Great point! I was thinking about when I was sending legit bulk emails, and not unwarranted spam. *doh*
On Fri, 21 Dec 2001, Matthew Langford wrote: > On Fri, 21 Dec 2001, Sean wrote: > > > It depends on whether the spammer is removing people who bounced as dead > > addresses. > > :) That's funny. > > The spammer doesn't get bounce messages, of course. Since they forge the > sender address (that's almost part of the definition of spam, hence the > 99.9%), the relaying mailserver has to deal with the returns. If you > haven't done this a thousand times before, look at the complete header for > the message. You'll see a couple of Received: lines. The first is the > relay server which forwarded the message to you. If you look its IP > address up in whois (www.geektools.com may help for that), you'll see it's > probably a server in Korea or Taiwan or South America or some other random > location. The second Received: line is the originating address; if you > look it up in whois, you can send email to the [EMAIL PROTECTED] email > address for that domain, as Kee suggested. > > By virtue of what they are doing, most spammers are clueless idiots; > however, it's been a long time since I've seen one so stupid as to include > a valid return or sending address. > > Just for kicks, here's the header of a spam I just received: > > > Return-Path: <[EMAIL PROTECTED]> > > Received: from jinri.kmu.ac.kr ([203.247.29.5]) > > by Eng.Auburn.EDU (8.9.3/8.9.3) with ESMTP id LAA15697; > > Fri, 21 Dec 2001 11:30:20 -0600 (CST) > > From: [EMAIL PROTECTED] > > Received: from 12.64.216.146 (slip-12-64-216-146.mis.prserv.net > > [12.64.216.146]) > > by jinri.kmu.ac.kr (8.10.0/8.9.3) with SMTP id fBLHSgK40246; > > Sat, 22 Dec 2001 02:28:44 +0900 > > Message-Id: <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Ladies! Increase Your Bust Size With Natural Bust! > > Date: Mon, 24 Dec 2001 00:53:31 -0500 > > MIME-Version: 1.0 > > Content-Type: text/html; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > X-Priority: 3 > > X-MSMail-Priority: Normal > > Errors-To: [EMAIL PROTECTED] > > The Korean mailserver relayed the spam. An AT&T customer (12.64.216.146) > sent the spam. Sending email to [EMAIL PROTECTED] (or [EMAIL PROTECTED] if you > want) is what is needed. You can also send email to the Korean ISP, > because their mailserver should not relay, but this is likely a futile > effort--they are in Korea, and might not be so fluent in English. On the > other hand, they are using Sendmail, and not the simpleton's Microsoft > mailserver, so there's hope. The third thing to try is to bust the > website mentioned in the spam. More effective--it's the root of the > spam--but harder to do. You may end up sending your email address to the > actual spammer if you're not careful, which can be very bad. > > Note that hotmail.com is not involved at all. In this case, the address > was clearly forged, but often it will be [EMAIL PROTECTED], or some > other plausible address. (Who's going to read mail from > [EMAIL PROTECTED]?) > > > > > On Fri, 21 Dec 2001, Kee Hinckley wrote: > > > > > At 1:18 AM -0500 12/21/01, Emmanuel. M. Decarie wrote: > > > >Hello, > > > > > > > >Mail.app have a nice feature to fight spam. It can make false > > > >"bouncing" message and returned it to the sender. I know that a lot > > > >of sender addresses are forged, but I think it worth a try. I looked > > > > > > I wouldn't call it a lot. I'd call it 99.9%. I really don't think > > > this is a worthwhile effort. Far better to look at the received > > > headers and report it to the ISP in question. > > > > > > > -- > MattLangford > > >
