Tracking Down Scam email Details using Source of email, from Outlook

  • Thread starter Thread starter WWGD
  • Start date Start date
  • Tags Tags
    Email Tracking
Click For Summary
Tracking down a spammer using Outlook's email source information can be complex, especially when messages pass through multiple servers and fail security tests like SPF. The unique Message-ID of an email, while theoretically useful for identification, is not a reliable tool for tracing spammers since it can be manipulated. Contacting the domain owner's complaints department may yield some results, but many sites that host spammers may resist providing information. A notable case involved a woman who successfully identified a spammer through media investigation, revealing challenges in proving the originating site's involvement. The spammer ultimately agreed to stop after a personal confrontation. Despite the frustrations of receiving spam, especially when it involves threats or spoofing, many users prefer to utilize spam filters rather than engage directly with senders. Overall, while some attempts can be made to trace spammers, the effectiveness of these methods is often limited.
WWGD
Science Advisor
Homework Helper
Messages
7,742
Reaction score
12,920
TL;DR
Trying to track down details from a scammer/spanner. I have the IP addresses of some of the servers in the path, including the source, destination
Hi,
Trying to track down a spammer, using the source that Outlook provides for all emails received. The message seems to have gone through several servers, and have failed several security/legitimacy tests, such as SPF. I have the IP addresses, server names of the source (77.178...) and destination addresses; including the domain owner, narrowing down the source to central Europe. Can this tracking be done by using the email message ID, which is a unique identifier , i.e., no two emails are assigned the same email ID. I guess contacting the complaints department of the domain owner?
Message-ID is alpha ( a through z)-numeric( decimal), with 38 spaces; I guess this provides ##36^{38} ## choices, though I guess length can be increased, enough for the I guess, several billion sent yearly.
 
Computer science news on Phys.org
I think it's a fool's errand. Some of these sites cater to scammers and will resist giving up the spammer's identification or email.

There was a story about a woman who was incensed by an explicit, offensive spam email she received. She complained to a news media outlet, and they decided to conduct an investigation, eventually locating the spammer.

However, the investigation had its challenges. The originating site, a seemingly innocent industrial server farm, initially denied involvement until conclusive proof was provided, at which point they released the spammer's ID information.

She met with the spammer and told him how mortified she was to receive this piece of spam. She asked, "What would you do if your daughter got this email?" He said he had a family of small kids and would stop doing it.

I remember seeing or reading this story but can't find any citation.
 
Well, maybe. Bit I've received at least 5-6 similar ones since Last August alone.
 
That is why we have spam folders.

When I receive spam by regular mail, I just put it in the bin; I don't try to contact the sender. It is even easier with emails and automatic filters.
 
jack action said:
That is why we have spam folders.

When I receive spam by regular mail, I just put it in the bin; I don't try to contact the sender. It is even easier with emails and automatic filters.
Valid point, but these are scammers , threatening to blackmail me, and this is around the 7th such mail in a year. Edit: This time too, they're spoofing my email address, which can cause me trouble. And I get to do something different and practice my cybersecurity skills.
 
Last edited:
"Message ID" is not a required part of SMTP so anyone can put whatever they want there. It will be useless in identification.
 

Thread 'AlphaEvolve - The Future of Math?'

LLMs and AIs have a bad reputation at PF, and I share this opinion. I have seen too much nonsense they produced, and too many "independent researchers" who weren't so independent after all, since they used them. And then there is a simple question: If we had to check their results anyway, why would we use them in the first place? In fact, their use is forbidden by the rules. I tend to interpret the reason for this rule because nobody wants to talk to a machine via PF. Those who want to can...
View full post »

Similar threads

Using Word for Equation Editing
  • · Replies 15 ·
Replies
15
Views
2K
Recently received email from PF. is it spam?
  • · Replies 7 ·
Replies
7
Views
3K
What are the drawbacks of using non-anonymous cryptocurrencies like Bitcoin?
  • · Replies 12 ·
Replies
12
Views
2K
Did You Receive a Fake eBay Email? How to Protect Your Account Today
  • · Replies 12 ·
Replies
12
Views
7K
Praise My feedback, one month and half experience in PF so far
  • · Replies 1 ·
Replies
1
Views
3K
STOP: 0x0000008E (0xC000005, 0XBF04DF7B, 0xED924B18 0X000000000)
  • · Replies 23 ·
Replies
23
Views
6K
TabletPCs for Science and Science Teaching [blog entry from 2006]
  • · Replies 3 ·
Replies
3
Views
4K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K
I Progress In Calculating The HLbL Contribution To Muon g-2
  • · Replies 0 ·
Replies
0
Views
2K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
  • · Replies 8 ·
Replies
8
Views
4K