Jump to content

How to locate spammers ?


iceb
 Share

Recommended Posts

Hi Expert.

I am recieving a lot of spam mails from different

com domains . I would like to know a way to look up the

headers on the spam mails so I can find out what contry

they are in.

What kind of software would you recomend ?

The only english emails that enters this account of mine

are the spam emails.

Is there a way I could direct them to a spam folder or deleted

items folder or something ?

I have already downloaded an evaluation of IHatSpam.

Best Regards

iceb

Link to comment
Share on other sites

...

I am recieving a lot of spam mails from different

com domains . I would like to know a way to look up the

headers on the spam mails so I can find out what contry

they are in.

What kind of software would you recomend ?

The only english emails that enters this account of mine

are the spam emails....

Although English language they will come from 'servers' all over the world. I don't think you would get far by looking at just where they are sent from.

Reading headers can be difficult because the spammers put fake detail there. Many of us 'here' learn by feeding the spam through the SpamCop parser and seeing how it works out the true source of the spam. Anyone can do this with even a free reporting account. See How does SpamCop reporting work? and Free Reporting Service

The reporting feeds the SC block list. There are applications which can use the blocklist. See How can I use the blocklist without mailserver configuration? Apart from SpamAssassin (mentioned in that link) there is other software, some recommend Mailwasher Pro. You need to use more than one blocklist to reduce very much the spam in your inbox. You can get these blocklist facilities through a SC email account too - SpamCop eMail for Individuals.

There are many options to using SC - see the entries under http://forum.spamcop.net/scwik/PageIndex for "HowIuseSpamCop" by various users, all doing different things. Or you can use non-SpamCop solutions. But this is maybe not the best place to get advice on those.

Sorry, no "simple" or "best" answer.

Link to comment
Share on other sites

I use spampal which is free and can be downloaded and integrated in most current e-mail clients(spampal.com), it extracts IPs from several blocklist including Spamcop and trashes the spam in a separate folder so you can either report from that folder or delete its content. It needs occasional whitelisting but otherwise is very easy to configure and use.

It will recognize spamming e-mails from IP not domains. Domains are not an integral part of the header in any event. Most e-mail clients have content filters which look inside the e-mail but spammers use all kind of countermneasures to defeat them so I don't fint those very effective or at least not in the long run.

Edited by dra007
Link to comment
Share on other sites

Hi

So does spam pal have a function so I can direct the spammails to the

deleted items folder that is in english language and send from com domains

and from usa? Because those are the spammails I am recieving currently.

iceb

Link to comment
Share on other sites

...So does spam pal have a function so I can direct the spammails to the deleted items folder that is in english language ...
I think dra007 is suggesting most email clients/applications would have that facility (at least in terms of looking for some common English words in the body of the spam) - he warns that this is not usually effective. dra007, you will of course feel free to correct me if I misrepresent you. But your situation is different since you are looking at the content differently.
...and send (sent) from com domains and from usa? ...
That detail is mostly fake but yes, your email client at least should be able to construct filter rules based on the "From:" address but it might be difficult to get much past ' contains ".com" '.

You say 'from usa', I doubt if you can write a rule for that, based purely on the (forged) sender address (just try to do it). I have already said the real origin of these messages can be anywhere in the world. Not so many of them really come from the US - but you need something like the SC parser to be able to see that much. But, anyway, some/most email clients will let you build a blacklist of email sender addresses. With the spam I see, that would not be much use - spammers use millions of addresses.

Link to comment
Share on other sites

Hi I am using a software to analyze the headers. So far most of the emails har been send from

usa. It also shows me the 10 other coontries the spammail has been through but it was originally

send in the usa. But all of my spam is from com domainns so I already made a filter in IHATESPAM

with com domains. IN IHATESPAM there is also a function where you can simply say that all

the mails from a certain contry is considered spam and then I added usa.

iceb

Link to comment
Share on other sites

..But all of my spam is from com domainns so I already made a filter in IHATESPAM with com domains. IN IHATESPAM there is also a function where you can simply say that all the mails from a certain contry is considered spam and then I added usa.
It sounds like Ihatespam is doing everything you want. Maybe you can tell us later (when you have a chance to try it for a while) whether it is good for you. We will be interested.
..Hi I am using a software to analyze the headers. So far most of the emails har been send from usa. It also shows me the 10 other coontries the spammail has been through but it was originally send in the usa. ...
That is intersting too. What we often see 'here' are fake headers which try to pretend they come from somewhere else. Closer analysis shows they are bogus. Wikipedia says (first quarter 2008, with change from 4th quarter 2007):

Asia (34.3%, up from 32.1%)

Europe (30.7%, up from 27.1%)

North America (18.9%, down from 26.5%)

South America (14.2%, up from 12.5%)

http://en.wikipedia.org/wiki/E-mail_spam

But there are different types of spam in different places. If blocking USA works for you, that is good. Please let us know how it works out for you.

Link to comment
Share on other sites

I don't know that IHATESPAM is doing everything the OP wants or he would not be here asking how to do it.

For iceb:

Headers are analyzed correctly by looking at the IP addresses (numbers that look something like xxx.xxx.xxxx). Those numbers are the way that one computer 'talks' to another computer. They are translated for the user into words like xxx.com or xxxxxx.net.

Spammers can forge IP addresses. The only IP address that is almost sure to be correct is the last IP address that is accepted by your service provider (or you, if you administer your own email server). spamcop calls this address the 'source' IP address. The 'source' IP address is on the spamcop blocklist. If an IP address is on the spamcop blocklist, then a person can use the blocklist to tag spam and put it in a spam folder.

There are lots of blocklists. Some blocklists do block all spam from a particular country - based on IP addresses, not on domains. There are many people in the United States who tag all email from Chinese IP addresses. The spam that comes from China is usually in English, not Chinese. The spammer is using a Chinese IP address to send the spam to a list of email addresses. Spammers do not care if some of the owners of the email addresses do not speak English. Sometimes I get spam in German or Spanish or Chinese.

Content filters or email address filters do not identify spam as consistently as blocklists do. If you use a filter such as spampal or Mailwasher, you can use some IP address blocklists to identify spam. If this IHATESPAM filter identifies source IP addresses, then it can be used to tag spam. It also needs to have a function that allows you to whitelist certain email addresses that you want to receive email from. Sometimes more than one person uses the same IP address to send email. Another person can use the same IP address to send email as a spammer. If a person is someone you want to hear from, then you need to tag his email address (whitelist) as an email address you want even if his IP address is blocked.

This is what Amazon.com has to say about iHateSpam

Product Details

* Shipping Weight: 8 ounces

* Shipping: Currently, item can be shipped only within the U.S.

* ASIN: B00006RZ9P

* Item model number: BP00IHS

* Date first available at Amazon.com: October 7, 2002

* Average Customer Review:

55 Reviews

5 star: 45% (25)

4 star: 5% (3)

3 star: 7% (4)

2 star: 9% (5)

1 star: 32% (18)

See all 55 customer reviews...

3.2 out of 5 stars (55 customer reviews)

* Amazon.com Sales Rank: #4,026 in Software (See Bestsellers in Software)

Popular in these categories: (What's this?)

#7 in Software > Business & Office > Communication > E-mail > Security & Filtering

#91 in Software > Utilities > Internet Utilities > Security & Filtering

* Discontinued by manufacturer: Yes

This program was designed to be used with Outlook and Outlook Express. The customer reviews are about split between very good and very bad. It has a feature that will 'bounce' spam back. DO NOT USE 'bounce' back functions. You will become a secondhand spammer. You will be sending email to innocent people who did not send the spam. The spammer forged their email addresses into the spam.

I do not recommend iHateSpam, mainly because the full version seems to be discontinued by the manufacturer. Like one of the reviewers, I changed my email address, am careful to not use it on the internet, and no longer receive any spam. Other email addresses, that I use to buy products and publish on the internet, still receive spam.

Miss Betsy

Link to comment
Share on other sites

Well I like IHATESPAM and I have had it before when I was spammed.

Then it worked perfectly and the spam went away. MY isp and my webhotel does not do anything to make anti spam solutions or upgrades

available so that is why I had to have an extra entispam software on top of the one that is in my webhotel package. I am owner of the domain that is being spammed currently.

iceb

Link to comment
Share on other sites

I am owner of the domain that is being spammed currently.

I am not sure what exactly you mean.

Are you the owner of a website that has email as part of the package? If you are, perhaps you mean that you are getting lots of 'misdirected' bounces, non-delivery messages for email you didn't send?

Also, you may be getting more spam because you haven't disabled the 'catch-all'. If you are the owner and can create email addresses, you can create a non-spammy one to use and still monitor the old one until your legitimate correspondents get the address changed in their address books and still catch an email from some long lost acquaintance who finds your old email address and decides to contact you. The new one should have numbers like 1c3b to frustrate the dictionary spammers.

You might look into spampal. Lots of people who frequent these forums seem to use it. Mailwasher is also another one that people mention. petzl swears by the spamcop email service.

Miss Betsy

Link to comment
Share on other sites

  • 3 weeks later...

I use spampal which is free and can be downloaded and integrated in most current e-mail clients(spampal.com), it extracts IPs from several blocklist including Spamcop

Does anyone know of a Macintosh version of that type of software.

I've wanted to "automate" discovery on spamvertised domains for some time,

but nothing yet to support the Mac platform.

:(

currently, I use the "REPORTS" sent back from SpamCop identifying the

owners of the spamvertised domains found in the spam.

This is tedious and time consuming, but BBEdit (Mac) is very helpful

in parsing the files -- which are considerable.

However, SpamCop reports do not include the country.

I select the most frequent instances of the domains, then check either

the Whois or SamSpade for the IP addresses to block. Using a "partial"

wild card, you can block nearly entire ISP ranges of IPs.

I just wish I could automate the IP / Domain look-ups

:(

Link to comment
Share on other sites

Does anyone know of a Macintosh version of that type of software.

I've wanted to "automate" discovery on spamvertised domains for some time,

but nothing yet to support the Mac platform.

I'm not clear on what it is you want the software to do. Are you interested in identifying and trashing the spam, or in looking up info on URLs in the spam?

-- rick

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...