There are thre different types of SPAMmers and the methods you must take to protect yourself from them vary.
Net illiterate SPAMmers are usually individuals who have fallen for a "get rich quick" scam, are so new to the net they do not understand the technology nor the etiquitte, so young that that the don't know any better, or using old bulk emailers.
These individual acutally use the real addresses in some way.
Net savy SPAMmers are individuals who technically know the network protocols very well or are using sophisticated bulk emailers.
SPAM ISPs are corporations dedicated to SPAM. From one point of view these are the easiest to deal with.
individuals who technically know the network protocols very well or are using sophisticated bulk emailers.
Important headers are:
Path: gives the list of hosts a news item passed through, from the poster's site at the right end to get to your site at the left end. One or more entries on the right end may be faked so you may need to cooperate with others to track down which host in the Path: list the message was injected at.
Like the Path: header Received: headers are a list of sites the message passed through in reverse order but with only one host name per header. Again, the bottom entries (earlier timewise) in the Received: list may be faked. It is also possible for spammers to relay email via a third party so that the Received: header before your site's Received: headers may be a victim too. They're slack though as they should've configured their mail servers not to relay third party email. Some spammers also pretend to be innocent relay sites by forging additional Received: headers and lying in response to complaints; complain to the so-called `relay' site's ISP if you suspect this is the case.
Since intermediate sites always prepend headers then those higher in the list are much less likely to be forged than those further down. See how to interpret Received: headers for more information.
Even with normal, non-faked operation not all hosts or network routers a message passes through are recorded in the Path: or Received: headers. Use TRACEROUTE (described below) to get a more complete list.
Host names usually have machine name and domain name parts. For example kryten.eng.monash.edu.au has a machine name of kryten and domain name of eng.monash.edu.au (engineering faculty, monash university, education sector, australia) with larger domains monash.edu.au, edu.au and au. Look at your list of host names and see if you can add some local domain names to the list by stripping machine names from host names. This is a trial and error procedure and may not always give a valid result.
Some of the host/domain names you've discovered may actually be a numerical network IP address eg. kryten's is 22.214.171.124. Use DIG ipaddress->hostname to find a host name given an IP address and use DIG hostname->ipaddress to find an IP address given a host name. Add any new host/domain names discovered to your list. IP addresses can have zero, one or several host names. Host names can have zero, one or several IP addresses.
Some hosts and domains designate one or more hosts to handle any email directed to them. Use DIG hostname->mailexchanger to find out if there are any such hosts.
Received: from [126.96.36.199] by mail.somewherelse.com with ESMTP (ABC Mail Server 1.1.1); Mon, 13 Jan 1997 18:29:43 -0500 Message-Id: <email@example.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 13 Jan 1997 18:29:34 -0500 To: firstname.lastname@example.org From: someone <email@example.com> Reply-To: firstname.lastname@example.org Subject: unwelcomed letter unwelcomed letter. someone
SOMEWHERELSE (SOMEWHERELSE-DOM) Some Street Some Town, Some State, Some Zip Domain Name: somewherelse.com Administrative Contact: One, Some (SOXXXX) email@example.com 555-555-5555 Billing Contact: One, Some (SOXXXX) firstname.lastname@example.org 555-555-5555 Technical Contact, Zone Contact: One, Some (SOXXXX) email@example.com 555-555-5555
The following was received by [me/husband/parent/friend] and [I/we] didn't know what to do! [I/we] consider this [unsolicited junk/harassment/whatever].
[I am/we are] forwarding it to your attention as I am sure that you will want to take the appropriate actions against your client and keep your good name as much as [I/we] do.
Using unsolicited email advertisements is unprofessional and violates the intent of US Code, Title 47, Chapter 5, Subchapter II, which prohibits unsolicited fax advertisements.
By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b) (1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the afore- mentioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation.Broadcast Fax and Junk Email is also illegal under United States Public Law 103-414 Section 303(a)(11), it is unlawful "to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement."
Sexual harassment is a violation of Title VII of the 1964 Civil Rights Act, and Title I of the Civil Rights Act of 1991.
Thank you for your prompt attention to this matter.
Consider adding a PS if the problem is very extreme:
PS [I/we] feel VERY strongly about this and will follow-up if appropriate action is not taken, and a formal police report is filed under [sexual misconduct or whatever the problem is].