Date: Wed, 2 May 2001 21:02:42 +0000
Reply-To: TOURBUS-Request@LISTSERV.AOL.COM
Sender: The Internet TourBus - A virtual tour of cyberspace
From: Bob Rankin
Subject: TOURBUS - 01 May 2001 - Spam Hunters!
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
----------------------------------------------------------------------
TOURBUS Volume 6, Number 76 -- 01 May 2001
----------------------------------------------------------------------
_________ ____________ ________ __________ _____________ ___ _
/ | / | | / | \
| Get a NEW Car Price Quote - FREE!! / | \
|__________|__________/__________|__________|___________/_____| \
/ |----\
| Thinking about buying a new vehicle? Don't pay more than |////|
| you should! Our FREE Price Quote allows you to build the |////|
| exact car you want, get Invoice Pricing and receive the |////|
| best possible price from an accredited dealer. |////|
| |////|
| |////|
| CLICK for Your FREE Car Price Quote |////|
\_______________________________________________________________|____|
/ \ / \ / \
\___/ \___/ T h e I n t e r n e t T o u r B u s \___/
FIVE YEARS of Searchable Archives at http://www.TOURBUS.com !!
TODAY'S TOURBUS TOPICS: Spam Hunters
Greetings, fellow riders. Actually, I was tempted to say "Crikey,
mates - we're going hunting for spammers today!" But I didn't. So
you can thank me whenever you like. If you've ever wanted to hunt
down a spammer and exact revenge for the pain you've suffered, read
on!
+--------------- SAVE YOUR MONEY WITH FREE CDROM's! ---------------+
Scoop up popular Windows SOFTWARE on CDROM for FREE. You pay ONLY
the shipping and handling for these and 75 other great CD titles:
NORTON SYSTEMWORKS 2000 PRO (List: $69.99 - FREE)
PRINTMASTER PUBLISHING SUITE 7.0 (List: $49.99 - FREE)
WEBSTER'S 2001 MILLENNIUM ENCYCLOPEDIA (List: $49.99 - FREE)
QUICKEN 2000 DELUXE (List: $59.99 - FREE)
Click Here to Select your FREE CD's Now
+------------------------------------------------------------------+
--------------------------------
SO YOU WANNA BE A SPAM HUNTER?
--------------------------------
One of the more common questions I get from readers is "How can I
track down the low-life sleazeball spammer who sent this garbage to my
inbox?" If you're a long-time Tourbus rider, you'll know that I hate
spam with a passion, but in most cases my recommendation is to press
the Delete button and get on with life.
There are some strategies you can use to protect your email address
and limit the flow of unwanted emails, but attempting to hunt down a
serious spammer is probably the LEAST effective. Here's why...
Unless you have the cooperation of the offender's Internet service
provider (ISP) and local law enforcement, there's almost no chance of
nailing the spammer. I'm going to outline the steps that a spam
hunter would take in an attempt to find the actual sender of a
message, and I'll point out the many pitfalls along the path.
You might find some of this a little bit on the geeky side, but try to
follow along. It's really not that technical, and you'll learn
something about how email works in the process.
--> STEP ONE: FIND CLUES IN THE "RECEIVED" LINES
Here's how to determine the ISP that a spammer used to send his
massive missive. First of all, ignore the From and Reply-To lines in
the email header, since they are almost certainly forged. If a
spammer failed to use a bogus email address, it would be like a bank
robber leaving his business card at the scene of a crime.
The only place to find reliable clues about the origin of an email is
in the first Received line from the email headers. Most email
programs show only the Date, From, To, and Subject headers, so to
reveal the Received lines, you'll need to poke around a bit.
On AOL, the the full headers can be found down at the bottom of the
message. If you use Netscape Messenger, click on View/Headers/All. In
Outlook Express, click on View/All Headers. For other email programs,
the process should be similar. The Received lines will look something
like this:
Received: from smtp3.verizon.net (206.46.170.25)
by mx2.your-local-isp.com with SMTP; 1 May 2001 17:56:33 -0400
Received: from gte.net (1Cust26.juanita.wa.da.uu.net - 63.16.250.95)
by smtp3.verizon.net with ESMTP; 1 May 2001 16:50:51 -0500 CDT
There might be a whole bunch of Received lines, but we care only about
the one at the bottom of the list, because it represents the first hop
in the delivery of the email. Here's what that Received line tells
us:
- the message originated at gte.net on 1 May 2001 at 16:50:51
- the sender's dialup address was 1Cust26.juanita.wa.da.uu.net
with an associated IP address of 63.16.250.95
--> STEP TWO: FIND THE SPAMMER'S ISP
The dialup address (1Cust26.juanita.wa.da.uu.net) could also be
forged, so we'll ignore that for now and focus on the IP address. A
reverse IP lookup at http://www.amnesi.com tells me it resolves to
UUNET Technologies, Inc.
3060 Williams Drive, Suite 601
Fairfax, VA 22031
Technical Support: help@UUNET.UU.NET (800-900-0241)
Theoretically, UUNET should be able to tell you where 63.16.250.95 is
physically located, and the username of the person logged on with that
IP at 16:50:51 CDT. They MIGHT even have caller-id logs revealing the
phone number that user dialed in from.
--> STEP THREE: BANG HEAD ON HARD SURFACE
But unless you are a law official they probably won't reveal this
info, correctly citing the privacy of their customers. It gets
worse... Even if the ISP did tell you the name of the alleged
offender, someone could have stolen that user's password and used
their account without permission. Dead end. If the ISP told you the
phone number that was used, it might be a public terminal at a school,
library, mall, etc. It might be a business or residence where there
are multiple people with access to the computer using that phone line.
Dead end again.
To make a long story short - even if you have the cooperation of the
ISP and law enforcement, it can still be tough to pin the crime on a
specific individual. Depressing, ain't it?
-------------------------------------
DON'T PUT A BILLBOARD IN THE DESERT
-------------------------------------
Do you have a business that needs some good publicity? Why not
advertise in the Internet Tourbus? Our sponsors tell us that Tourbus
advertising brings them results, so I'm sure that your business would
benefit from exposure to our large, diverse audience. And the cost is
less than you'd expect! Write to info@tourbus.com for details.
Next week, I'll share some ideas that can really help to stem the tide
of unwanted emails, and keep your address safe from spammers. That's
all for now, see you next time! --Bob Rankin
=====================[ Tourbus Rider Information ]===================
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
Copyright 1995-2001, Rankin & Crispen - All rights reserved
Help the hungry, poor and sick - for free! http://FreeDonation.com
Subscribe, Signoff, Archives, Free Stuff and More at the
Tourbus Website - http://www.TOURBUS.com
=====================================================================
