# How to stop email spoofers/phishing scams



## eagledude4 (Jun 27, 2010)

I made the mistake of using my email address on a game forum and have since started receiving regular phishing scams using a spoofed from address.

I can't block the sender because it ends up blocking the legitimate emails as well as the spoofed ones.

How can I stop these emails or find a way to see the real from address?


----------



## eagledude4 (Jun 27, 2010)

I used Whois Lookup - Domain Names Search, Registration, & Availability | Whois.net to find whois information for the domain of the link in the spoofed email/phishing scam and found the following information:


```
Domain ID:D5143349-AFIN
Domain Name:COLOGIN.IN
Created On:03-Jul-2011 09:56:20 UTC
Last Updated On:07-Jul-2011 14:44:56 UTC
Expiration Date:03-Jul-2012 09:56:20 UTC
Sponsoring Registrar:Directi Web Services Pvt. Ltd. (R118-AFIN)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT HOLD
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:TS_16149013
Registrant Name:Li ming
Registrant Organization:Li ming
Registrant Street1:bei jing shi feng tai qu
Registrant Street2:
Registrant Street3:
Registrant City:bei jing shi
Registrant State/Province:
Registrant Postal Code:100091
Registrant Country:CN
Registrant Phone:+86.1052857677
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:[email protected]
Admin ID:TS_16149013
Admin Name:Li ming
Admin Organization:Li ming
Admin Street1:bei jing shi feng tai qu
Admin Street2:
Admin Street3:
Admin City:bei jing shi
Admin State/Province:
Admin Postal Code:100091
Admin Country:CN
Admin Phone:+86.1052857677
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:[email protected]
Tech ID:TS_16149013
Tech Name:Li ming
Tech Organization:Li ming
Tech Street1:bei jing shi feng tai qu
Tech Street2:
Tech Street3:
Tech City:bei jing shi
Tech State/Province:
Tech Postal Code:100091
Tech Country:CN
Tech Phone:+86.1052857677
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:[email protected]
Name Server:NS1.SUSPENDED-DOMAIN.COM
Name Server:NS2.SUSPENDED-DOMAIN.COM
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server:
```
Would blocking the above [email protected] email address be a solution?


----------



## JMPC (Jan 15, 2011)

Probably not, unless that's the email everything is coming from which it wouldn't be if they're using spoofed addresses or server names.

If the emails are coming from a domain or mail server that you don't want to block the only other thing you can do is delete/trash files based on content if you know what it is that is common among the emails.


----------



## eagledude4 (Jun 27, 2010)

I found a way to view the source of the email.

This is the header information:

```
Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 121.66.33.19) [email protected]; dkim=none header.d=jagex.com; x-hmca=none
X-Message-Status: n:0:n
X-SID-PRA: RuneScape <[email protected]>
```
is this the IP to get whois information for?

```
(sender IP is 121.66.33.19)
```
I wish to notify ISP


----------



## eagledude4 (Jun 27, 2010)

Disregard the second post. I'm not sure where to get the correct whois information


----------



## eagledude4 (Jun 27, 2010)

I found this link: IP Address: 121.66.33.19

and found that the ISP is Dacom, but I cant find a website for this ISP.


----------



## Wand3r3r (Sep 17, 2010)

wouldn't matter if you did. might want to google spamming to understand how it works.

only solution, and even it has its limitations, is get a new email address.

also learn a few email rules like why you use the bcc field if sending to multiple email addresses
and why you should be upset if you get a email with many other peoples email addresses in it *hint* any one of those people has their email compromized you are once again back on the world wide spam list.


----------



## eagledude4 (Jun 27, 2010)

Wand3r3r said:


> wouldn't matter if you did. might want to google spamming to understand how it works.
> 
> only solution, and even it has its limitations, is get a new email address.
> 
> ...


I know how spamming works, and I also know that telling the host of the IP address that's spamming me that they are committing fraud will solve the issue.


----------



## clyde123 (Apr 10, 2008)

"and I also know that telling the host of the IP address that's spamming me that they are committing fraud will solve the issue. "
Good luck with that one.
If it works, I've got a job waiting to take down the rest of the world's spammers.


----------



## Wand3r3r (Sep 17, 2010)

especially since its clear there is a lack of understanding on how spamming works.

Spammers NEVER use their ips/machines. It always comes from a compromized workstation or server.

Ever wonder why its so easy to spam the world? Ever think about all of these wanta bes bringing up their own mail servers with no understanding on how to harden/secure them? They couldn't make it easier for hackers and then spammers.


----------

