tracking scammers by IP number - OT

Thu Dec 28 16:14:58 UTC 2006

Hi Jeff,
This isn't spam: these people follow a standard procedure that involves
building the trust of receiver, sending photos & then love letters (emails I
mean) before finally confessing that the Russian currency is so weak that
they'll need to borrow money for a Tourist Visa & airfare. Unfortunately, a
lot of people actually go as far as sending this money. If it's legal to
send these emails then there's some serious problems with our justice
systems. And apologies to the US subscribers on this list: I'm not
suggesting it's a US phenomenon; it's just that in this particular case the
sender appears to be in the US.

Regarding the other point you made--perhaps someone else can clarify--but my
understanding was that the following line which can't be forged forged:

Received: from unknown (HELO 127.0.0.1) (drobotnat at 69.143.102.104 with
plain) by smtp111.plus.mail.re2.yahoo.com with SMTP; 28 Dec 2006 14:06:19
-0000

and that 69.143.102.104 was the originating IP number of a server that
passed the mail into Yahoo's system? Admittedly, I don't know a lot about
Yahoo.

Thanks,
Alex

On 12/28/06, Jeff Lightner <jlightner at water.com> wrote:
>
> I live in the US (and NO, I'm not Natalya).  You'd be hard pressed to
> get someone put in jail even under existing spam laws and for fraud
> you'd have to prove they had financially benefited from it.  Has Oz had
> more success in imprisoning/fining spammers?
>
> Also given that Yahoo is a US company I don't know that mail coming from
> a yahoo address wouldn't always come from a US server regardless of the
> sender's original login.  I regularly correspond with a German woman
> living in France that originally got her hotmail account while living in
> the U.S.  I've never checked to see where her email appears to have come
> from but wouldn't be surprised if it was a US server given hotmail is a
> M$ service.
>
> Anyway my own Yahoo mail account gets a fair amount of spam though the
> majority is blocked.  Yahoo itself allows for a fair amount of anonymity
> so I seldom trust email accounts that end in yahoo.com as being anything
> real until I've chatted on line with the person a fair amount and even
> then I make sure not to provide much information.
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Alexander Harvey
> Sent: Thursday, December 28, 2006 9:53 AM
> To: bind-users at isc.org
> Subject: tracking scammers by IP number
>
> Hi Bind Users.
> I am wondering if anyone on this list can advise me on a little personal
> project I'm working on at the moment:
>
> Over the years I have been contacted by people who have responded to my
> profile on various internet dating sites pretending to be beautiful
> Russian
> princesses trying desperately to flee their lives of hardship in Russia
> into
> a wholesome marriage in a first-world country such as Australia, where I
> happen to live.
>
> For the last few days I have been corresponding with a person who calls
> him/herself 'Natalya,' uses a yahoo email address, claims to be in Omsk,
> Russia, but whose email headers show in fact his/her messages are coming
> from various servers in the US.
>
> My question is this: beyond collecting IP numbers for my own curiosity &
> watching on a map the various originating locations of these messages,
> what
> can I do to have these people actually put into a lovely US prison?
>
> The originating headers always look something like this:
>
> Received: from unknown (HELO 127.0.0.1) ( drobotnat at 69.143.102.104 with
> plain)
> by smtp111.plus.mail.re2.yahoo.com with SMTP; 28 Dec 2006 14:06:19
> -0000
> X-YMail-OSG:
> xAeutlYVM1nrbM0hGg4nL0YSueszX7_Q5Pqnsg_L6tjr0BNPAyFXUjqTe4vcHI83LdQ6umEz
> 0GZPbbqtCrwy93cVsZUh3m5QKT4HrZYUflT5YI5WzW2ifg--
> Date: Thu, 28 Dec 2006 16:41:43 +0300
> From: Natalya < drobotnat at yahoo.com>
> X-Mailer: The Bat! (v2.00.6)
> Reply-To: Natalya <drobotnat at yahoo.com>
> Organization: home
> X-Priority: 3 (Normal)
> Message-ID: < 1567629203.20061228164143 at yahoo.com>
> To: "Alexander Harvey" <alexh19740110 at gmail.com>
>
> Many thanks,
>
> Alex Harvey
> UNIX Administrator
>
>
>
>