OT Killing spam 101 (was no more boredom! ) LONG

From: ian_hammond_cooper_at_...
Date: Thu, 05 Jul 2001 11:17:48 -0000


John wrote:
>Since they're spamming my inbox as well, I'd be happy to.
Please forward instructions!<

SUMMARY


from:

http://help.yahoo.com/help/us/geo/abuse/abuse-04.html

"forward the entire body and subject of the spammed email to: abuse_at_...

Please be sure to include the headers, the subject, the GeoCities URL, or the content of the email. Omitting this information in the forwarded email may make it more difficult for us to review the site in question and take appropriate action."

GENERAL ADVICE ON DEALING WITH SPAM

There is never any point moaning to the spammer - what you need to find is the ISP that provides the mail account or web site. The spammer usually sets up a web site or address to respond to - this and not the posting address is your best first line of attack. Only go for the originator if you have to (teynopen&shut the mail accounts so easily it won't help)


WEB SITE
>From Yahoo's advice on dealing with spam:

"Look at the domain. This is the part after the _at_ sign of an email address or the last part of the server name in a URL. For example, the URL of http://www.abc-bds.bogus.net/somepage.html has a domain of simply bogus.net. Once you have the domain, you can look up the administrative contact at InterNIC."

Me:

http://www.internic.net/whois.html

Geocities in this case whichn tells me

Domain Name: GEOCITIES.COM

   Registrar: NETWORK SOLUTIONS, INC.
   Whois Server: whois.networksolutions.com    Referral URL: http://www.networksolutions.com 

   Name Server: NS2.GEOCITIES.COM
   Name Server: NS1.YAHOO.COM
   Name Server: NS2.DCA.YAHOO.COM
   Name Server: NS4.GEOCITIES.COM

   Updated Date: 13-jun-2001

Helofully, in this case, Geocities is part of Yahoo. They have a great site which is:

http://abuse.yahoo.com/

and this page details how to deal with spam from a geocities site

http://help.yahoo.com/help/us/geo/abuse/abuse-04.html

so that is how we sort his guy out. Say bye bye to his web site.


EMAIL
"Provided that you have opted to display "full headers" in your email application, you should find a line in the email message that contains an 8 to 12 digit number, separated by periods. It should look something like this:

Received: from [123.456.78.91] by . . .

The "123.456.78.91" represents the unique IP address of the sender's ISP. Once you have identified the IP address, you can run a search to determine which ISP provides this person with Internet access.

There are several utilities available on the web to run a search. Here's one web site where the utility will try to determine the actual computer that uses the IP address:

http://www.arin.net/whois/index.html"

"Once you've done a successful lookup, simply email the entire message (including full headers) to the person listed as the administrative contact. Explain your situation. They may have further requirements, but this is the person or group you want to be in contact with."

Hope this helps,

Ian Cooper

Powered by hypermail