Computer and security experts are using software tools such as NSlookup, Whois, and Traceroute, available as local applications or through Web sites like SamSpade.org, to sift through E-mail header information. Spammers have figured out how to forge some parts of headers, but not the part that leads to the IP address from which an E-mail originated. One exception is when spammers hijack inadequately secured Internet servers to conceal the origin of their messages.
Those tools require knowledge of how computers and networks operate, and they aren't easy for nonexperts to use. Now some administrators, investigators, and law-enforcement personnel are having success using software from Visualware Inc. that automates most of the work. To search for an E-mail's originator, the user pastes an E-mail header into Visualware's eMailTrackerPro application, which then produces a report on available details such as the IP address.
Karyn Solocheck, who owns a computer peripherals resale business with her husband, credits eMailTrackerPro as critical to ongoing efforts to clear her name of a crime. Via E-mail, she arranged in October to sell 10 laptops and 4,000 headset microphones to a Nigerian businessman, she says. The businessman had a partner in the United States who sent two checks from an Atlanta bank to pay for the purchase.
Solocheck contacted the bank to verify the checks and was told they were good, she says. Then, instead of cashing them at her Fort Lauderdale, Fla., bank--which would have meant a 10-day hold that Solocheck couldn't afford because she needed to buy the laptops quickly from her supplier--she visited a check-cashing store. "The next thing I know, the police are called," she says, "and it all snowballed from there." The police questioned the Solochecks and then arrested them for passing bad checks. "We were blamed for the crime, grand theft," she says.
The Solochecks turned to Annie McGuire, director of Fraud-Aid.com, to help clear their names. McGuire used eMailTrackerPro to trace the E-mail and provide detailed tracking information to the Solochecks' attorney. The software confirmed their story, McGuire says, showing that they exchanged E-mails with someone overseas. The case is still open, but Solocheck says they expect to be cleared of any wrongdoing.
EMailTrackerPro, along with Visualware's VisualRoute, which shows the origin of a message graphically, are effective for tracking the origins of about 80% of spam, McGuire says.
Not all experts are sold on Visualware's products. Laura Atkins, a partner in Word to the Wise, a business that consults on proper use of E-mail, prefers to use established tools such as Traceroute to track messages. VisualRoute "can be off by continents," she says.
Yet Visualware's tools have found fans at law-enforcement agencies worldwide, including the Drug Enforcement Agency, the FBI, and police forces in Canada, Japan, Germany, Korea, and the United States, a company spokesperson says.
While experienced cybercrime investigators may stick with expert tools, says Detective Andrew Donofrio of New Jersey's Bergen County Computer Crime Unit, eMailTrackerPro is useful for tracking the origin of less-sophisticated cybercrimes and for presenting information for subpoenas and juries.
Whether they're tracked down by sophisticated and complicated expert tools or user-friendly tools such as Visualware, many spammers may find that it's getting harder to hide.
Photo by David McGlynn/Getty Images