|
How do I deal with spam?
Top : Email : General Email questions
| Article ID: |
 |
000032 |
| Rating: |
|
3.3 / 5.0 (3 votes)
|
| Views: |
|
2119 |
|
|
How do I deal with spam or junk email?
|
Webzone has in place several measures to reduce the amount of spam received by customers. However spam is an every changing problem with spammers changing both their internet connections and spamming methods regularly. This makes it very difficult to combat spam. However governments around the world are introducing laws to make spam illegal and gradually it is expected the amount of spam will reduce.
Spam is now illegal under Australian law. However this is only effective against spam that originates from within Australia. If the spam you have received is from Australia then you can report it to the Australian Communications Authority by visiting their website located at:
http://www.aca.gov.au/consumer_info/spam/reportingcomplaintsenquiries.htm
If the spam originates from outside Australian then you may still want to report it to the ACA and also follow the procedure below to report it to the appropriate overseas entities:
The common practice in dealing with spam is to trace the offending email back to its origins and register a complaint with sender's Internet Service Provider (ISP). Most ISPs are self-regulating when it comes to the use of their networks for spam purposes, and will act against spam. Additionally, the Internet Industry Association (IIA) has instigated several anti-spam solutions, including trial versions of software. Further details on this IIA initiative can be found at http://www.iia.net.au/nospam/.
This said, it can be difficult to determine the origins of content that is sent directly to you via another ISP. Most spammers do not readily identify themselves by any of the simple header information (To:, From:, and Reply-to:) you might see displayed in an ordinary email program. Many in fact forge these details.
However, every email must have header information that declares the IP addresses (a unique identifier for every computer connected to the internet) of the originating computer, the time the email was originally sent and the mail servers through which the message passed to get to you. An ISP will use both the IP address and the time the mail was sent to determine which user on their system was responsible for sending the spam, regardless of any forged addresses in the "From" or "Reply-to" fields.
To read the header information, you first must be able to view this information on each individual message. Once you can read the header infiormation, you will be able to report the spam message to the offenders ISP.
Below is an example of message headers from a spam email. We have numbered the individual lines of the header for your convenience.
1.
Return-Path: <81glbwc08@yeah.net>
2.
Received: from host200.200-45-231.telecom.net.ar ([200.45.231.200])
3.
by mta08.mail.mel.aone.net.au with SMTP
4.
id <20030811221700.TOEV15355.mta08.mail.mel.aone.net.au@
host200.200-45-231.telecom.net.ar>;
5.
Tue, 12 Aug 2003 08:17:00 +1000
6.
Received: from ([202.175.152.17])
7.
by host200.200-45-231.telecom.net.ar
8.
for ; Tue, 12 Aug 2003 00:17:00 +0100
9.
Message-ID:
10.
From: "Free Dealz" <81glbwc08@yeah.net>
11.
To:
12.
Subject: Make $1000 a day working at home. ddrx qlwv
13.
Date: Tue, 12 Aug 03 00:17:00 GMT
14.
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
15.
MIME-Version: 1.0
16.
Content-Type: multipart/alternative;
17.
boundary="C1_E8_5.92_7_B7F7"
18.
X-Priority: 3
19.
X-MSMail-Priority: Normal
From the above header, we can see the path the message took from its origin to its destination. Working backwords, the messages was intended for test@senet.com.au, and was supposedly from someone at yeah.net, which does not exist.
Reading the headers will help us follow the path the message travelled. In lines 2-5, we can see that the message travelled from 200.45.231.200 and was received by mta08.mail.mel.aone.net.au on 12 August 2003. Note that we use the IP address of host200.200-45-231.telecom.net.ar, rather than the host name. This is because the host name can change or be forged easily, while the IP cannot. But this doesn't tell us where the message originated, because there's more beneath it. In lines 6-8, we see that the message travelled from 202.175.152.17, and was received by 200.45.231.200
As this is the final step in the Received sections of the message (In this case, there were only two. In other spam emails there may be many more), we can deduce that the IP address of 202.175.152.17 is that of the originating computer at the time the message was sent. A completely different machine may have that IP address now, which is why it it best to submit the incident of spam email to the originating network.
As 202.175.152.17 belongs to part of a specific network, we can trace this IP to determine the owner of the originating network. Most operating systems have this functionality built in. Below you can find a quick reference on how to reach this utility.
Windows 95/98/ME
Start -> Run -> type in 'command'
Windows NT/2000/XP
Start -> Run -> type in 'cmd'
Macintosh OS 9
There is no built-in functionality for this. You will need to download a third-party application capable of this function.
Macintosh OS X
Hard Drive -> Applications -> Utilities -> Network Utility
From this point, whether at the command prompt (for Windows) or the Network Utility (for Macintosh), we trace the IP address of the originating machine back as far as we can. For a Windows computer, the command to be entered is tracert . For Macintosh, simply enter the IP address to be traced into the appropriate text box, and click trace. The tracert will trace the path to the originating computer, within 30 "hops" (a hop is a single path between routers), and will display the IP addresses of every reported router through which it passes.
In this case, the tracert has passed through 8 hops to the closest point it can reach to its destination. This last hop is where we would direct a spam complaint.
The last hop is at 203.166.16.37. To determine the network to which this belongs, we head to a web page that can run what is called a WHOIS query. GeekTools.com is one such page. Click on the Whois link across the top to gain access to their whois function. Enter 203.166.16.37 into the text box labelled Whois:, then click on the Whois >> button. This will return a lot of network information about the owner of that domain. In this case, the domain belongs to UUNET Australia Limited. If the final hop cannot be resolved to a definitive network, then the common practice is to move up to the previous hop listed.
The domain wcom.com.au (as listed in the Whois information) redirects to the MCI global home page. Searching through MCI's web site turns up no specific methods of reporting spam, so in this case the best method of reporting spam is to send it to address listed in the Whois information: abuse@wcom.com.au. If the network does not accept spam incidents through email, they will often explain how they do accept spam complaints in a response. If there was is no mention of how to report spam on the website, and none in the Whois information, then you may find them on http://www.abuse.net, a voluntary reporting database. If all else fails, then email can be sent to abuse@domain.com.
When submitting complaints, make sure that provide the entire message headers of the spam email in question, so that the network's security team can verify that the spam originated from within their network, and then so that they can determine which user generated the spam. These steps are necessary to prevent innocent users from being erroneously penalised for spam they may not have authored, and most networks require all the headers of a message before they will action a spam complaint.
You may find many networks do not respond or offer only an automated response to any spam complaints, however rest assured that network providers take such complaints very seriously as they may result in a listing as a spamming network service. Such a listing may result in an email block, where other network providers reject email sent from the spamming network. This would obviously directly impact the spamming network's viability as a business.
A short summary of the steps required to report spam to the offending users ISP is as follows:
1-Find the headers of the spam email, and locate the IP address of the originating computer.
2-Trace the originating IP address to the network to which it belongs.
3-Determine the owner of that network, and report the spam incident to the owner of the network.
|
|
