I was working on a greek guide about h(a)unting the spammers last night but here is a short one in english. It might look a bit complicated but once you understand the mechanism it gets very easy and fun.
First of all before h(a)unting the spammer we should know some basic stuff about internet.
- A website needs webspace to be online. It needs a WEBHOST.
- A website needs a domain name to be online. It needs a REGISTRANT.
When we get a spam email, usually it says that we should visit a website. So THAT website is the guilty one, that website is responsible for the spamming.
That website enbodies THE SPAMMER himself :)).
Now that we know who the spammer is, all that is left to do is find out who their registrant and host is. Usually the host is more important for the termination of the spammers account. The registrants are slow to reply and sometimes dont even care. Stil, I send spam complaints to both.
How can we find out the host and the registrant?
Its very simple. By making a whois query. This information is public, its no secret and anyone can view it through a whois query. I usually use the Computerbetrug site for my whois queries. Its the best I have found. Its in german but that doesnt matter, the results are in english anyway.
Once we have identified the host and the registrant, all we need to do is send them an email with our complaint. This email should include the original spam email and its FULL HEADERS. The full headers come along with the email. In outlook express all you need to do is highlight the spam email, right click on it, click on properties, click on details, highlight the headers, copy them and paste them into the email.
Here is a picture-guide.
Now I will show an example with the spam email that Indie got HERE .
We identify the spammer as h**p://www.rightvisitor.com/
1. I visit computerbetrug and make a whois query (dont forget to tick the ip whois box, the IP belongs to the WEBHOST, and this will lead us to tracking the webhost)
2. So they have spoofed their contact emails, thats ok. We dont mind. We dont want to contact the domain owner anyway. We want to contact their provider!
3. The ip belongs to ThePlanet.com Internet Services, Inc. so we get the abuse email
abuse(@)theplanet.com this is where our complaint email will go with the full headers and the original spam email.
4. The registrant is enom.com, so lets visit their site and try to get an abuse email in their contact pages. I find this email in their site info(@)enom.com. So our complaint email will go there are well.
Now in Indies case, this is not about email spam, its about blog spam, so we have no original email and headers to send them. But we can send them the link to the spam entry, it should be proof enough.
Any questions? :D
Here is the email I sent:
Subject: Unsolicited email/blog abuse
Dear Sir/Madam,
I would like to report a spam send in a blog by one of your clients. The spam is from ***.rightvisitors.com posted in this blog http://indeterminacy.blogspot.com/2005/08/new-delhi-office-was-kept-dark-to-save.html:
"Anonymous said...
Hey, you have a great blog here!
I have a buy targeted web site traffic site. It pretty much covers ##WEBSITE TRAFFIC## related stuff.
Come and check it out if you get time.
I'm new to blogging so sorry if it's not right for your blog.
Hope to see your blog grow.
Thanks again
9:29 PM, October 11, 2005"
Please take the necessary action to prevent spammers from spamming our blogs.
Sincerely
3 comments:
I got a guestbook spam I can try this on!
Name:
E-Mail: woodman447@yahoo.com
Date: 2005-11-24 08:43:50
Location:
Message:
Idleness is the beginning of all psychology. What? Should psychology be a vice? (There is a German proverb Idleness is the beginning of all vices. http://ativan.lookscute.com ativan/a http://ordersoma.lookscute.com soma/a http://ambien.loveslife.com ambien/a http://buytramadol.loveslife.com tramadol/a http://buyxanax.loveslife.com xanax/a http://orderlevitra.lookscute.com levitra/a http://fioricet.loveslife.com fioricet/a
Wow, so many links! But one would have to go only after the two main domains
lookscute.com
loveslife.com
Btw the email of the entry is probably spoofed.
Post a Comment