Busting Spam
The process can be time-consuming and confusing, and clever spammers can play a lot of tricks to conceal their identities. But there are several places for a spam hunter to look for clues in the e-mail header. Here are some of them:
*
X marks the spot: The first place to look for a domain name is the X-Sender line.
Digging deeper: In addition--or if there is no X-sender line--look for the final Received: line.
By the numbers: The final Received: line may have a number, which is the Internet protocol (IP) number.
*
Now what?
Find out who owns the domain names you found in the X-Sender and final Received: lines--as well as that IP number--in the database at InterNIC, the organization that registers Internet domain names. Go to https://rs.internic.net/cgi-bin/whois.
This search should yield the name and contact information for the owners. It should also list their domain servers--typically the Internet service providers (ISPs) or Web hosting systems. You can find their contact information with another simple search, but all of this information will be accurate only if the spammer reported truthfully to InterNIC.
You can also search for the IP number’s owner at The American Registry for Internet Numbers, or ARIN, at https://whois.arin.net/whois/arinwhois.html
Another way to find the ISP is through Traceroute, which can trace the Internet path from one computer to another. Go to https://www.ixa.net/cgi-bin/trace and type in the IP number that goes with the domain name server listed by InterNIC. The ISP is most likely the second-to-last item on the output list.
