Reporting Spam. XDT.CO.UK

Reporting Spam

1. Examine the headers of the e-mail that you received. How you do this will depend on which e-mail client you use. The headers will look something like this: (all "@"s have been replaced by "_+_"s and "xxx" strings have been inserted to obfuscate e-mail addresses.)

Message-ID: <000f01c6b796$8b8da1c2$8625004a@ew.gbe>
From: "Bessie Swanson" 
To: 
Subject: underwrote pole
Date: Fri, 4 Aug 2006 03:12:07 -0400
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_000_000B_01C6B775.047C016A"

In this case the mail seems to have been sent by "wmcxb_+_xdt.co.uk" masquerading as "Bessie Swanson". These are both faked. Neither wmcxb_+_xdt.co.uk" nor "Bessie Swanson" had anything to do with sending the mail.

2. Find the last "Received:" line (i.e. the IP of the originator of the message) and extract the sender's IP address, "74.0.43.132" in this case.

3. Look up who owns that IP address by using a lookup tool such as Eye-net Consulting or one of the online whois services. Demon has a useful collection of Internet tools.

You will get an answer something like this:

IP Address/Network 74.0.43.132 ...

Registrant	Covad Communications Co. 2510 Zanker Rd.
Country	US
Network Address	74.0.0.0 - 74.1.255.255
NIC Handle	NET-74-0-0-0-1
Status	Direct Allocation
Tech Contact	ZC178-ARIN
Abuse (spam) Contact	CART-ARIN
DNS Servers	NS3.COVAD.COM NS4.COVAD.COM
Created	2005-12-20
Changed	2005-12-20

4. In this case those nice Covad Communications Co. people have provided an "Abuse (spam) Contact". Click on the "CART-ARIN" link and you will find out who to send an e-mail to notifying them of the source of the spam:

Name	Covad abuse reporting team
Handle	CART-ARIN
Address	Covad Communications 3420 Central Expressway
Country	US
Phone	+1-703-376-2830 (Office)
Email	abuse-isp@covad.com
Remarks	Report abuse issues to: abuse-isp@covad.com Abuse issues include reports of spam, scans, probes, attempted breakins, denial-of-service attacks and general AUP violations CALEA requests and subpoenas may be directed to: legal-sub-inf-req@covad.com
Created	2003-05-12
Changed	2003-06-16

In other cases an anti-spam/abuse address may not be provided so you will have to click on one of the other contacts (probably the "Tech Contact") to find an address to report to. If all else fails try "abuse@isp domain name"

5. Forward the spam e-mail that you received to the abuse reporting address with a covering note such as "I am receiving spoofed messages from the server addressed in the headers provided. Please shut down the server imemdiately or close the relays on the box."

You can find out more information about reporting spam and "Report Spam E-Mails" gives some more suggestions. Spam Cop allows you to paste spam messages and headers into their web site and will do the reporting for you. If your site is under serious threat then Coping with a Joe Job might be useful. Visualware has a very useful tutorial and a spam tracking tool and SamSpade has lots of useful online tools and a downloadable freeware tool suite for Windows^®.

Technical Support Tools and InternetFrog have some useful online tools including one that allows you to check that your IP address has no tbeen blacklisted. Web-max Tools has another one.

If you want more information or would like to give us some helpful feedback then please send e-mail to .

This will open your e-mail client to send the message. Please note that the "To:" address is a specially generated single use e-mail address. The e-mail will be delivered to XDT but the "To:" address will be immediately added to our recipient black list. Further e-mails to this address will be deleted without human intervention.

Thank you for your help and understanding.

Home.