Harmful spammers

Ketil Malde ketil@ii.uib.no
11 Oct 2001 08:02:33 +0200

jefu <jefu@cs20.eou.edu> writes:

> 2) Every time you get spam, locate all the hosts it came through
>    in the header.  Check both hostnames and ip addresses as one 
>    of the common spammer techniques is to give a different hostname
>    than the ip address maps to.  

Note that spammers add dummy entries to the Received: list.  The
server previous from your trusted maildrop is usually the one to

>    Given a site name of "foo.bar.com", my usual list of
>    addresses is :

You can also look up people responsible for the domain with the 'whois'
command.  Many places simply seem to ignore mail sent to
e.g. postmaster, but people in the whois database tend to be real. 

>    In that mail, complain about the spam and include the entire
>    mail message that you got (including the headers).    (If I
>    get really bugged - for example by getting the same spam over
>    and over again, I'll often include a huge image file that

I'd advise against that.  A polite complaint is in order, but there's
no need to be deliberately nasty.  And there's also a good chance
you're hitting the wrong persons, and/or alienating those with power
to deal with the spammer.

If I haven't seen further, it is by standing in the footprints of giants