For those interested in how to track down something like this, take a look at the header information. You'l see a bunch of "Received: xxxxxx" lines. In this case there were 6 of them in the email I received. To start with the first received, go to the *bottom* one. That's where this post first entered the net but isn't necessarily the originating point of the email. To cross check this, also take a look at the "From:" line.
I get "Received: (from daemon@localhost) by ruebert.ieee.org (Switch-2.1.0/Switch-2.1.0) id g3O9LbE23259 for emc-pstc-resent; Wed, 24 Apr 2002 05:21:37 -0400 (EDT) From: jmw <j...@jmwa.demon.co.uk>" Now, take a look at the "Message-Id:" line further down. I get Message-Id: <20020424215907.d25ca22...@coer.zju.edu.cn> This one is little more difficult for some hackers to hide. We can see there's some discrepancies in the domain name. Notably "coer.zju.edu.cn" and "jmwa.demon.co.uk" To start tracking this down, I use several websites for searching. One is Amnesi at http://www.amnesi.com/ The other is DNS411 at http://www.dns411.com/ The Amnesi one is very powerful. Searching under "coer.zju.edu.cn", we find that it crosses to the IP address 210.32.156.246 The people hosting that domain name is is Zhejiang University at Hangzhou, Zhejiang 310027, China. They cover IP addresses 210.32.128.0 to 210.32.159.255 If we apply a "www" in front of the "coer.zju.edu.cn", we (surprise! surprise!) end up at a Chinese firm titled "Centre for Optical & Electromagnetic Research". or a place which uses the acronym 'COER '. We still don't know where the email came from. I would bet though that one or the other of these places would be able to track it down. It would be this point I would send off a gently worded email to webmasters, postmasters and abuse at both places. I would take the base domain name, and then at the front of it add Webmaster@domainname Postmaster@domainname abuse@domainname I assure you, one of these will be a valid address for your complaint. First, I would Reply to the email and delete the email addresses which come up in the reply. This keeps track of the email throughout all the platforms it traveled. I would not delete the subject line. Second, I would state the incidence in very brief terms at the top of my email. Webmasters have enough to do than wade through long quoted material to find the message. Keep it brief and extremely polite. Third, I would copy and paste under my message to the webmaster ALL of the header information to the email under my message. Then, finally, I would copy and paste under the header information all the information in the body of the email. I am asking all of you NOT to do this with this particular post we had. Our webmasters are perfectly capable of doing this and taking care of the business. I'm merely presenting a way each of you can in your private emails can take care of offending emails. I can testify to the fact that if you follow this procedure, it can be most effective. Regards, Doug McKean ------------------------------------------- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
