Following up on yesterday's post, there may be one more place to forward your spam. If you have a system where the sender uses a form on your website to send messages, you have the opportunity to record the IP address from which they accessed your site. Then, you can look up the ISP who owns that IP address and report the perpetrator to them. In some cases, the perpetrator will access your site from a system they've hacked. In that case, you may not help shut down the perpetrator's own account, but at least you can help alert system administrators of the need to improve their security.

First, how do you capture the IP address? The exact details will vary depending on what language your code is written in, but in any case, the IP address should be stored in a variable called REMOTE_ADDR. In Perl, that will be $ENV{'REMOTE_ADDR'}. In PHP, it will either be $REMOTE_ADDR or $_SERVER['REMOTE_ADDR'], and so on. Include this IP address in any message sent to you, or store it somewhere with a way to match it up with a particular message.

So you have their IP address; how do find their ISP? Let's say the IP address is 192.168.1.52 (it won't be--that's a private, non-routable address). Telnet or SSH to a UNIX or other system with a "whois" program and type "whois 192.168.1.52". On some systems, this will give you a big list of IP address blocks and email addresses for the people in charge of them (some systems won't give you anything very useful, so if you don't get the big list, try again on a different system). If there's an abuse address listed, contact that one. Otherwise, pick whatever looks like the best candidate and forward the message there, explaining that one of their IP addresses was used to send the message. Be sure to note the IP address and the exact time (including time zone) when the message was sent.

If you're lucky, you'll not only get an email account closed, but will cut off the perpetrator's internet access without a refund.