Tracking down spamvertised websites...


Hi, all.

I wanted to run something by you all, and see if I'm on the right track.

OK, I figured that if I find out about the websites that are advertised in spam, and figure out who's hosting them, then I can report to the web host and upstream providers for those unusually persistent spams that never seem to go away. I'll keep moving up the IP chain until I get a response from someone.

So, I get the URL of the offending website from the spam email, and type this: http://uptime.netcraft.com/up/graph/?host=www.xxxxx.com

where www.xxxxx.com is the offending website.

This gives me the IP address of that website.

Then, I go to http://visualroute.visualware.com/ and type in the IP address of the offending website. This gives me a visual graph (traceroute) of the upstream, as well as the geographical location of the website in question.

Then, I use Sam Spade to dig out the abuse email addresses of the upstream providers, and send the full headers and body of the spam, along with a screen shot of the visual trace route.

Am I on the right track, or am I messing something up and sending spam reports to the wrong places? I don't do this for all spam, just those that never seem to get handled via normal channels of reporting.

Thanks for any help you can provide.

your method of obtaining a website's IP is cumbersome .. later on you mention using SamSpade .. why not do more reseach there (or with the tool set for Windows )

Use of VisualRoute has the same advantages and dis-advantages of the Trace root utility by itself. there's upstream (where the money flows) and there's connectivity ... the results may or not be the same, and the "upstream" may not only be a single point ...

Sending an attachment to an abuse desk is usually cause to have it dropped before anyone actually sees it. That you're suggesting that it's a big graphic, I'd almost guarantee it. And, just a small hint, the guy at the abuse desk probably has a general idea where in the world he's sitting, so why would he need a map anyway?

Someone else that tried to go in the direction you're headed started a thread, recently moved to http://forum.spamcop.net/forums/index.php?showtopic=348

in that post you'll see all kinds of data from other tool outputs ... as you can see, it gets out of hand pretty quickly if you're not sure of what you're doing.

That said, I'll refrain at this point to go much further at specifying addtional data here.

