Go Back   the Magicball Network > Forums > MBN Main Forums > Off topic

Welcome to the Magicball Network.

You are currently viewing our site as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us.

Off topic General off-topic chat goes in here.

Reply
 
Thread Tools
  #1  
Old 2002-07-20, 13:24
Darkflame's Avatar
Darkflame Darkflame is offline
Classic
 
Join Date: Feb 2001
Location: Sol, Earth, NL
Posts: 22,496
Send a message via ICQ to Darkflame Send a message via AIM to Darkflame Send a message via MSN to Darkflame
Spam email tracing?

Does any of you know a way to trace where a spam email came from so I can get the senders IP blocked?
My mum's email yesterday recieved almost a 100 copys of the exact same spam email.
The source is below:

========
From [email address] Fri, 19 Jul 2002 05:10:24 -0700
Received: from [213.86.40.70] by hotmail.com (3.2) with ESMTP id MHotMailBF0147D200934004319ED5562846F15296; Fri, 19 Jul 2002 05:08:29 -0700
Received: from erdev.erecruitment.com ([10.1.100.4]) by hercules.erecruitments.com with Microsoft SMTPSVC(5.5.1877.197.19);
Fri, 19 Jul 2002 12:42:16 +0100
Received: from bgnww8001.erecruitment.com - 10.1.100.11 by erdev.erecruitment.com with Microsoft SMTPSVC(5.5.1774.114.11);
Wed, 17 Jul 2002 19:32:02 +0100
Received: from mail.cs.hut.fi ([208.37.95.106]) by bgnww8001.erecruitment.com with Microsoft SMTPSVC(5.0.2195.3779);
Wed, 17 Jul 2002 15:06:31 +0100
To: <debrairvin@hotmail.com>,<tripindicular@excite.com>,<fuegodh@hotmail.com>,<dfdycus@earthlink.net>,<c orazon62@hotmail.com>,<jdues@hotmail.com>,<austin080@hotmail.com>,<jag430@hotmail.com>,<huynh85@hotm ail.com>,<iluvgyz@excite.com>,<dylanl@earthlink.net>,<danbates@earthlink.net>,<daflynt@hotmail.com>, <hinka@home.com>,<cocomero@hotmail.com>
Cc: <apirak@excite.com>,
<angcheryl@hotmail.com>,
<hddoc1@hotmail.com>,
<gfrancis3@hotmail.com>,
<mburkert@earthlink.net>,
<gdubois@emconinc.com>,
<jianchoek@excite.com>,
<bcoronato@earthlink.com>,
<jcp202@hotmail.com>,
<jdittemore@excite.com>,
<dckoppen@hotmail.com>,
<directequity@hotmail.com>,
<hicups@hotmail.com>,
<annie1019@hotmail.com>,
<georgina88@hotmail.com>
From: "Wasted" <pfzlg@dial.active.ch>
Subject: Weedmon say: call, we be open 7 days, mon
Date: Wed, 17 Jul 2002 06:54:00 -1900
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Return-Path: [email address]
Message-ID: <ROMULUS8r6beUzmRf6C00003ee0@bgnww8001.erecruitment.com>
X-OriginalArrivalTime: 17 Jul 2002 14:06:32.0685 (UTC) FILETIME=[2791E9D0:01C22D9B]

***************************
Now Open Seven Days A Week!
***************************

From the ethnobotanical herbalists who brought the herba supplementals; Kathmandu Temple Kiff “1” & “2” “Personal-Choice”, pipe-smoking products/substances to the common

.........(insert rest of spam message here).......
=========

I know the from info says "pfzlg@dial.active.ch", but I'm sure that isn't a real account.
Is "ROMULUS8r6beUzmRf6C00003ee0@bgnww8001.erecruitment.com" the real account?

I'm pretty sure if I can find the host, I can get guys IP bloocked.
(after all, its wasting there system as well as my time).
__________________
http://fanficmaker.com <-- Tells some truly terrible tales.
-
Phones & Tricorders & Blobs & Bombs & 3D Printers & TVIntros also;stuff
Reply With Quote
  #2  
Old 2002-07-20, 13:35
Double-J's Avatar
Double-J Double-J is offline
Magic Ball Master
 
Join Date: Apr 2002
Posts: 14,979
Yep, I think (although keep in mind my net knowledge) you could stop them (I had the same problem) by using the server blockers in Outlook Express, and just had it delete the messages from the server before they even reached my computer.
Reply With Quote
  #3  
Old 2002-07-20, 14:26
Darkflame's Avatar
Darkflame Darkflame is offline
Classic
 
Join Date: Feb 2001
Location: Sol, Earth, NL
Posts: 22,496
Send a message via ICQ to Darkflame Send a message via AIM to Darkflame Send a message via MSN to Darkflame
no, thats useless, because they can just change there account by one letter, then start again.
90 odd-identical spams should be evidance to get the guy blocked from his email provider.
__________________
http://fanficmaker.com <-- Tells some truly terrible tales.
-
Phones & Tricorders & Blobs & Bombs & 3D Printers & TVIntros also;stuff
Reply With Quote
  #4  
Old 2002-07-20, 14:48
wacko's Avatar
wacko wacko is offline
Magic Ball Master
 
Join Date: Oct 2000
Posts: 9,426
Perhaps:

Received: from [213.86.40.70] by hotmail.com (3.2) with ESMTP id MHotMailBF0147D200934004319ED5562846F15296; Fri, 19 Jul 2002 05:08:29 -0700

Check if all emails had this same IP.



Problem is spam mails usually get sent through someone else's account.
Reply With Quote
  #5  
Old 2002-07-20, 15:58
Darkflame's Avatar
Darkflame Darkflame is offline
Classic
 
Join Date: Feb 2001
Location: Sol, Earth, NL
Posts: 22,496
Send a message via ICQ to Darkflame Send a message via AIM to Darkflame Send a message via MSN to Darkflame
Yes, there all 100% identical, all 90 of them...
(well...ok, I check 3 and they were the same).

Any idea how I would find out the emai providor from that?
__________________
http://fanficmaker.com <-- Tells some truly terrible tales.
-
Phones & Tricorders & Blobs & Bombs & 3D Printers & TVIntros also;stuff
Reply With Quote
  #6  
Old 2002-07-20, 16:13
wacko's Avatar
wacko wacko is offline
Magic Ball Master
 
Join Date: Oct 2000
Posts: 9,426
Code:
C:\>tracert 213.86.40.70

Tracing route to 213.86.40.70 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3    10 ms    19 ms    11 ms  AMS-IX.fe0-0-baby-natasha.AMS.router.COLT.net [193.148.15.101]
  4    12 ms    11 ms    11 ms  pos-3-1-wolfgang.AMS.router.COLT.NET [212.74.66.145]
  5    15 ms    10 ms    13 ms  pos3-0-gladys.AMS.router.COLT.NET [212.74.66.149]
  6    21 ms    18 ms    28 ms  pos4-6-roobarb.LON.router.COLT.NET [212.74.66.170]
  7    32 ms    20 ms    19 ms  pos2-0-homer.kjc.UK.COLT.NET [212.74.64.26]
  8    21 ms    21 ms    25 ms  p2-0.core-2.pct.lon.UK.COLT.NET [195.110.65.178]
  9    20 ms    21 ms    25 ms  v20-acc3-r2.PCT.UK.COLT.NET [212.161.120.71]
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *
You could try [email address]
Reply With Quote
  #7  
Old 2002-07-21, 13:22
Darkflame's Avatar
Darkflame Darkflame is offline
Classic
 
Join Date: Feb 2001
Location: Sol, Earth, NL
Posts: 22,496
Send a message via ICQ to Darkflame Send a message via AIM to Darkflame Send a message via MSN to Darkflame
Thanks Wacko, I would do that, but unfortunatly my mums deleted the emails
I think I would need screen-shot evidence to get the guy blocked.
Grr...I wish I took the screen straight away.
Still...if it happens again (and it might, its happened before), then I'll do that.
Good old tracert
__________________
http://fanficmaker.com <-- Tells some truly terrible tales.
-
Phones & Tricorders & Blobs & Bombs & 3D Printers & TVIntros also;stuff
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Should the Talk about Spam and such finally stop? Atresica The site and forum 25 2003-05-04 18:00
Email Adresses McKay Off topic 5 2002-10-21 17:50
Email To Adeline... Evil-Twinsen General 57 2002-10-02 09:34
Spam Forum Lgr The site and forum 16 2002-04-30 23:52
Goodbye Evil-Twinsen Off topic 20 2000-12-18 23:12


All times are GMT +2. The time now is 03:56.


News Feed
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2021, the Magicball Network