Catty1
05-18-2010, 09:12 PM
http://ws.arin.net/whois/
I am posting this separately from the other spammer thread to call attention to one solution. It takes a while the first few times, but becomes easier very quickly.
1. Display full headers on the spam email (each email program has a slightly different way; check the email Help menu to find out how).
2. Look through the headers for the last "from" that is followed by an IP number. For example, here are all the headers from a Freecycle email I got:
Delivered-To: [email protected]
Received: by 10.100.253.17 with SMTP id a17cs38874ani;
Tue, 18 May 2010 11:44:20 -0700 (PDT)
Received: by 10.141.214.38 with SMTP id r38mr5408495rvq.258.1274208259170;
Tue, 18 May 2010 11:44:19 -0700 (PDT)
Return-Path: <sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com>
Received: from n37d.bullet.mail.sp1.yahoo.com (n37d.bullet.mail.sp1.yahoo.com [66.163.168.191])
by mx.google.com with SMTP id c13si594467rvf.56.2010.05.18.11.44.17;
Tue, 18 May 2010 11:44:18 -0700 (PDT)
Received-SPF: pass (google.com: manual fallback record for domain of sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com designates 66.163.168.191 as permitted sender) client-ip=66.163.168.191;
Authentication-Results: mx.google.com; spf=pass (google.com: manual fallback record for domain of sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com designates 66.163.168.191 as permitted sender) smtp.mail=sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com; dkim=pass [email protected]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoogroups.ca; s=delta; t=1274208245; bh=yAiefkUeMky27LM0pSWzqbyiXQhA3dsrho+LegCqbXU=; h=Received:Received:X-Yahoo-Newman-Id:MIME-Version:Message-ID:Mailing-List:Delivered-To:List-Id:Precedence:List-Unsubscribe:Date:From:To:Subject:X-Yahoo-Newman-Property:Reply-To:Content-Type:Content-Transfer-Encoding; b=bhkF6V24jIdjl1TmxSThRGGxyszrJZ1KSB2Dam/lsv61kupXyS1V/Oyxqzb/1qLttcuA1Mu3U4MOZcnHkMvLoYjEo9uHagTz7/LPztWPDHXMIvUFCRFydNP8mKd8KKmG
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=delta; d=yahoogroups.ca;
b=pMvsesJofz0fbPou15weRBkKwE54kRCkRkHQ0hI090vetoLO 1Ul7m1B+UaCp2quN49qIEUn4pomkItFms56PXGuqQbjZfsW6xo z+YRL/oBrwuTfrt0Ic7kzzLx4tgNn1;
Received: from [69.147.65.148] by n37.bullet.mail.sp1.yahoo.com with NNFMP; 18 May 2010 18:44:05 -0000
Received: from [66.196.94.61] by t11.bullet.mail.sp1.yahoo.com with NNFMP; 18 May 2010 18:44:05 -0000
X-Yahoo-Newman-Id: 12109348-d13274
MIME-Version: 1.0
Message-ID: <[email protected]>
Mailing-List: list [email protected]; contact [email protected]
Delivered-To: mailing list [email protected]
List-Id: <freecyclecalgary.yahoogroups.ca>
Precedence: bulk
List-Unsubscribe: <mailto:[email protected]>
Date: 18 May 2010 18:44:04 -0000
From: [email protected]
To: [email protected]
Subject: [freecyclecalgary] Digest Number 13274
X-Yahoo-Newman-Property: groups-digest-ff-m
Reply-To: "No Reply"<[email protected]>
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
The last "from" in this list is: Received: from [66.196.94.61] Highlight and copy the number minus the brackets.
2. Open another browser tab or window, and go to: http://ws.arin.net/whois/
3. In the space next to "submit query", click and paste the number, then click on "Submit Query".
In the case of this sample number, ARIN shows the following result:
http://ws.arin.net/whois/?queryinput=66.196.94.61
4. MOST results will show an email address next to the heading "Abuse" or etc. They are clearly seen in this example.
NOW...second section:
1. Go to your spam email, and click on Forward. Make sure the headers are there. Sometimes you have to copy them from the spam email, and then paste them on the top after you click Forward.
2. Go back to the ARIN page; copy the abuse email address and paste it into the address bar of your Forward email.
3. Click Send.:)
NOTE: If the spam came from outside the US or Canada, ARIN will redirect you to the proper area. For example, this ARIN page gives the URL for APNIC, the Asia-Pacific WHOIS: http://ws.arin.net/whois/?queryinput=203.30.98.140
There are a number of different WHOIS servers; here are a few:
ARIN (American region)
APNIC (Asia Oceania Region)
RIPE (Europe and Middle East)
AFRINIC (African Region)
LACNIC (Latin America and Caribbean Region)
It seems like quite a process, but will make a dent if you stick with it. Bookmark any that ARIN redirects you to.
And a long list here
I am posting this separately from the other spammer thread to call attention to one solution. It takes a while the first few times, but becomes easier very quickly.
1. Display full headers on the spam email (each email program has a slightly different way; check the email Help menu to find out how).
2. Look through the headers for the last "from" that is followed by an IP number. For example, here are all the headers from a Freecycle email I got:
Delivered-To: [email protected]
Received: by 10.100.253.17 with SMTP id a17cs38874ani;
Tue, 18 May 2010 11:44:20 -0700 (PDT)
Received: by 10.141.214.38 with SMTP id r38mr5408495rvq.258.1274208259170;
Tue, 18 May 2010 11:44:19 -0700 (PDT)
Return-Path: <sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com>
Received: from n37d.bullet.mail.sp1.yahoo.com (n37d.bullet.mail.sp1.yahoo.com [66.163.168.191])
by mx.google.com with SMTP id c13si594467rvf.56.2010.05.18.11.44.17;
Tue, 18 May 2010 11:44:18 -0700 (PDT)
Received-SPF: pass (google.com: manual fallback record for domain of sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com designates 66.163.168.191 as permitted sender) client-ip=66.163.168.191;
Authentication-Results: mx.google.com; spf=pass (google.com: manual fallback record for domain of sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com designates 66.163.168.191 as permitted sender) smtp.mail=sentto-12109348-13274-1274208244-candace.carnie=gmail.com@returns.groups.yahoo.com; dkim=pass [email protected]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoogroups.ca; s=delta; t=1274208245; bh=yAiefkUeMky27LM0pSWzqbyiXQhA3dsrho+LegCqbXU=; h=Received:Received:X-Yahoo-Newman-Id:MIME-Version:Message-ID:Mailing-List:Delivered-To:List-Id:Precedence:List-Unsubscribe:Date:From:To:Subject:X-Yahoo-Newman-Property:Reply-To:Content-Type:Content-Transfer-Encoding; b=bhkF6V24jIdjl1TmxSThRGGxyszrJZ1KSB2Dam/lsv61kupXyS1V/Oyxqzb/1qLttcuA1Mu3U4MOZcnHkMvLoYjEo9uHagTz7/LPztWPDHXMIvUFCRFydNP8mKd8KKmG
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=delta; d=yahoogroups.ca;
b=pMvsesJofz0fbPou15weRBkKwE54kRCkRkHQ0hI090vetoLO 1Ul7m1B+UaCp2quN49qIEUn4pomkItFms56PXGuqQbjZfsW6xo z+YRL/oBrwuTfrt0Ic7kzzLx4tgNn1;
Received: from [69.147.65.148] by n37.bullet.mail.sp1.yahoo.com with NNFMP; 18 May 2010 18:44:05 -0000
Received: from [66.196.94.61] by t11.bullet.mail.sp1.yahoo.com with NNFMP; 18 May 2010 18:44:05 -0000
X-Yahoo-Newman-Id: 12109348-d13274
MIME-Version: 1.0
Message-ID: <[email protected]>
Mailing-List: list [email protected]; contact [email protected]
Delivered-To: mailing list [email protected]
List-Id: <freecyclecalgary.yahoogroups.ca>
Precedence: bulk
List-Unsubscribe: <mailto:[email protected]>
Date: 18 May 2010 18:44:04 -0000
From: [email protected]
To: [email protected]
Subject: [freecyclecalgary] Digest Number 13274
X-Yahoo-Newman-Property: groups-digest-ff-m
Reply-To: "No Reply"<[email protected]>
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
The last "from" in this list is: Received: from [66.196.94.61] Highlight and copy the number minus the brackets.
2. Open another browser tab or window, and go to: http://ws.arin.net/whois/
3. In the space next to "submit query", click and paste the number, then click on "Submit Query".
In the case of this sample number, ARIN shows the following result:
http://ws.arin.net/whois/?queryinput=66.196.94.61
4. MOST results will show an email address next to the heading "Abuse" or etc. They are clearly seen in this example.
NOW...second section:
1. Go to your spam email, and click on Forward. Make sure the headers are there. Sometimes you have to copy them from the spam email, and then paste them on the top after you click Forward.
2. Go back to the ARIN page; copy the abuse email address and paste it into the address bar of your Forward email.
3. Click Send.:)
NOTE: If the spam came from outside the US or Canada, ARIN will redirect you to the proper area. For example, this ARIN page gives the URL for APNIC, the Asia-Pacific WHOIS: http://ws.arin.net/whois/?queryinput=203.30.98.140
There are a number of different WHOIS servers; here are a few:
ARIN (American region)
APNIC (Asia Oceania Region)
RIPE (Europe and Middle East)
AFRINIC (African Region)
LACNIC (Latin America and Caribbean Region)
It seems like quite a process, but will make a dent if you stick with it. Bookmark any that ARIN redirects you to.
And a long list here