Help stop the Joe Job that is sending spam

1. In your email program, enable viewing of Headers.

Example:

(Replace with the header below with one of the bounces you have received. The IP address has been replaced with xxx.xxx.xxx.xx in the example below.)

Received: from adsl-xxx-xx-xx.bgk.bellsouth.net [xx.xxx.xxx.xx] by example.com (SMTPD32-8.00) id AD587D1017C; Wed, 04 Jun 2003 16:58:00 -0400 Message-ID: <2003063883.31625.qmail@example.com> Date: Wed, 4 Jun 2003 13:59:48 -0700 From: "sender" Subject: Daily news from your Website To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-RCPT-TO: Status: U X-UIDL: 352928421

The only part of these headers that you CANNOT forge is the Received: lines.

Notice that this message was from xx.xxx.xxx.xx, which is a BellSouth IP address. (All IP addresses are assigned to companies/countries.)

I again emphasize: the sender's EMAIL ADDRESS is SPOOFED. This is where the attacker wants you to believe the mail is coming from -- but it is NOT. The sender's email address is worthless.

2. Go to SpamCop, paste the header into their Website, and hit Interrogate. SpamCop will look up who owns the IP, and tell you who to send Abuse Reports to. On the next page, you will be able to send the correct party an Abuse Report. In your message, include the entire email you received, as well as a message, such as:

"I am receiving spoofed messages from the server addressed in the headers of this email. Please shut down this server immediately, or close the relays on the box. You are hosting a machine that is spamming and may be held liable if you refuse to correct this issue."