PDA

View Full Version : Getting an IP via email?

Nookie
May 28th, 2005, 05:03 AM
-{ Quote: "Return-Path: <woolsen@teenmail.co.za>
Received: from mx2.messagingengine.com (mx2.internal [10.202.2.201])
by server3.messagingengine.com (Cyrus v2.3-alpha) with LMTPA;
Fri, 27 May 2005 18:17:41 -0400
X-Sieve: CMU Sieve 2.3
X-Resolved-to: xxxxxxxxxxxxxx
X-Delivered-to: xxxxxxxxxxxxxx
X-Mail-from: woolsen@teenmail.co.za
Received: from mail02.infosat.net (mailout06.infosat.net [66.18.69.6])
by mx2.messagingengine.com (Postfix) with ESMTP id E9E1386CB6D
for <xxxxxxxxxxxxxxxxxx>; Fri, 27 May 2005 18:17:40 -0400 (EDT)
Received: from [196.38.110.52] (HELO mail01.infosat.net)
by mail02.infosat.net (CommuniGate Pro SMTP 4.1.8)
with ESMTP id 256027496; Sat, 28 May 2005 00:17:37 +0200
Received: from [62.192.141.26] (account woolsen@teenmail.co.za)
by mail01.infosat.net (CommuniGate Pro WebUser 4.1.8)
with HTTP id 766711577; Sat, 28 May 2005 00:17:37 +0200
From: "woolsen james" <woolsen@teenmail.co.za>
Subject: INVESTMENT
X-Mailer: CommuniGate Pro WebUser Interface v.4.1.8
Date: Sat, 28 May 2005 00:17:37 +0200
Message-ID: <web-766711577@mail01.infosat.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
To: undisclosed-recipients:;" }-

Where is the spammers IP? Is it

Received: from [62.192.141.26] (account woolsen@teenmail.co.za)??
Jooske
May 28th, 2005, 08:41 AM
Hi there!
Get at the www.samspade.org the desktop download and have a shortcut to the program (after installing) on your desktop as you might use it frequently.
Open it, in Tools > parse paste that complete email source in it and let it do the stuff: samspade will give some info on the various items in the full header, in the basic info you will find abuse services, etc.
Have fun with it!
Paranoid2000
May 28th, 2005, 06:46 PM
Nookie,

62.192.141.26 is the original source of this email which is a German IP address (http://www.dnsstuff.com/tools/whois.ch?ip=62.192.141.26&cache=off&email=on) (only take note of the IP address - anything else can be faked by the spammer's software).

The easiest method of reporting this is to create an account at SpamCop (www.spamcop.net) - you can then paste your emails in and it will analyse them, identify the actual source plus the location of websites linked to in the email and forward complaints to the ISPs concerned. Even if the ISPs do nothing (certain Chinese and Korean ones being notorious for this), the IP address used will still be added to the SpamCop blocklist (if others complain also) which will result in further mails being dropped by ISPs using that list.