Help With Spam:
input from various sources 
<><><><>


http://metalab.unc.edu/london/help-with-spam.txt (this document)
<><><>

#> How does one go about identifying a rogue ISP's upstream provider?

#> Is there a utility that allows you to determine
#> the route between two external machines?

<><><>

There are analysis tools at:

http://www.spamcop.net

Other helpful sites include:

http://samspade.org 

Software is free, but requires linux:
http://www-personal.wccnet.org/~frisco/code/veganizer/

<><><>

#Depending on how the mail was routed, you can find upstream servers by
#looking at the e-mail headers (look carefully at the "Received:" headers
#in a message).  This only gives you the servers that the mail stops off

There's also a handy utility avilable from http://www.jriver.com/ called
Network Toolbox.  It has a 30-day trial period, and after that you have to
register it for $20, but IMO it's $20 well spent.

It contains WHOIS, Traceroute, Ping.  
The headers of a spam look like....  
*gets out a spam she was sent yesterday morning*

Return-Path: <mxwwwnow@aol.com>
Received: from aol.com (ABDA0FF9.ipt.aol.com [171.218.15.249])
        by pagesz.net (8.8.7/8.8.7) with SMTP id FAA14711
        for <xxxxxxxxxxxx>; Wed, 20 Oct 1999 05:20:29 -0400
Message-ID: <20849.16204@aol.com>
From: "mxwwwnow@aol.com" <mxwwwnow@aol.com>
Reply-To: mxwwwnow@aol.com
Subject: NY/NJ Residents and Small Business Owners!
Date: Mon, 18 Oct 1999 03:39:04 -0400 (EDT)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Status: RO

This is actually pretty straightforward.  The Received: part up top shows
that it came from AOL right to here.  However, you might get a spam that
has an IP address instead of a hostname shown in the headers.  For that,
you need traceroute *or* FWHOIS (example below).

If you have a UNIX shell account, typing fwhois <ip
address>@whois.arin.net will return who owns that IP block.  I believe
that, for those who are UNIX-unaware, http://whois.arin.net/ will also
have the FWHOIS utility.

<><><>


>>I belive NC passed such a statute
>>as has Virgina and a number of others.

>IIRC, the NC spam law makes spam actionable only by the ISP if the spam
>causes problems for them.  Useless from the perspective of the end user
>whose mailbox is flooded.

>I know Washington, California, and Texas also have anti-spam laws.  I
>believe in these states the individual recipients of the spam are able to
>bring civil action against the spammer.

<><><><><>

Spam basically can't be prevented
but you can nail the spammer after the fact.  If you want to know
a do-it-yourself guide, check out www.sputum.com.  They have lots
of info on busting Usenet spammers.

<><><><><>