: SERVICES |
: INFRASTRUCTURE |
: NEWS AND EVENTS |
: SUPPORT | : COMPANY PROFILE |
| Acceptable Use Policy Overview | |
| Abuse Center | |
| Email AUP | |
| Enforcement | |
| Report an AUP Violation | |
| More Information Regarding Spam | |
| Definitions | |
| Back |
For more information regarding spam and its effects on the Internet, we recommend the following sites:
- "How to complain to a spammer's provider." - http://spam.abuse.net/userhelp/howtocomplain.shtml
- "Figuring out where Spam came from." - http://ddi.digital.net/~gandalf/spamfaq.html
- "Sam Spade - Tells where spam is coming from." - http://samspade.org/
- "Don't Spew" - http://www.faqs.org/rfcs/rfc2635.html
How To Determine WHO Sent That Unsolicited Electronic Message
Below you will find examples of tracking down the origin of a spam message. By following these steps you will be able to track down where the message originated in order to file a complaint. Included are examples of tracking spam through e-mail as well as spam on Usenet.
Unsolicited Electronic E-Mail
The following is what a typical e-mail header looks like. The numbered areas contain key information for tracking down the source of the spam:
-
Microsoft Mail Internet Headers Version 2.0
Received: from mail-1.xyz.demon.net ([172.16.243.143]) by
sbs2000.iiid.local with Microsoft SMTPSVC(5.0.2195.2966);
Wed, 17 Jul 2002 07:05:09 +0100
Received: from relay-1.mail.xyz.net [192.168.242.51] by mail-1.sbs.xyz.net with smtp id 17Uhw0-000PUK-49; Wed, 17 Jul 2002 07:05:12 +0100
Received: from ns2.somemailserver.com ([192.168.124.160])
by relay-1.mail.xyz.net id aa0125684; 17 Jul 2002 6:05 GMT
Received: by SNOOPY.venture.com (PowerMTA(TM) v1.5); Wed,
17 Jul 2002 01:57:56 -0400 (envelope-from )
To: cm3k2@peak10.com
From: "Viagra Online"@relay-1.mail.demon.net
Subject: Viagra - Xenical
Content-Type: text
Date: Wed, 17 Jul 2002 01:57:56 -0400
- The IP address of where the spam originated is located on this line. Be careful to only take the information in the brackets, as other information on this line can be forged. When finding the originating IP, it is usually in the last "Received:" line in the headers of the message. You may usually disregard the "Received:" lines before that one, because they only show the path that the message took to get to your address. Once you have the IP, you can determine who owns that IP by going to http://www.arin.net/whois and using the search option. This will give you all of the information you need to file a complaint against the initiator (contact e-mail addresses, etc.)
- The "From:" field is almost always forged in a spam message, so disregard any information on this line. It will not help you in tracking down the origins of this message.
- This line will usually have your e-mail address on it since the spam came to you, but not always. If another address appears in the "TO:" field, the spam was still meant for you. Spammers will use this method to make it look as if the message came to you by accident ¡ which isn't the case.
How To Determine The Sender's ISP
Once you have determined the sender's IP address, the next step in the reporting spam is to determine to whom it should be reported. The owner of an IP address, can use the following Web sites:
- For American addresses, use ARIN (American Registry of Internet Numbers) at: http://www.arin.net/whois/index.html
- For European addresses, use RIPE at: http://www.ripe.net/cgi-bin/whois
- For Asia-Pacific addresses, use APNIC at: http://www.apnic.net/
There is also a site that will search through all of these IP Address Registries. This tool can be found at http://www.samspade.org/
A Whois look-up on any of these sites will yield a result similar to the following:
REGISTRANT:
Peak 10, Inc. (NETBLK-Peak10-NETBLK-1)
8910 Lenox Pointe Dr. Suite A
Charlotte, North Carolina 28273
US
Netname: Peak10-NETBLK-1
Netblock: 66.129.64.0 - 66.129.127.255
Maintainer: PEK
Coordinator:
Peak 10 (ZP76-ARIN) abuse@peak10.com
866-732-5836
Administrative Contact, Technical Contact, Billing Contact:
Organization:
Peak 10, Inc.
Peak 10 Support
8910 Lenox Pointe Drive
Charlotte, North Carolina 28273
US
Phone: 704-264-1010
Fax..: 704-264-2010
Email: support@peak10.com
Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com
Domain Name: Peak-10.COM
Created on..............: Wed, Mar 15, 2000
Expires on..............: Sat, Mar 15, 2003
Record last updated on..: Wed, Jan 16, 2002
Administrative Contact:
Peak 10, Inc.
Peak 10 Support
8910 Lenox Pointe Drive
Charlotte, North Carolina 28273
US Phone: 704-264-1010
Fax: 704-264-2010
Email: support@peak10.com
DNS Query:
Domain System inverse mapping provided by:
NS1.CLT.Peak-10.COM 66.129.64.152
NS1.JAX.Peak-10.COM 66.129.80.152
The search provides valuable information in determining the sender's originating ISP.
Registrant: The registrant is the company or individual who has registered the IP address.
Administrative Contact, Technical Contact, Billing Contact: Here is where you will find information on where to send your complaint. Sometimes there are contact numbers and addresses for each category, while other categories there may have just one. Often there will be an Abuse address in this section.
Domain servers in listed order: This section shows the Name Servers that the Registrant is responsible.
If an abuse address is not listed, send the complaint to abuse@ the domain to which the IP address resolves (the address listed in the DNS query). It is an RFC standard that all domains have an abuse address to support complaints.