On Fri, 21 Dec 2001, Sean wrote: > It depends on whether the spammer is removing people who bounced as dead > addresses.
:) That's funny. The spammer doesn't get bounce messages, of course. Since they forge the sender address (that's almost part of the definition of spam, hence the 99.9%), the relaying mailserver has to deal with the returns. If you haven't done this a thousand times before, look at the complete header for the message. You'll see a couple of Received: lines. The first is the relay server which forwarded the message to you. If you look its IP address up in whois (www.geektools.com may help for that), you'll see it's probably a server in Korea or Taiwan or South America or some other random location. The second Received: line is the originating address; if you look it up in whois, you can send email to the [EMAIL PROTECTED] email address for that domain, as Kee suggested. By virtue of what they are doing, most spammers are clueless idiots; however, it's been a long time since I've seen one so stupid as to include a valid return or sending address. Just for kicks, here's the header of a spam I just received: > Return-Path: <[EMAIL PROTECTED]> > Received: from jinri.kmu.ac.kr ([203.247.29.5]) > by Eng.Auburn.EDU (8.9.3/8.9.3) with ESMTP id LAA15697; > Fri, 21 Dec 2001 11:30:20 -0600 (CST) > From: [EMAIL PROTECTED] > Received: from 12.64.216.146 (slip-12-64-216-146.mis.prserv.net > [12.64.216.146]) > by jinri.kmu.ac.kr (8.10.0/8.9.3) with SMTP id fBLHSgK40246; > Sat, 22 Dec 2001 02:28:44 +0900 > Message-Id: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Ladies! Increase Your Bust Size With Natural Bust! > Date: Mon, 24 Dec 2001 00:53:31 -0500 > MIME-Version: 1.0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > X-Priority: 3 > X-MSMail-Priority: Normal > Errors-To: [EMAIL PROTECTED] The Korean mailserver relayed the spam. An AT&T customer (12.64.216.146) sent the spam. Sending email to [EMAIL PROTECTED] (or [EMAIL PROTECTED] if you want) is what is needed. You can also send email to the Korean ISP, because their mailserver should not relay, but this is likely a futile effort--they are in Korea, and might not be so fluent in English. On the other hand, they are using Sendmail, and not the simpleton's Microsoft mailserver, so there's hope. The third thing to try is to bust the website mentioned in the spam. More effective--it's the root of the spam--but harder to do. You may end up sending your email address to the actual spammer if you're not careful, which can be very bad. Note that hotmail.com is not involved at all. In this case, the address was clearly forged, but often it will be [EMAIL PROTECTED], or some other plausible address. (Who's going to read mail from [EMAIL PROTECTED]?) > On Fri, 21 Dec 2001, Kee Hinckley wrote: > > > At 1:18 AM -0500 12/21/01, Emmanuel. M. Decarie wrote: > > >Hello, > > > > > >Mail.app have a nice feature to fight spam. It can make false > > >"bouncing" message and returned it to the sender. I know that a lot > > >of sender addresses are forged, but I think it worth a try. I looked > > > > I wouldn't call it a lot. I'd call it 99.9%. I really don't think > > this is a worthwhile effort. Far better to look at the received > > headers and report it to the ISP in question. > > > -- MattLangford
