Spam is no recent phenomena. It has existed ever since the rise of the internet and will continue to do so. A recent study from McAfee has pretty much summarized the seriousness of the problems which spam creates. Did you know that as a result of spam alone, 33 billion kilowatts-hours of electricity was wasted in 2008? And this only accounts for America. Imagine what the total would be with the whole world combined. Another statistic revealed that $3 billion worth of electrical energy is lost through spam. Why is this the case? At an individual level, a single spam email emits about 0.3 grams of Carbon Dioxide, a greenhouse gas. If you multiply that with the number of spam emails being sent around the net, an estimated 62 trillion spam emails, that turns the final value into around 17 million metric tons of Carbon Dioxide.
So what exactly is spam? Spam is a term for any unwanted or unsolicited junk emails you receive on your email service. There are many variations in spam emails. The most common ones are those which attempts to ‘sell’ you products such as viagra, asks for your personal information and claims which state you have won a lottery or award. Did you know that when McColo, a U.S.-based Web-hosting service that was responsible for much of the world’s spam, was shut down in 2008, the result was an annualized carbon dioxide savings equal to taking 2.2 million cars off the road? This shows that we can reduce the number of spamming effectively by taking actions against the ISP (Internet Service Providers) alone. Unfortunately, many of these victories are short lived as spammers are like weeds, they’ll migrate to another ISP and regrow their spam sending capacity once more. But what if the whole world took action? What if everyone was able to identify the origins of a spammer and rally against ISP to shut the spam accounts down? In reality, it is an utmost impossible task to encourage the 6 billion netizens to all take action at once but it is still an action worth taking as an individual. All it needs is one viable complaint and kabem! A small but significant percentage of spammers could be gone.
So how do you identify the origins of a spam email? Unfortunately, email services have evolved to a state which allows people to send spam using bogus email addresses. However, there are some ways to get around this and find the real identity of the user. Let me explain how.
Identifying the real source of the spam mail
Luckily for us, email headers can tell us a lot of something. Spammers maybe able to forge a bogus email but they may not realize their whereabouts could be identified, just from the header alone. Luckily for us, there are free website services which do all the analyzing for us. However before you start, you fist need the original HTML code of the email header. Many emails should give you the option to change it to HTML view. For Gmail, click the downward arrow button next to the reply button and click ‘Show Original’. Once you have the HTML code, copy it and go to the Spam Origin Locator website (Search Geobyte Spam Origin Locator on the search engine). Paste your HTML code into the text book and click submit. You should now have a table listing the origin of the spam email address!
Wait, you’re not done yet! You now need to identify the ISP of the IP address. How? You need to run a function called tracerroute. To open this, open run and type in ‘cmd’ to open the command window. Now type in ”tracert xxx.xxx.xxx.xx” (Xs being the ip address) which will run the tracer route. You should now be able to see the ISP of the ip address.
This is an example of what you might see.
traceroute to 126.96.36.199 (188.8.131.52), 30 hops max, 38 byte packets
1 hsrp2.cc04-wien.AT.eunet.at (184.108.40.206) 0.952 ms 0.820 ms 3.707 ms
2 r2-ge1-3-0-95-ixi1.vie.at.eu.net (220.127.116.11) 1.556 ms 1.473 ms 1.179 ms
3 so-2-2-0.vie20.ip.tiscali.net (18.104.22.168) 1.388 ms 1.733 ms 1.327 ms
4 so-7-0-0.ams10.ip.tiscali.net (22.214.171.124) 19.123 ms 19.428 ms 19.298 ms
5 he12.core.rtr.gxn.net (126.96.36.199) 27.890 ms 27.575 ms 28.196 ms
6 gb0-1-2-llb-x-many.HE23.core.rtr.gxn.net (188.8.131.52) 29.572 ms 28.312 ms 28.382 ms
7 p8-0-0.tn-cr12.cix.gxn.net (184.108.40.206) 32.931 ms 32.683 ms 32.312 ms
8 f2-0-97.tn-cr57.cix.gxn.net (220.127.116.11) 33.155 ms 34.170 ms 33.110 ms
9 g0-1-91.tn-hg11.cix.gxn.net (18.104.22.168) 34.354 ms 37.704 ms 34.311 ms
As you can see, trace route was able to identify more than one ISP. Which one is the origin? The final one, gxn.net. Great! Now you have found the ISP. All you need to do now is search up the website of the ISP you identified and submit an abuse report and hope for the best. You can try using the Network Abuse Clearinghouse for a better chance of getting your message through. Make sure to include the significant bits of the email header HTML code to give the ISP a better idea of the spammer!
Visit the main author’s website at http://www.hkactivity.com