Some of you guys and gals are really smart. I am at a loss at the moment.
There is a guy in Ney York that is pounding me with 200+ emails a day due to the Sircam worm. Norton cleans each email and I have outlook send emails from him straight to the trash can... still you can imagine the download time at 200K+ per atachment. I emailed him several times to let him know... and he does nothing about it, nor does he reply.
If it was my normal email, I would just close the account and open a new username. (Not tough on a cable modem.) But it is one of my webpages that I am webmaster for and it is the webmster email address (email@example.com). My webspace provider has email filtering, but only by name... i.e. firstname.lastname@example.org would go to a specific adress or be blocked etc. It cannot filter outside sender addresses.
Here is what I know. His email address is email@example.com. He is on a Time Warner Cable Modem address. The header of his emails are as follows (but it doesn't give his direct IP... just the mail server's IP)...
Received: from nyc.rr.com (nycsmtp3fa.rdc-nyc.rr.com [22.214.171.124])
by addr18.addr.com (8.11.6/8.9.1) with ESMTP id f8M28aV01843
for <firstname.lastname@example.org>; Fri, 21 Sep 2001 19:08:37 -0700 (PDT)
Received: from Default.nyc.rr.com ([126.96.36.199]) by nyc.rr.com with Microsoft SMTPSVC(5.5.1877.357.35);
Fri, 21 Sep 2001 22:08:18 -0400
From: "James Tinagero"<email@example.com>
Subject: Que hora es
date: Fri, 21 Sep 2001 22:05:06 -0400
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed; boundary="----21299146_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
I am assuming his realname is James Tinagero because that is the send name on the emails, but that can always be modified. I have contacted firstname.lastname@example.org and nothing has happened as of yet, and this has been going on for four days now. I also called Time Warner Road Runner Cable in NY and they said they would look into it.... but the emails keep flooding in.
I can't figure a way to pull his direct IP from his email address. If I could find it, I might be able to exploit the SMTP that SIRCAM runs. I doubt it though. I want this guys link down... any ideas?