Archived from groups: microsoft.public.windowsxp.general (
More info?)
"Frank" <bbunny@bqik.net> writes:
>FWIW---A lot of the things coming from China and Russia are originating
>from right here in Florida, USA
A surprising proportion of the internet fraud in the U.S. flushes out
of Florida. But some claim spam and internet fraud isn't the only
sort of fraud that Florida seems to specialize in.
Something you can try, if you wish, based on my decades of working
with spam.
The "From" has been forged by every spammer and virus on the net for
years, that tells you nothing, ignore it.
If you look at the headers of the message and in particular at the
topmost "Received" line you will sometimes see two different
domain names, sometimes only one, and sometimes just an ip address.
The first name on that line is also often forged, the second seems
to be less often forged. And the ip address is fortunately rarely
forged. You can use that ip address to look up the domain of the
last computer to relay that to you. You type the scrape the ip
address into your clipboard and choose the appropriate database:
For most of the U.S.
www.arin.net/whois/index.html
For most of South America
lacnic.net/en/index.html
For Brasil, always a popular spam/fraud source
registro.br/index.html
For most of Europe and eastern Europe
www.ripe.net/perl/whois/
For most of Asia
www.apnic.net
For most of Africa, an increasing source of fraud flushing
www.afrinic.net
With a little experience you will know from the first number
in the IP address which of these to use. Those will look up
the ip address and sometimes give you an abuse address you
can send the complete message to, minus any big binaries,
politely asking them to WHACK their little net vandal.
You can try similar things with Received lines further down
the list, but the first one that is forged means that it and
all the rest will be meaningless trash just trying to divert
attention from the real scum.
If the scum is using web pages you can report to them too,
spammers seem to dislike having their web pages cut off far
more than they dislike having their hijacked mail source
cut off. There are sources out there that will turn a domain
name into an ip address, search for "nslookup" and see what
you find.
You can also use
www.abuse.net/lookup.phtml
to often find an abuse email address for a domain name.
There are other ways of doing this, other people will perhaps
say that their way is much better than anybody else's way.
But you can with a little practice find a way you can use
to help report net scum.
It likely won't make spam and virus disappear from the world
but if you want to you can do your little part to help combat
fraud, spam and virus on the net
56572 SWEN virus email received and reported
>"Will" <Will@discussions.microsoft.com> wrote in message
>news:6F30396A-A71C-40AE-873B-01968AB3ACF6@microsoft.com...
>> Thanks for detail Malke. If I get something meaningful from Abuse I will
>> post
>> it here. For starters I'd like mail ISP/Outlook able to filter by Country
>> acceptable to me. Russia is not on my list. Aside from the damage it can
>> do
>> to users, if this garbage is slowing down the internet, then it is in
>> everyone's best interest for it to be fixed because it will otherwise only
>> get worse.
>> Logic says to solve problem at source rather than after; solution being
>> for
>> mailer (Outlook Etc.) to test uncertified code attachments on sender
>> computer
>> or on ISP server that can take the (S)hit.
>>
>> "Malke" wrote:
>>
>>> Will wrote:
>>>
>>> > For:
>>> > tompepper@mvps.invalid
>>> >
>>> > This does not answer question.
>>>
>>> Yes, it does. Your original post is a bit confusing, but sifting through
>>> the verbiage the only question asked is this one:
>>>
>>> >> | I wonder how else one should react to a similar situation;
>>> >> | isn't it best to report the "abuse" so that it can be followed
>>> >> | up on. I wonder if my ISP does that?
>>>
>>> >
>>> > "Tom Pepper Willett" wrote:
>>> >
>>> >> It was a virus laden email. Many viruses forge the return address,
>>> >> and there is nothing you can do about it.
>>>
>>> Mr. Willett's answer was correct. You can report the "abuse" if it makes
>>> you feel better, but it will probably do no good since many viruses
>>> spoof the "from" line. There is no way to know for sure that the
>>> "abuse" actually occurred by the supposed sender, either. You should
>>> just delete these sorts of emails which are very common, or set up
>>> filters in your email client to delete them.
>>>
>>> As for your last question, there is no way for any of us to know what
>>> your ISP (Eastlink in Canada?) does about abuse reports. Contact them
>>> and find out.
>>>
>>> What has most probably happened is:
>>>
>>> 1. You have a friend who has your email address in their computer's
>>> addressbook. This friend's computer is infected with a virus that sends
>>> copies of itself to all email addresses it finds on the infected
>>> computer. The virus may also spoof the "from" line. Now someone else in
>>> your friend's addressbook gets a virus-laden email with your name in
>>> the "from" line. This person now writes you an angry email but of
>>> course, it isn't your machine that's infected at all but your friend's.
>>>
>>> 2. And/or your machine is infected with a virus that is doing this.
>>>
>>> 3. And/or you signed up for something, used your real unmunged email
>>> address somewhere, or otherwise got your email address harvested.
>>>
>>> If you still think your question was not answered, then please post back
>>> with a better description of what you need to know.
>>>
>>> Malke
>>> --
>>> Elephant Boy Computers
>>> www.elephantboycomputers.com
>>> "Don't Panic!"
>>> MS-MVP Windows - Shell/User
>>>
Facebook
Twitter
Instagram