How To Identify a Spammer
from Al Bredenberg
Publisher of EmailResults.com
Spammers can be pretty slippery characters. Sometimes, though, it's possible to track them down and sic the authorities on them. Here's how.
Although spammers try hard to mask their identities, in some cases you will be able to track them down to report them. Here are some points of identification:
Return address -- This is usually fake, but not always. Even if you suspect the address is phony, it's a good idea to get in touch with the ISP or domain owner to let them know their domain is being used in this fraudulent way. Domain owners have successfully sued spammers abusing their domain names in this way.
E-mail address in the body of the message -- Often a spammer will expose himself by using his real e-mail address as a point of contact within the body of the e-mail.
URL in the body of the message -- Many spammers use a Web site as a point of contact. It's often possible to get in touch with their Web host and get the Web site shut down.
"Remove" address in the body of the e-mail -- Some spams contain an address where you can supposedly get yourself removed from the e-mail list. Often this is a fake address or one unrelated to the spammer. However, sometimes this is a real address owned by the spammer.
Phone number in the e-mail -- Some spammers use a phone number as a point of contact. If the number rings through to the advertiser's office or home, this can be a way to speak directly to the person to let him know how you feel about his advertising practices. If it rings to a voicemail box, you can still leave a message expressing your opinion. Some spammers even offer toll-free numbers for your convenience!
Header information -- E-mail header information can help you track down a spammer. Keep in mind that spammers will often create fake headers. By close examination, however, it's usually possible to identify the true IP number from which the spam was sent.
For example, this information appeared in the headers of a spam I received:
Received: from ovhxhq.Marketing (98A65FB3.ipt.aol.com [152.166.95.179]) by knicks.cybercon.com (8.8.5/8.6.12) with SMTP id MAA18808 for
"98A65FB3.ipt.aol.com" could be forged, so I won't assume the spam came from AOL, although it might be good to let AOL know about it. "152.166.95.179," appearing in brackets, however, is probably not forged. Running a trace route on that IP number will lead me to a domain name. I can then send a spam report to the postmaster or abuse department at that domain.
Identifying the spammer is an important part of the process of putting a stop to the person's unethical and possibly illegal advertising methods.