Since my counter spammerism journey, which I started at the end of March, I have managed to find many look-up tools to uncover mail servers, name servers, domain registrars, IP addresses and much more. This has allowed me to email directly to the owners of the mail or domain servers and report the abuse.

This has had very mixed results, I have to say, some will engage and get back to you and others you just don't hear anything from. It hasn't deterred me though, I knew I would learn more about spam and how it is constructed, the types of offenders and how the internet is basically flawed. Anyone who is persuaded to invest into Bitcoin derivatives I wish them luck. I can't imagine anything worse then having my money tied up in the flawed internet. Blockchain or not, how can you possible believe that when the Internet is basically flawed you would secure your hard-earned cash inside of it.

Anyway back to reporting tools. Sending direct emails to abuse@ email addresses is not really delivering the kind of results I was hoping for and then on top of that, there's one specific type of email that is, for me at least, impossible to identify its origin, mail or domain. This type of email are usually the ones that suggest that there's a bucket load of money waiting to be claimed by you, you know the ones, I should be a triple billionaire by now and of course I am not!

They use Google's gmail (supposed to be the best to stop spam, but obviously NOT) and are super experienced at masking it. The IP address usually 209.85.210.67 leads to hostname mail-ot1-f67.google.com and this belongs ISP Google, Data Center/Web Hosting/Transit, based in the lovely Mountain View, California, USA.

Yeah, that's SO very frustrating indeed.

To begin with I was reporting the IP via https://www.abuseipdb.com and initially it was feeling quite good that I could go somewhere and report it, but to be honest the feeling just left me after a few weeks of doing this. It's an excellent research tool though but not the best reporting tool I have found, it just records the incidents.

If you follow https://www.abuseipdb.com/check/209.85.210.67 you will see that the IP address has been reported 88 times and has a 48% confidence of Abuse.

In one specific email the received from string says;

X-Received: by 2002:a9d:8cc:: with SMTP id 70mr23048113otf.328.1633997682038

So I decided to look this up and someone else on the internet also posted a similar string on a forum https://forum.spamcop.net and investigated further.

I learned SpamCop is actually a reporting tool of spam.

So let's examine that specific money promise email I received quite recently, as shown above.

The best thing to do is view the 'raw source' of the email. I am an Apple Mac mail user so, it's quite simple, whilst the email is selected go to the top menu, click view>message>raw source, to view the message raw source.

If you wish to do this for other email systems, I found this handy article for you, https://support.cordial.com/hc/en-us/articles/115002678852-How-do-I-view-and-forward-the-original-message-HTML-in-an-email-Inbox-

So the raw source for the email in question is shown below;

Once I set up my account with SpamCop, it allows me to paste the complete raw source data in a text box and after a few seconds it reads the data and identifies the appropriate mail server, domain registrant and reports the abuse for me. I just check the data, make sure that my email address has been removed, which it automatically does and report the spam email.

It also keeps a record of all my reports, which is super handy.

You can see there are many in my list already that belong to Google, well done Sundar. I will of course send him a link to this blog post for his reading, haha!

So there you have it, I now have a great reporting tool - SpamCop.net, which is now owned by Cisco Systems. They basically parse the data from the raw source and identify the offender and send them an abuse email on my behalf.

"Explainer: Parsing, syntax analysis, or syntactic analysis is the process of analysing a string of symbols, either in natural language, computer languages or data structures, conforming to the rules of a formal grammar. The term parsing comes from Latin pars, meaning part."

Happy spam reporting!

If you’ve enjoyed this post and would like to support my writing feel free to buy me a coffee. 👇

Further reading:
https://www.stayingaliveuk.com/blog/2021/10/spam-report-3-case-study-profiling-abl-business-ltd