How To Determine The Origin Of Spam? - We check if...
(Page 6 of 7 )
We check if the next (and last in this case) mail server in the chain confirms the state of the first Received: line. In the second Received: field we have: Received: from unknown (HELO 126.96.36.199) (188.8.131.52) by mail1.myserver.xx with SMTP; 7 Nov 2006 10:54:16 -0000.
mail1.myserver.xx is our server and we can trust it. It received the message from an "unknown" host, which says it has the IP address 184.108.40.206. Yes, this confirms what the previous Received: line says.
Now letís find out where our mail server got the message from. For this purpose, we look at the IP address in brackets before the server name mail1.myserver.xx. It is 220.127.116.11. This is the IP address the connection was established from, and it is not 18.104.22.168. The spam message originates from 22.214.171.124. Itís important to note that itís not necessarily that the spammer is sitting at the computer 126.96.36.199 and sending spam over the world. It may happen the computerís owner doesnít even suspect of being sending spam.
More How To Articles
More By Jase Dow