Email Spammer IP Addresses
a List of Examples
with Location Info
(2009 Feb blog post)
Nature of my Spam :
In spite of the fact that my ISP (Internet Service Provider) claims to do spam filtering of email, around 2008 to 2009, I still get about 3 (or more) email spam messages per day that their filters do not catch.
[I do not get ANY spam via my Gmail account. Perhaps Google is filtering TOO much. I will have to check occasionally.]
Sometimes I do not check my email for several days at a time (or even a week or so at a time). It is really annoying for me to go through my emails removing 20 or more spam messages.
The nature of the spam messages that I have received, in the 2005-2008 time frame, has been of a handful of basic types.
In the 2008 time frame, it seems that the first three types of ads have fallen off to near zero. In the 2009 time frame, it seems that most of the ads are of the last type, 'meds'.
Determining Source of Spam :
I have not been deleting those spam messages. I have been saving them in a special mail folder with the intent of using them for the 'Spammer IP Address' list on this web page.
I can go through the 'header lines' in these e-mails to determine the source IP address.
Email 'headers' include 'Received: from' lines, usually at least two. These lines indicate the 'hops' that were taken to get the email to you ---from 'sending' mail server computer to 'receiving' mail server computer.
The 'Received: from' lines are usually in order from the most recent hop to the earliest.
Hence, the first (top-most) 'Received: from' line usually contains the IP address of the receiving mail server machine of your ISP.
The last (bottom-most) 'Received: from' line usually contains the IP address of the source mail-server-machine from which the spam emanated.
Unless the spammer is being extra stealthy, that 'last' IP address in the headers is usually the address of the machine through which the spammer works. The IP address is typically an address that is dynamically allocated from a RANGE of IP addresses assigned to the ISP who forwarded the mail for the spammer.
In some cases, the address is a 'static IP address', which indicates that the mail was probably forwarded from a 'server' rather than from someone's personal computer.
In any case, that 'last' IP address is the address of a computer through which the spammer sent the email --- and probably hundreds, if not thousands, or even millions of emails to other unfortunate victims.
Getting Location Info :
I have used a site like dnsstuff.com to look up location information for a given IP address.
There are many other sites by which one can lookup location information for an IP address. You can find them by using WEB SEARCHES such as:
The location information usually gives the name of the company that registered the IP address (or a range of addresses including that address). Rarely will it be an individual who registers the address. Usually it is a company like an ISP (Internet Service Provider). But it is usually the case that a specific person's name will be listed --- such as a tech support person in the ISP or an executive of the company. For very large companies, specific names may not be listed, but there will be some 'abuse' email addresses.
Hence, the location information will ordinarily NOT give the name of the individual who sent the spam e-mail. But it will sometimes provide a country-and-city location for sender --- and almost always provides the country-and-city-contact for the ISP. The IP-address registration information will give contact information for that Internet Service Provider --- for example, an 'abuse' email address, a mailing address, and, usually, even a phone number.
There is a chance that some spammers or spam service providers have managed to change the e-mail headers so that the source address is 'spoofed'.
However, that does not seem to be the case for the majority of spam e-mail that I have received, as far as I can tell --- in the 'Received: from' headers. Usually at least one is 'valid'.
In any case, even spoofed addresses may give away the country of origin.
Abuse reporting :
Most ISP's have an 'abuse' email address (such as 'abuse@[ispname].net' or 'abuse@[ispname].com') to which you can send complaints. Of course, there are 'rogue' ISP's that make a large part of their income by hosting spammers. So those ISP's will ordinarily not reply to emails or will claim to be innocent bystanders and give excuses for why they will not stop the spammer.
Even if they wipe out the spammer's account, the spammer usually just starts up from another service --- often owned by the same ISP that provided the account that was just de-activated.
In another blog post on this site 'I Want an Email Client that Filters on IP Adresses', I give more information on spammers --- namely, sites that record information on known spammers, sites that provide databases of known spammer IP addresses (block lists), and sites that provide lookup services on IP addresses and IP address-ranges. Some of those sites are listed below.
Content of the IP-Address List (Table) below :
On this page, I intend to provide a periodically updated list of addresses from which I have received spam.
I will put the 'apparent' source IP addresses in a table (below), in order --- from 0.0.0.0 to 255.255.255.255.
In the list (table) below, I will include the date(s) that I received spam e-mail from each address. And I intend to provide location-owner information for the 'source' IP address --- as provided via a lookup on any of the many sites that provide such information, such as dnsstuff.org.
The 'Received: from' lines in email headers usually include a 'hostname' alias for the IP address. Example: peoplepc.com for IP address 188.8.131.52 . I plan to show the 'hostname', under the date of receipt of the email.
Web Links in Emails : (danger!)
Spam emails often include a web address in the body of the email. The sender wants you to click on the address to go to that web page with your web browser. I will often note the 'domain name' of such links, but I will (ordinarily) not give the full link name --- because if you go to that web page, you may be exposed to a virus or a web page that 'phishes' for personal identity information.
Or such web pages might be able to install a 'key-logger' program on your computer that logs all your keystrokes and sends info, such as your userids and passwords, over the Internet to the rogue.
Another possibility is that the web page might be able to install programs on your computer that turn your computer into a 'bot' (robot) which generates more spam emails.
So whenever you receive ANY email with a link in it, unless you have a good idea of what the link does AND you know and trust the sender, do NOT click on the link.
Often spammer web pages are housed at a well-known host of personal web pages, such as Yahoo (geocities.com) or Microsoft (spaces.live.com). These sites should be doing a better job of detecting likely 'homes' of spammers on their personal-web-page servers.
Furthermore, spam is typically first forwarded through well-known Internet Service Providers (ISPs), such as ATT, Charter Communications, or Verizon. These companies should be doing a better job of detecting likely 'bursts' of spam, and the source address(es). They don't have to examine the pieces of mail. The rate of email transmissions should be a dead give-away of a bulk spammer.
List of (Apparent) Spammer IP Addresses :
(in order by IP address numbers)
Apparent spammer IP Address
(and spam received date)
and apparent hostname.
Optionally, type of spam, with
hostname of link, if any, in mail body.
Link to text-file of
Apparent source country/city
IP-Address-Abuse Contact Info
|Japan, Tokyo - via NTT Communications Corporation|
|United States, Minnesota, City: Ortonville - via Halstad Telephone Company|
|United States, Oklahoma, City: Durant - via AT&T Internet Services|
|United States, Alabama, City: Birmingham - via Charter Communications|
|United States, Maryland, City: Gaithersburg - via Verizon Internet Services Inc., Reston, VA|
|France, Paris, Ile-De-France - via ProXad.net|
Body of email provides a link to a
|Unknown location - via Mexico, Guadalajara - Cablevision Red|
|Location Unknown - via Great Britain, btopenworld.com|
I have hundreds of more spam emails whose
'Received: from' info could be added to this table.
I may add more examples tothis table someday.
In any case, this page indicates how to get information
on sources of email spam (mail server sources).
What You Can Do
One purpose of this page is to provide examples of how to get detailed information on spam sources, in case I (or you) have occasion to make a case to an Internet 'enforcer', like one listed below.
We need Congress to supply laws for enforcers to use effectively, with sufficiently strong penalties.
The U.S. CAN-SPAM Act is known to be a weakened attempt at dealing with spammers.
"... many observers view CAN-SPAM as having failed in its purpose of reducing spam.".
The abbreviation CAN-SPAM even seems to indicate that it is a spam-enabler rather than a curtailer.
1. Write your congress-persons to have some teeth put into laws against spamming. The spammers have lots of money to pay lobbyists to buy off congress-persons from passing sensible, effective laws. But if we do nothing, the situation that about 50% of email on the Internet is spam (in 2008) will persist --- and the percentage is growing.
If you do write (or call) your congress-persons, you are welcome to use information from this web page to help make your case.
2. Contribute to organizations that bring legal action against spammers. I plan to provide links here in the future.
In the meantime, here are some WEB SEARCHES to try:
3. Use your leverage on ISPs, as a current or potential customer.
One possible use of this list is to get action from ISPs. For example, the next time Verizon asks you to subscribe to one of their services, printout the contact-info pages (via the links above) for spam that came via Verizon. Mail the pages to Verizon with a letter saying that you will only be interested in their services if they do something to detect and stop the spam sent via their mail servers.
4. Provide specific info, like the info in the table above, to enforcement organizations, like the FBI.
At the very least, the FBI should be budgeting for tracking down email spammers in the United States. And even if Congress is not providing sufficient laws dealing directly with email spamming, you can bet that most of these spammers are failing to pay income tax on the monies they collect via their spam. So the Treasury Department and the FBI should be cracking down on them. Remind them of that if they seem to forget why they should be aggressive in tracking down spammers.
As far as spammers issuing email from foreign countries, Congress should be supplying a budget for a federal agency (like the FBI or Homeland Security or companies assigned to provide Internet DNS, Domain Name Service) to block all traffic from servers generating more than a few hundred spam messages per month to the United States.
If the companies that own those server computers find that they have a lot of legitimate business that is being blocked from entry into the U.S. internet, then they will be motivated to shut down the source of the spam, pronto.
5. If all of the above fail, let the public stonings (and tar-and-featherings) of spammers begin.
And don't let FoxNews and CNBC and CNN convince you that these spammers are simply practicing 'free enterprise' and that they should be allowed to continue.
Spammers should not be allowed to continue to make any refinements that they want to their disgusting methods in order to circumvent those who do not wish to receive their garbage. Free-enterprisers like Larry Kudlow et. al. may call that 'innovation', but it is simply 'criminal fraud'.
IP-address info sites
In another blog post on this site 'I Want an Email Client that Filters on IP Adresses', I give some links to more sites that provide IP address information.
Bottom of this
To return to a previously visited web page location, click on
the Back button of your web browser, a sufficient number of times.
OR, use the History-list option of your web browser.
Or you can scroll up, to the top of this page.
Page was created 2009 Feb 15.