Suppose, just suppose, that I get an e-mail spam that I find so damned ANNOYING that I really, really want to track down the sender and PHYSICALLY PUNISH him or her. Is it possible to do that? To back-trace an e-mail to its physical point of origin?
Yes, but you can’t. Government agencies and law enforcement can, because they can obtain court orders for ISPs to release their logs which relate IP address to a particular user account. Of course, even then, if the email was sent from a public computer, it may not be possible to trace it back to the actual sender.
I use free “Mail Washer”. I can bounce most spam back to the sender while the mail is still at my server, even before I download it. I never download any mail from an unknown.
First of all, note that mail headers are easily forged. Spammers throw in a bunch of extra forwarding info into the header. The sending machine is probably not the last on the list. An expert human can determine which machine in the header is probably the source.
But that may not do you any good. Many spammer organizations now use “zombie” machines. Ordinary user machines that have been infected by the spammers’ virus/worm. These machines relay the spammers’ email without anything in the header indicating a true source of origin.
So even if you found the exact home where the spam was mailed from and walk up to the door, you might find yourself face-to-face with a clueless AOL-type computer idjit. Even if the idjit allows you to scan his PC (fat chance) to find out where the commands to send spam came from, zombie machines can be chained, and you might have to go thru several such visits to find the source. In the process visiting such exotic places as India, Russia, Bulgaria, Brazil, etc.
Ahem. Now, as to olefin’s bouncing spam back to the source. Spammers love this. They send their spam to such a machine with a forged source address of the true target. It gets bounced to their target with the path now even further mangled. So bouncing email nowadays is Just Not Done unless the source is absolutely verified as legit. Yet another useful feature of the Internet shut down due to jerks.
Ahem…
Well, I’m NOT replying to the spam… it is being bounced back from my server.
Must work pretty good, after using Mail Washer for several months my spam was gone to almost nil. So spammers love this?
I was getting this email from a company selling prescription drugs without a prescription. They advertised valium, viagra, xanex, vicodin, among others. I visited there web site, clicked on contact us and told them to remove me from their distribution list. I then began to receive even more spam from them. So, then I contacted the district attorney’s office here. I never heard back from them. I just couldn’t believe they could sell this stuff without a prescription. To make a long story short, I emailed the FBI tip line. They emailed me back and told me what to do about spam. They never responded to my concern about getting the drugs without a prescription. I went back to the site and read thru all the fine print. They claim to be able to mail these drugs to you once they verify that you have a doctor. They claim to merely contact the doctor to verify that you have visited in the past year. I find it hard to believe this is actually legal. TMI. I emailed the drug company and told them I had contacted the FBI tip line and included a link. I haven’t heard from them since. The FBI said:
Dear jacksen9 (edited)
THIS IS NOT AN AUTOMATED RESPONSE
Thank you for your submission to the FBI Internet
Tip Line. If you have a specific complaint about
unsolicited commercial e-mail or spam, use the
form on the US Federal Trade Commission Web site,
located at
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01.
You can also forward spam directly to the FTC at
UCE@FTC.GOV without using the complaint form.
For your information, the Internet Tip Line (ITL)
was created on 9/11/01, in response to the
terrorist attacks upon America. We quickly
established a mechanism for the public to submit
information to the FBI via the Internet, and we
received our first tip at 10:31 AM that first day.
Director Mueller has since made the ITL a
permanent part of FBI operations, and we have thus
far received over 840,000 tips from around the
globe, from which thousands of leads have been
sent to FBI Field and Legal Attaché offices for
action.
Initially, almost 100% of the tips received were
related to the terrorist attacks; now,
approximately 45% of all tips received are related
to almost every other FBI criminal program, e.g.,
drug trafficking, organized crime, money
laundering, pyramid schemes, child pornography,
fugitives, bank robbery.
Our operation is completely automated and
paperless. Submitted tips are received
immediately, reviewed within minutes and
prioritized by trained Professional Support
personnel, and Agents set action leads within the
hour, as appropriate.
We encourage you to share this information with
your family, friends, and co-workers, and
encourage them to not hesitate to submit
information they may deem of interest to the FBI.
IMPORTANT - NOTE THE FOLLOWING:
The FBI does not maintain an email address to
submit information or attachments to directly;
therefore, please do not reply directly to this
message via your email client. The FBI maintains
an automated system that is designed to track all
information received, to ensure that all tips are
addressed in a timely and efficient manner.
Therefore, please visit the FBI.GOV Web site again
should you have occasion to submit additional
information. We WILL NOT open or respond to
“reply” email.
Hope this helps.
Are we up to triple “Ahems” now?
If you server is sending the email back with a header/subject about saying it’s bounced, etc., then you are doing a potentially bad thing. I.e., the bounce message could very well be going to the spammer’s target.
If your server is not accepting connections from a spammer’s machine, that’s different. No mail is actually bounced. No connection means no mail is sent at all.
If your server is just deleting the spam, then there is also no bounce.
So in 2 of the 3 situations, using the term “bounce” is inappropriate. In the third situation, there is a bounce and that is not generally a good idea.
My first “Ahem” stands.
From the MailWasher FAQ:
So you are replying, you’re simply doing so from the server rather than from your own account. This is a great way to avoid glurge - when Aunt Tillie sends you yet another useless forward you bounce it from the server so she thinks she no longer has a valid address for you. However, it’s completely ineffective for spam. More than being ineffective, it’s actually harmful. My own server has been DoS’d by spam replies and bounces when some scumbag spammer forged our address in their header, and your simulated bounces just contribute to inflicting harm on innocent bystanders.
Since MailWasher is just using the address in the header, replies and bounces are exactly the same thing as far as the recipient is concerned. If you could determine a valid address for the spammer, it might help convince them to quit. If you can’t, you’re just helping forward their offal to other people. That is, you’re part of the problem, not the solution.
Please ignore my previous post. I received another email from this company today. Oh well.
The buzz on one particular anti-spam list I’m on is that many of these prescription drug spams are simply fronts for information theft. They attempt to look legit, and take your order happily enough, but then have your name, address, credit card number, and any other personal information you gave them.
I suppose there are a good number of these prescription drug website that actually plan to try to send you the drugs, but I suspect that they are the minority.
Or it could be double-bouncing back to mailer-daemon or postmaster at your ISP. I haven’t tracked it down to a specific program (perhaps it’s mailwasher), but one of the spam bouncing programs doesn’t correctly set the return path on bounced mail to <> like it’s supposed to, so the bounce messages bounce back to the mail administrators. This is very annoying for those who have to monitor those mailboxes.
Of course, bounce messages to spam are no different than bounces to anywhere else. At least one very common mail daemon (qmail) is configured by default to accept delivery to any address within its domain, without ever checking to see that it exists. This leads to bouncing a lot of spam. If the message was accepted for delivery, though, and no bounce was generated when the delivery failed, this would break the standard. Bouncing spam isn’t a bad idea, it’s the rules. What mailwasher is doing, though, is breaking the rules by forging a bounce when delivery actually happened, and doing it badly.
I believe this does work to an extent, and worked better in the past. Spammers don’t want to waste time sending mail to addresses that don’t exist, so it was common for them to actually watch for bounces and remove the addresses from their database. Not all return addresses in spam are valid, though. Many are simply other addresses picked out of the same list as the recipient. While you are decreasing the number of lists you are on by impersonating the mail server and generating bounces, in some ways this is adding to the larger problem. Fewer spammers are trimming lists through bounces, due to programs like mailwasher, so it will be less effective as time goes on. Having mailwasher just delete messages instead of bounce them would be more responsible, but in the grand scheme of things it’s not really a big deal.
Look, spammers are evil and not entirely dim.
A spammer finds olefin’s server, realizes it’s bouncing rejected email and figures out that the server is using mailwasher. mailwasher cannot be perfect, no anti-spam program can be. The spammer asks a buddy on a spammer chat site how to forge a header so that it bounces an email to the intended recipient and not back to the spammer. One script later, and olefin’s server is basically an open relay.
In addition, The White Hats are informed, the server is put on spammer blacklists and now no email from the server gets accepted anywhere.
And this is a good thing because … ?
Was this a reply to me? If so, I never claimed programs like mailwasher are a good thing. I said it was annoying to the non-spammer recipients of the bounce messages, and irresponsible to boot. I’m not in favor of these programs, but they do reduce the spam in the user’s mailbox, even if it is in small part making the problem for others worse.
It’s true that spammers could try to take advantage of these bounce messages, but it would be a really inefficient way to get around blacklists. I’m sure that won’t stop some of them, but it will be a drop in the bucket compared to hijacked end-users running spam relay trojans, not to mention the ones who simply use real open relays or just ISP hop.
The developers of spam bouncing programs might be one step ahead of the bounce-as-relay issue, though. Many of the double-bounces I’ve seen from these programs are no longer including the entire message, but rather a simple error message, like MS Exchange uses by default. If the spammers can’t relay the message, they have no use for that method.
Even though bouncing spam is poor internet etiquette, it’s a small problem compared to the deluge of spam traversing the 'net right now. The problem micco had was made worse by programs like mailwasher, but I bet the majority of the bounces DoSing his server were from properly configured, standards compliant mail servers which queue a message without first checking if it can be delivered locally.
Bouncing spam is a temporary solution some people are trying to use to reduce the amount of spam in their inbox. It will be moderately effective at that until enough people do it to make it worth the spammers time to stop caring about bounces. The biggest reason that’s bad for the internet community is that once they have no incentive to care about bounces, they will use more forged return-path addresses.
The result is the same as you point out, but it will be the mail administrators that must deal with huge numbers of bounce messages that will suffer first.
OK guys, I’m not wanting to shut down the internet but Mailwasher bouncing has “seemed” to help reduce my spam. But I have always been extra careful with my “real” address, like never posting it, or using it for any online orders, I ask friends/family to use to use Bcc or remove me from their forwarding list. Of course there is some places that require a real address like Ebay. I never had any spam until I registered at Ebay?
:smack:
Not so much as a reply, nesta as just adding more info. Basically still addressing olefin’s posts.