Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking Sourceless SPAM

Posted by Cliff on from the and-the-spam-wars-escalate dept.

Booker asks: "Lately I've seen a disturbing trend in my spam - there seems to be no originating machine in the headers. They typically go through an insecure mail host, and list only a toll free number for a contact. How do I track these people down? I need the satisfaction, however fleeting, of helping to terminate a spammer's account!" There is an example header of this sourceless SPAM. Click below for more.

Here's the example:

Return-Path: jdekrpzsad@hotbot.com
Received: from ns.mobic.co.jp (ns.mobic.co.jp [210.162.104.178])by deliverator.io.com
(8.9.3/8.9.3) with ESMTP id XAA14862;Tue, 27 Jul 1999 23:51:58 -0500
From: jdekrpzsad@hotbot.com
Received: from default by ns.mobic.co.jp (2.5 Build 2630 (Berkeley 8.8.6)/8.8.4) with SMTP id NAA02786; Wed, 28 Jul 1999 13:58:25 +0900
Message-Id: 199907280458.NAA02786@ns.mobic.co.jp
To:
Subject: $15,000 Monthly Guaranteed! No Work Required!
Date: Tue, 27 Jul 1999 21:08:01 -0700
MIME- Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_4264_00005913.00007A3E"
X-Priority: 3
X-MSMail-Priority: Normal
X-UIDL: 29f083c057306b12c10f509e156f7a87
Status: U
I thought there were laws that prevented this sort of things. How can we help prevent spam if the spammers are becoming more and more anonymous?

3 of 10 comments (clear)

  1. IP Whois by jab · · Score: 2
    Usually IP Whois works like a charm. If you enter the IP address of the originating computer (from the earliest Received: header), it will tell you someone just high up on the IP address foodchain that they will care about stopping spammers. In this case, the IP is 210.162.104.178, which gives

    inetnum: 210.162.104.176 - 210.162.104.191
    netname: MOBIC-NET-JP
    descr: Mobic Corporation
    descr: 22,Obara,Tsuyama-city,
    descr: Okayama 708-0001 Japan
    country: JP
    admin-c: MO821JP
    tech-c: ST901JP
    changed: apnic-ftp@nic.ad.jp 19990729
    source: JPNIC

    Hmmm... usually it's a bit more helpful and supplies an admin's name, phone number, and email address.

  2. Re:Remember, SPAM is for profit! by SEWilco · · Score: 2

    It often is not hard to convert from decimal to dotted quad form. Some of the tools which you mentioned will emit the dotted quad from when given a single decimal number.

  3. Sorry, I read that a little fast ... by wuzoe · · Score: 2

    I guess I read that question a little too fast.

    If they ONLY give a phone number, then I can only think of two things:

    1. Try to find a reverse look-up type of phone directory, and then hunt down the company ... not very practical.

    2. Try to identify which mail server was exploited to obscure the source, and have them fix their problem ... it's not direct, but it would keep the spammers running.

    --

    --Wuzoe

    I'm a nice person. People like me.