Select Page

Spam and Email Headers (I/II)

Hey, is spam bogging you down? Is it clogging your Inbox? Has it become a nuisance in your day to day life? Deleting them is an easy way out, but if you want to really fight spam then read on…

Wouldn’t be great if you could stop spam? To do that, it is always best to get to the root cause of a problem. In this case, spam can be stopped if you shoot a complaint to the Internet Service Provider (ISP) or the DataCentre from where this spam originated. Nowadays, most ISP’s have a “zero tolerance” policy against spammers. As per their policy, they can delete the spammers account, make them pay hefty fine or even send them to jail! Yet, we are to blame to, a majority of this spam goes unreported. Spamcop does this service for free, all they need is for you to report these spam mails to them and they will send a complaint to the abuse department of the spammer’s ISP. Are you curious as to how that happens? How do people like Spamcop know which ISPs are responsible? The answer lies in the “email headers”. When a email is sent by you to someone or vice-versa, it travels through the internet, stopping and turning at many points to reach the destination. At each point some information is added to the email, which is mostly invisible to the untrained eye. These bits of information are invaluable in finding the source of an email. These bits of information added at each “turn”, are called “Email Headers”.

The short way to identify spammers:
1. Check the email headers.
2. Find the spammers IP address.
3. Find the (Internet service provider) ISP or the DataCentre associated with IP address.
4. Send a complaint to the abuse department of the ISP or DataCentre.

I’m sure you’ve got a hundred questions running through your mind right now. You may already have seen these “email headers”, but not quite sure what to make of them. Don’t sweat! I’m dedicating a couple of posts just to help clear the mystery behind these fabled “email headers”. In the rest of this post I’ll talk about how you can get the email headers of a mail, the procedure for reporting an IP address that appears to be the source spam, and just for good measure, some tips on how to safely use your email address on the internet.

How do I see the email headers?

There are different ways to check email headers in email clients, here is a list by spamcop.net. This list is quite comprehensive, but if your email client is not listed there, a quick search on the internet or your email clients documentation should get you what you need.

How do I find the spammers IP address?

Ah, this is what this article is all about, but I’ll be delving into the details of that in my next post. For now, just know that after analyzing the email headers, we will get either the hostname or IP address of the server from where the mail was sent. To convert a hostname to an IP address, we use the “host” command on Linux and “nslookup” on Windows.
For example:
On Linux:
$ host bogus123.com
google.com has address xx.104.7.99
google.com has address xx.104.7.104

On Windows:
C:Documents and Settingsvickykarmakar>nslookup bogus123.com
Server: ed-002-sfo.abc.com
Address: 192.168.1.9

Non-authoritative answer:
Name: google.com
Addresses: xx.104.7.99, xx.104.7.104

 

Now we have found the IP address from the corresponding hostname. With this IP address, we will search for the ISP or DC to whom this IP address belongs.

How do I find the concerned ISP or the DC?

Have you heard about the term “whois”? It is a protocol by which we can determine the registrar of the domain name or IP address.

On linux, you can try the “whois” command as follows.
$whois xxx.110.110.110

Unfortunately there is no such utility present on windows. You can use this site to get the whois information about the IP address. Then check for the word “abuse” in their. There will be a email address to which abuse complains concerning the IP address can be sent.

It will look something like this.
—————————-
remarks: * For abuse/spam related to this IP address block,
remarks: * please send email to: abuse@link.abc.in

—————————-

Voila! now that you have these deails, just shoot a complaint over to them. If everybody is vigilant enough against spamming, we can surely fight this menace.

 

Prevention is better than cure.

Here are some tips, to help stop your email address from getting bombarded with spam:
1. Never reply to mails which you consider as spam. If you reply, the spammer will be assured that your mail account is an active one and will send you more mails(read: spam).
2. Never click any link or download any attachment from a spam email. These can be malicious objects to infect your system.
3. Have your antivirus, web browser and OS always updated. They are often patched up for known security vulnerabilities.
4. Always have more than one email id’s, use one of them only to register on public websites such as social networking sites, forums, newsletters and other for professional use.
5. Do not use your email id as john@example.com instead use john_@_example_dot_com. This way the crawlers on internet would not be able to scan and store your email id.
6. Be informed about spam. Do not accept it. Complain to the concerned authorities. Laws are getting stricter, it is time we fight back this menace.

Though the procedure lined above to identify the spammer can be done using tolls on a website like spamcop.net, isn’t it always better to know what happens under the hood ? That’s what I’ll be covering in the next part of my post, analyzing email headers. Check back next week!


Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES