Shutting down scammers

I want to begin sending notices to the servers through which my spam/scam emails come. How do I do that? Here’s a full header of a recent U.K. lottery scam email. What info do I need and where do I send a notice? Then the other suggestion was to publish the email address that they use so the web crawlers will nab them up. I’m wondering where’s the best place to make their email addresses public.

Thanks,
Bruce

From BRITISH LOTTERY INTERNATIONAL BRITISH LOTTERY INTERNATIONAL Mon Jul 11 02:36:47 2005
X-Apparently-To: yoopers98(nospam)@yahoo.com via 206.190.48.193; Mon, 11 Jul 2005 02:44:55 -0700

X-Originating-IP: [192.118.71.128]

Return-Path: <ukpromo2005@walla.com>

Authentication-Results: mta181.mail.dcn.yahoo.com from=walla.com; domainkeys=neutral (no sig)

Received: from 192.118.71.128 (EHLO omail8.walla.co.il) (192.118.71.128) by mta181.mail.dcn.yahoo.com with SMTP; Mon, 11 Jul 2005 02:44:55 -0700

Received: from omail8.walla.co.il (omail8.walla.co.il [127.0.0.1]) by omail8.walla.co.il (8.13.1/8.13.1) with ESMTP id j6B9b1IF010463; Mon, 11 Jul 2005 12:37:01 +0300

Received: (from informix@localhost) by omail8.walla.co.il (8.13.1/8.13.1/Submit) id j6B9alkO010251; Mon, 11 Jul 2005 12:36:47 +0300

Date: Mon, 11 Jul 2005 12:36:47 +0300

Received: from ([213.187.136.35]) by omail8.walla.co.il ([192.118.71.128]) with HTTP; Mon, 11 Jul 2005 12:36:47 +0300

From: “BRITISH LOTTERY INTERNATIONAL BRITISH LOTTERY INTERNATIONAL” <ukpromo2005@walla.com> Add to Address Book

X-Sender: ukpromo2005@walla.com

X-Originating-Email: [ukpromo2005@walla.com]

X-Originating-IP: [213.187.136.35]

Bcc:

Subject: CONGRATULATIONS YOU HAVE WON!!!

Message-Id: <1121074607.344000-3387440-10108@walla.com>

MIME-Version: 1.0

Content-Type: multipart/mixed; boundary="------=_EREZ_P_WallaMail_35935_2166_P_0"

Content-Length: 2472

Very slippery target.

They might ultimately be based anywhere in the world, and just using a temporary ip address as a pass through. They can put up a new “front” ip address as fast as you can shut an old one down.

I’m fatalistic about it. I see it like junk mail in my “snailmail” box. It’s just more litter, only in this case it’s electronic litter, so you can’t even use it to line the catbox.

So it would be a work in futility…

I sent a copy of the scam email with full header to abuse@walla.com, info@walla.com, and service@walla.com

But I’m thinking along the same lines, that if we shut down their email through one server, there is an endless supply of servers for them to use. So, perhaps, what’s the use?

B

Re: Shutting down scammers

Or others will be thankfull to have another list of potential recipients, as mail-from headers are by rule always forged address of innocent victoms.

If you really like to know the ins and outs of fighting spam, buy a domain, and start hosting a mail server.
Figthing spam is not that difficult… you only need to motivate each internet user with an e-mail address to have very tight SPF records.

SPF records are TXT records in your domain’s it’s DNS, that declerate in very compact syntax from where email@your-domain.com may be sent from. If it is sent via other MTA’s it would be rejected by remote servers.

All serious companies that care about their identity do use it, paypal.com, ebay.com, mit.edu, microsoft.com, apple.com, freebsd.org, hotmail.com, bankofamerica.com, and I just discovered recently even unicycle.com
But if everybody would use it, it would work much better.

srv18.ams1.unicycle.net # host -t txt unicycle.com
unicycle.com text "v=spf1 a mx/24 ip4:216.119.112.158 ?all"
srv18.ams1.unicycle.net # host -t txt unicycle.net
unicycle.net text "v=spf1 a mx ip4:81.23.248.71/28 include:spf-vhosts.unicycle.net ~all"
srv18.ams1.unicycle.net # host -t txt spf-vhosts.unicycle.net
spf-vhosts.unicycle.net text "v=spf1 a mx ip4:81.173.6.0/24 ~all"

So as for all internet security…
people do want the benefits, but don’t want to spent any time on it. Just like the real world, where the words ‘secure’ and ‘safity’ are the best marketing (and nothing more than just words).

But there’s even a more effective method to shut down spammers.