Hi - can anyone help me trace this email? i keep getting the vlink.exe virus sent to my hotmail account, and it's getting annoying. on this message board i found out about using the "options"-"advanced" hotmail settings, and now i have all the header information. if you look at the header, it seems like the sender must be disguising his return address with some sort of "sendfakemail" program - because the return path is different from the apparent address. check it out: From : tandcmom To : send2russ@hotmail.com Subject : Helvetica, sans Date : Mon, 02 Dec 2002 21:35:09 -0600(CST) MIME-Version: 1.0 Received: from mta4.rcsntx.swbell.net ([151.164.30.28]) by mc1-f18.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 2 Dec 2002 19:35:22 -0800 Received: from Vgn ([65.65.195.48]) by mta4.rcsntx.swbell.net (iPlanet Messaging Server 5.1 HotFix 1.6 (built Oct 18 2002)) with SMTP id for send2russ@hotmail.com; Mon, 02 Dec 2002 21:35:22 -0600 (CST) Date-warning: Date header was inserted by mta4.rcsntx.swbell.net Message-id: Return-Path: cen2rion@swbell.net X-OriginalArrivalTime: 03 Dec 2002 03:35:22.0955 (UTC) FILETIME=[02DEF1B0:01C29A7D] any thoughts? is the sender this cen2rion guy?

oops, it didn't display it, but the email was supposedly from : tandcmom@sbcglobal.net

go here http://www.visualware.com/promo/server.html D

Either this guy is your sender ... " FRANK KELLAM "cen2rion@swbell.net or the email has been spoofed i can tell you also that cen2rion is a hacker from the czech republic so watch out it could be that you made some enemy on a message board. - from http://www.richardpoe.com/forum.cgi?article=2504 Christian History, Sin and the Word of the Lord I agree with Nathan Mayfield: Your commentary is not only "strange;" it is seriously misinformed about the history of Christianity. To equate the current sin-riddled network of our current church leadership, whatever our denomination or sect (or cult), with the honorable martyrs of earlier struggles is just one of many examples of your weird distortions. When we shake it all out, I wonder why all the Romanist defenders, diversely motivated commentators, and so-called evangelicals fail to quote the Word of our Lord Jesus Christ, from the gospel of Matthew: "But whoever causes one of these little ones who believe in Me to sin, it would be better for him if a millstone were hung around his neck and he were drowned in the depth of the sea." (18:6) Imagine -- Jesus mandating capital punishment! (in accord- ance, of course, with the earlier set of ethics; i.e., moral law, given to Moses). When will we learn the folly of trying to be wiser than God? Christ is alive and well; so will be His Body when she pays better attention to the only Head. Many of His shepherds seem to be off course, if not in the ditch. Any chance that you and Mr. Crocker expect that kind of relevant scripture to be examined with the American cardinals at the forthcoming Vatican woodshed gathering? Thank you for the opportunity to correspond; may our Lord protect you and bless you. Peace! Frank Kellam (cen2rion@swbell.net) Chesterfield, MO 4/17/02

You can look up the IP addresses with arin whois at http://www.arin.net/whois/index.html Here's the results of the look ups for the IP addresses in the header: Search results for: 151.164.30.28 Southwestern Bell Internet Services SBIS (NET-151-164-0-0-1) 151.164.0.0 - 151.164.255.255 SBIS Mail/News Network - RCSNTX SBCIS-091902170025 (NET-151-164-30-0-1) 151.164.30.0 - 151.164.31.255 # ARIN Whois database, last updated 2002-12-03 19:05 Search results for: ! NET-151-164-30-0-1 CustName: SBIS Mail/News Network - RCSNTX Address: 2701 W 15th St PMB 236 Plano TX 75075 Country: US RegDate: 2002-09-19 Updated: 2002-09-19 NetRange: 151.164.30.0 - 151.164.31.255 CIDR: 151.164.30.0/23 NetName: SBCIS-091902170025 NetHandle: NET-151-164-30-0-1 Parent: NET-151-164-0-0-1 NetType: Reassigned Comment: RegDate: 2002-09-19 Updated: 2002-09-19 This tells you the person is using SWbell. The second IP address lookup: Search results for: 65.65.195.48 Southwestern Bell Internet Services SBIS-5BLK (NET-65-64-0-0-1) 65.64.0.0 - 65.71.255.255 PPPoX Pool Rback5 SBCIS-1001127-193153 (NET-65-65-192-0-1) 65.65.192.0 - 65.65.195.255 # ARIN Whois database, last updated 2002-12-03 19:05 CustName: PPPoX Pool Rback5 Address: 2701 W. 15th St. PMB 236 Plano TX 75075 Country: US RegDate: 2000-11-28 Updated: 2000-11-28 NetRange: 65.65.192.0 - 65.65.195.255 CIDR: 65.65.192.0/22 NetName: SBCIS-1001127-193153 NetHandle: NET-65-65-192-0-1 Parent: NET-65-64-0-0-1 NetType: Reassigned Comment: RegDate: 2000-11-28 Updated: 2000-11-28 # ARIN Whois database, last updated 2002-12-03 19:05 It definitely looks like it came from SWBell as both IP addresses are from there. And the sender's email address says swbell.net. What I would do is go to SWBell's website and find their abuse reporting address. Forward them the email including the header info and even the whois look up info. You can ask them to investigate and teminate the guy's account. ISP's have terms of service which state that using the account to send spam is a violation of the terms. They might really cancel the account if they can confirm it. The hotmail address is probably fake. You can send it to abuse@hotmail too though and they will tell you if is a valid hotmail address or not. Here is the URL for SWBell's website site map: http://public.swbell.net/site.html It will have the terms of service and abuse reporting email address in there somewhere. Good luck.

sorry - I see that the hotmail address is yours russ. You can forward the email and header info to the abuse reporting address for sbcglobal.net and see what happens. Another thing you can do is sign up for a free account at www.spamcop.net. They give you an address to forward the email to and their software takes it apart and finds out where it really came from. They also generate abuse reporting email addresses and messages which you can send with one mouse click. Some people here might tell you spamcop.net is bad or will cause you to get more spam, but I don't believe that because I have been using it for a couple of years and no problems or increase in spam. Hope this helps.