yo uwanted to? I am just curious as to how this is done. The only way I could think of is contacting the svc provider who isnt going to give that out. Thanks.
Also, how do you know that is a home computer address? I am guessing that altel svcs mainly home computers?..
How would you go about contacting the person if yo uwanted to? I am just curious as to how this is done. The only way I could think of is contacting the svc provider who isnt going to give that out. Thanks.
ASKER
oops darn,, that ip was 67.140.58.87 sorry.
ASKER
Here is one entry that came up on dns stuff.. http://moensted.dk/spam/no-more-funn/?addr=67.140.58.87
What does this mean? Thanks.
What does this mean? Thanks.
Different range, same company.
In the case of the first link, some of the DNS tools on the link I gave above show that IP block as being reserved to a DSL pool. It could be business DSL, or home DSL.
And you're spot on with the zombie part. In fact, a lot, if not most, spam is sent from unsuspecting computer users who fail to lock down their systems properly. Botnets farm zombies, who essentially are compromised relays as you state, and fire of mail at any and every domain they can.
You will likely not be able to contact the person directly, unless the IP resolves to a particular domain with a registered administrator's actual contact information.
Needless to say, once the spam starts rolling in for you, it may be hard to stop it. If you're using Exchange 2K3, you can try adjusting IMF a bit. If this is for a business, you can also try an outsourced exchange filtering service like Postini.
In the case of the first link, some of the DNS tools on the link I gave above show that IP block as being reserved to a DSL pool. It could be business DSL, or home DSL.
And you're spot on with the zombie part. In fact, a lot, if not most, spam is sent from unsuspecting computer users who fail to lock down their systems properly. Botnets farm zombies, who essentially are compromised relays as you state, and fire of mail at any and every domain they can.
You will likely not be able to contact the person directly, unless the IP resolves to a particular domain with a registered administrator's actual contact information.
Needless to say, once the spam starts rolling in for you, it may be hard to stop it. If you're using Exchange 2K3, you can try adjusting IMF a bit. If this is for a business, you can also try an outsourced exchange filtering service like Postini.
Sp0cky,
What you are seeing is the IP address or range's listing on various spam abuse databases. Please be sure to keep an eye on the (Do Not Use!) sections.
That IP is listed on 4 different services as having hit a spamtrap within the last 7 days, though.
What you are seeing is the IP address or range's listing on various spam abuse databases. Please be sure to keep an eye on the (Do Not Use!) sections.
That IP is listed on 4 different services as having hit a spamtrap within the last 7 days, though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok. Thanks. I will check out the do not use. Not sure what that is.
Do not use, as in, do not use this as proof the IP is a spammer, normally ;)
ASKER
o ok.
ASKER
I'll keep it open for a little longer to see if anyone else has any suggestions as well.
Do you want to know who it is or do you want to stop the spam?
The first bit will be impossible through legal ways.
The latter can be acchieved by sending the ISP an email with the reference to the ip and proof of spam
The first bit will be impossible through legal ways.
The latter can be acchieved by sending the ISP an email with the reference to the ip and proof of spam
That IP resolves to a private Alltel account (likely a home DSL customer), and you're probably not going to get much further than that.
If you must do more digging, you can find plenty of tools at www.dnsstuff.com