Spammer IP Addresses

an On-going List

with Location Info
and
Abuse Contact Info
Also, things you can do to help curtail spam.

(2009 Feb blog post)
an on-going list

Home page > Blog menu > This page on spam IP addresses

Nature of my Spam :

In spite of the fact that my ISP (Internet Service Provider) claims to do spam filtering of email, I still get about 3 (or more) spam messages per day that their filters do not catch.

    [I do not get ANY spam via my Gmail account. Perhaps Google is filtering TOO much. I will have to check occasionally.]

Sometimes I do not check my email for several days at a time (or even a week or so at a time). It is really annoying for me to go through my emails removing 20 or more spam messages.

    The nature of the spam messages that I have received, in the 2005-2008 time frame, has been of a handful of basic types.

    • ads for Rolex watches
    • ads for mortgage financing
    • ads for products to enlarge that certain male something
      (I will have to ask my wife if she gets these ads)
    • ads from girls who are dying to meet me
      (I will have to ask my wife if she gets these ads)
    • ads for medicines

    In the 2008 time frame, it seems that the first three types of ads have fallen off to near zero. In the 2009 time frame, it seems that most of the ads are of the last type, 'meds'.

Determining Source of Spam :

Actually, I have not been deleting those spam messages. I have been saving them in a special mail folder with the intent of using them for the 'Spammer IP Address' list on this web page.

I am going to go through the 'header lines' in these e-mails to determine the source IP address.

    Email 'headers' include 'Received: from' lines, usually at least two. These lines indicate the 'hops' that were taken to get the email to you, from mail server computer to mail server computer. The 'Received: from' lines are usually in order from the most recent hop to the earliest.

    Hence, the first 'Received: from' line usually contains the IP address of a mail server of your ISP. The last 'Received: from' line usually contains the IP address of the source mail-server-machine of the spam.

    Unless the spammer is being extra stealthy, that 'last' IP address in the headers is usually the address of the machine at which the spammer works. The IP address is typically an address that is dynamically allocated from a RANGE of IP addresses assigned to the ISP who forwarded the mail for the spammer.

    In some cases, the address is a 'static IP address', which indicates that the mail was probably forwarded from a 'server' rather than from someone's personal computer.

    In any case, that 'last' IP address is the address of a computer through which the spammer sent the email --- and probably hundreds, if not thousands, or even millions of emails to other unfortunate victims.

Getting Location Info :

I will use a site like dnsstuff.com to look up location information for the address.

The location information usually gives the name of the company that registered the IP address (or a range of addresses including that address). Rarely will it be an individual who registers the address. Usually it is a company like an ISP (Internet Service Provider). But it is usually the case that a specific person's name will be listed --- such as a tech support person in the ISP or an executive of the company. For very large companies, specific names may not be listed, but there will be some 'abuse' email addresses.

Hence, the location information will ordinarily NOT give the name of the individual who sent the spam e-mail. But it will sometimes provide a country-city location for sender --- and almost always provides the country-city-contact for the ISP. The IP-address registration information will give contact information for that Internet Service Provider --- for example, an 'abuse' email address, a mailing address, and, usually, even a phone number.

    There is a chance that some spammers or spam service providers have managed to change the e-mail headers so that the source address is 'spoofed'. However, that does not seem to be the case for the majority of spam e-mail that I have received, as far as I can tell. In any case, even spoofed addresses may give away the country of origin.


Most ISP's have an 'abuse' email address (such as 'abuse@[ispname].net' or 'abuse@[ispname].com') to which you can send complaints. Of course, there are 'rogue' ISP's that make a large part of their income by hosting spammers. So those ISP's will ordinarily not reply to emails or will claim to be innocent bystanders and give excuses for why they will not stop the spammer.

Even if they wipe out the spammer's account, the spammer usually just starts up from another service --- often owned by the same ISP that provided the account that was just de-activated.

In another blog post on this site 'I Want an Email Client that Filters on IP Adresses', I give more information on spammers --- sites that record information on known spammers, sites that provide databases of known spammer IP addresses (block lists), and sites that provide lookup services on IP addresses and IP address-ranges. Some of those sites are listed below.

Content of the IP-Address List (Table) below :

On this page, I intend to provide a periodically updated list of addresses from which I have received spam.

I will put the 'apparent' source IP addresses in a table (below), in order --- from 0.0.0.0 to 255.255.255.255.

In the list (table) below, I will include the date(s) that I received spam e-mail from each address. And I intend to provide an image of the location-owner information for the 'source' IP address --- as provided via a lookup on any of the many sites that provide such information, such as

  • dnsstuff.org
    (a site that allows for looking up info on specific IP addresses)

  • samspade.org
    (offers some info like dnsstuff.org)

The 'Received: from' lines in email headers usually include a 'hostname' alias for the IP address. Example: peoplepc.com for IP address 201.130.228.56 . I will often show the 'hostname', under the date of receipt of the email.

Web Links in Emails :

Spam emails often include a web address in the body of the email. The sender wants you to click on the address to go to that web page with your web browser. I will often note the 'domain name' of such links, but I will (ordinarily) not give the full link name --- because if you go to that web page, you may be exposed to a virus or a web page that 'phishes' for personal identity information.

Or such web pages might be able to install a key-logger program on your computer that logs all your keystrokes and sends info, such as your userids and passwords, over the Internet to the rogue. Another possibility is that the web page might be able to install programs on your computer that turn your computer into a 'robot' generating more spam emails.

So whenever you receive ANY email with a link in it, unless you have an idea of what the link does AND you know and trust the sender, do NOT click on the link.

Often spammer web pages are housed at a well-known host of personal web pages, such as Yahoo (geocities.com) or Microsoft (spaces.live.com). These sites should be doing a better job of detecting likely 'homes' of spammers on their personal-web-page servers.

Furthermore, spam is typically first forwarded through well-known Internet Service Providers (ISPs), such as ATT, Charter Communications, or Verizon. These companies should be doing a better job of detecting likely 'bursts' of spam, and the source address(es). They don't have to examine the pieces of mail. The rate of email transmissions should be a dead give-away of a bulk spammer.

List of (Apparent) Spammer IP Addresses :
(in order by IP address)

Apparent spammer IP Address
(and spam received date) - and
apparent hostname. Also, type of spam,
with hostname of link, if any, in mail body.
Apparent source country/city
and
IP-Address-Abuse Contact Info
60.32.56.195
(early 2008)
<...>.gifu.ocn.ne.jp
Japan, Tokyo - via NTT Communications Corporation
65.61.88.87
(early 2008)
<...>.ip.rrv.net
United States, Minnesota, City: Ortonville - via Halstad Telephone Company
66.138.3.66
(early 2008)
United States, Oklahoma, City: Durant - via AT&T Internet Services
68.113.103.131
(early 2008)
<...>.charter.com
United States, Alabama, City: Birmingham - via Charter Communications
72.75.47.72
(early 2008)
<...>.washdc.east.verizon.net
United States, Maryland, City: Gaithersburg - via Verizon Internet Services Inc., Reston, VA
82.243.67.85
(early 2008)
France, Paris, Ile-De-France - via ProXad.net
201.130.228.56
(2009feb14)
peoplepc.com

Body of email provides a link to a
'spaces.live.com' web page.

Unknown location - via Mexico, Guadalajara - Cablevision Red
213.120.105.146
(early 2008)
Location Unknown - via Great Britain, btopenworld.com

I have hundreds of more spam emails to summarize in this table.
I will probably put this table into a separate web page when I add more than 50 addresses.

What You Can Do

One purpose of this page is to provide a quick way to convey detailed information on a large number of spam sources, in case I (or you) have occasion to make a case to an Internet 'enforcer', like one listed below. We need Congress to supply laws for enforcers to use effectively, with sufficiently strong penalties.


1. Write your congress-persons to have some teeth put into laws against spamming. The spammers have lots of money to pay lobbyists to buy off congress-persons from passing sensible, effective laws. But if we do nothing, the situation will persist that about 50% of email on the Internet is spam (in 2008) --- and the percentage is growing.

If you do write your congress-persons, you are welcome to use information from this web page to help make your case.


2. Contribute to organizations that bring legal action against spammers. I plan to provide links here in the future.

3. Use your leverage on ISPs, as a current or potential customer.

One possible use of this list is to get action from ISPs. For example, the next time Verizon asks you to subscribe to one of their services, printout the contact-info pages (via the links above) for spam that came via Verizon. Mail the pages to Verizon with a letter saying that you will only be interested in their services if they do something to detect and stop the spam sent via their outgoing mail servers.


4. Provide specific info, like the info in the table above, to enforcement organizations, like the FBI.

At the very least, the FBI should be budgeting for tracking down email spammers in the United States. And even if Congress is not providing sufficient laws dealing directly with email spamming, you can bet that most of these spammers are failing to pay income tax on the monies they collect via their spam. So the Treasury Department and the FBI should be cracking down on them. Remind them of that if they seem to forget why they should be aggressive in tracking down spammers.

As far as spammers issuing email from foreign countries, Congress should be supplying a budget for a federal agency (like the FBI or Homeland Security or companies assigned to provide Internet DNS, Domain Name Service) to block all traffic from servers generating more than a few hundred spam messages per month to the United States.

If the companies that own those server computers find that they have a lot of legitimate business that is being blocked from entry into the U.S. internet, then they will be motivated to shut down the source of the spam, pronto.


5. If all of the above fail, let the public stonings (and tar-and-featherings) of spammers begin.

And don't let FoxNews and CNBC and CNN convince you that these spammers are simply practicing 'free enterprise' and that they should be allowed to continue --- with any refinements that they want to make to their disgusting methods in order to circumvent those who do not wish to receive their garbage.

IP info sites

Some sites that provide information on IP addresses and ranges of IP addresses --- including ranges of IP addresses assigned to countries (or their companies) :

  • dnsstuff.org (a site that allows for looking up info on specific IP addresses)

  • samspade.org (offers some info like dnsstuff.org)

  • iana.org (IANA = the main internet IP-address-and-domain-name assignment organization. This site offers links to the several organizations that handle IP-addresses and domain-names for NorthAmerica, Asia-Pacific, Europe, etc.)

  • ip2location.com (offers statistics on ranges of IP addresses associated with countries)
    ("[In early 2008]... the United States tops the allocation list by holding 37.73% of the IP addresses worldwide. It is followed by United Kingdom (12.83%), Japan (7.64%), China (5.74%), Germany (3.81%), France (3.65%), Canada (2.81%), Korea (2.74%), Netherlands (2.00%) and Italy (1.67%). These Top 11 countries in the list occupied more than 80% of total allocated IP address ranges in the world in 2007. The other 227 countries are sharing less than 20% of allocated IP address spaces.")

  • ipmaster.org (gives number of IP addresses assigned to each country ; click on a number to see the address ranges assigned to the country --- many hundreds of 'slices' for countries like the U.S. and China.)

    NOTE: The IP address assignments are in such 'scattered, thin slices' that it makes it hard to make filters by country. For example, I don't expect to get any email (that I want) from Japan. If they had assigned Japan all addresses in the blocks, say 60.xxx.xxx.xxx and 61.xxx.xxx.xxx and 62.xxx.xxx.xxx (about 50 million addresses --- 3 x 256 x 256 x 256), I could relatively easily devise a filter on the IP prefixes 60, 61, and 62. Similarly, for Argentia, Chile, China, Mexico, Romania, etc.

  • proxysecurity.com (also offers info on ranges of IP addresses)

  • proxyserverprivacy.com (also offers info on ranges of IP addresses)

  • tracetheip.com (offers info on the route to a specified IP address --- the routers and servers that forward packets)

Bottom of List of Spammer IP Addresses page.

To return to a previously visited web page location, click on
the Back button of your web browser, a sufficient number of times.
OR, use the History-list option of your web browser.
OR ...

< Go to Top of Page, above. >
< Go to Blog Menu page. >

Or you can scroll up, to the top of this page.

Page created 2009 Feb 15. Page re-organized 2009 Aug 07.
Added page breaks for better printout 2009 Aug 11.
Minor format changes 2013 Apr 18.