Helping people with computers... one answer at a time.

It seems like it should be easy to trace spam and phishing attempts to their origin. Sometimes it is, but it's often a very complex and costly process.

Can you explain why the authorities of law and order are unable to find and stop the phishing crooks? Surely there must be an address that can finally be tracked back to them? Or by "responding" to them and following the steps of the reply to see where it finally ends up?

I can feel your frustration. Seems like with all this technology we should be able to do something about the spammers and scammers of the world, right?

Apparently it's not that easy.

I certainly won't claim to have the answer as to why it's so difficult, but I can certainly throw out some ideas.

Remember first that spamming (and phishing) are so prevalent because they work. Enough people buy from spammers and fall prey to phishers that it's worth their time and effort to blast the planet with their garbage.

So, why can't we stop them?

Follow the Email Trail

Your idea is a good one, in concept. In theory one should be able to back-track email to where it came from and then prosecute, or at least block, that source.

And, in fact, the blocking part of that is done quite frequently. There are already "black lists" of IP addresses which have been known to send spam. Email providers can sign up to use those black list to reject any or all email that originates from those servers.

There are two problems: false positives, and bot nets.

These blacklists are usually managed by volunteers, and often folks we might consider vigilantes. As a result the process to get on the list is easy: look like a spammer. The process to get off such a list is often non-existent. So if a spammer stops using a given IP address because it's been blacklisted, and that IP address is then assigned to someone else - someone legitimate - they may "inherit" being on that blacklist. And there's nothing that they can do about it.

This happens so often that most major ISPs don't bother with blacklists, or only use a very small, tightly controlled list.

Botnets render the whole blacklist concept moot anyway. Botnets are the estimated hundreds of thousands of user machines that are infected with what amounts to a virus. That virus is really a remote-controlled program that can send mail. A machine infected with this type of virus becomes a "zombie", or a bot in a huge network of bots that are at the beck and call of a spammer.

When a spammer sends out an instruction to all these machines to send spam, the email that results looks like it came from that machine. That machine, aside from being infected with this virus, has no relationship to the spammer. Email might be traced back to the machine, but it'll be some innocent victim who failed to keep his or her anti-virus up to date. That's as far as you can get.

Follow the Money Trail

When someone purchases through spam, there's a transaction of money involved. Theoretically you could follow the money and eventually arrive at the person who's responsible for the spam.

The problem here is mostly that the companies doing the spamming are not the same as the companies doing the selling. So while you might be able to go after the so called on-line pharmacy, they technically haven't done anything wrong. Their "advertising company" (typically a shady one) may have resorted to spam, but the company directly benefiting from the spam can claim the had no idea and that it was out of their control.

There are periodic moves to increase that liability, but there are unfortunate ramifications for that kind of "pass through" liability that can also adversely affect legitimate businesses if not enacted properly.

"... many people now appear to accept spam, phishing and assorted scams as annoying but an inevitable cost of life on the internet."

Who has Jurisdiction?

One of the biggest obstacles to tracking down spammers, phishers, and scammers is that they're most often not even in the same country as you are. For example while I live in the United States, much of the spam I get traces, either via the email trail or the money trail, to locations overseas. The U.S. government can't do much about that other than request that the authorities in those other countries crack down. But spammers and scammers quickly determine which countries are the least likely to follow through on that, and that's where they'll base their operations from.

Even within the United States things often get complicated with cases of fraud; how it's handled and by whom depends on whether the event crossed state lines.

But consider the infamous Nigerian scam that's been around for ages. I'm sure that the government of Nigeria is well aware of the issue. And perhaps they even help on occasion. But ultimately I have to believe that they have other priorities that they consider much more important than people in other countries getting scammed. They may well see it as our problem for not being more educated and falling for these things in the first place.

And whether we agree or disagree with 'em, it's really not our place to set another countries priorities. (Political comments on this article will not be accepted, it's too big a can of worms. Whether we do or don't, should or shouldn't, we rarely have control over another country's spam and scam law enforcement.)

Who has Expertise?

Depending on your jurisdiction, the law enforcement agencies who would be responsible for tracking down spams and scams may simply not have the technical expertise to use the technology to track down these crooks. While we may hope that many of law enforcement's brightest are on the case, the fact is that if there are individuals capable of this kind of computer forensics you might well find them working on other more focused and concrete cases.

And if they don't have the expertise, they may not have the means or budget to hire it. Much like the third world countries we so often blame for spam, even within our own country the resources available for this task may simply not exist.

Who has Time?

In that same vein, any law enforcement operation simply must prioritize. To grossly oversimplify, if the choice comes down to catching a murderer or catching a spammer, you can guess where the emphasis will be put. Agencies are overwhelmed with the tasks they must already be responsible for. Coming to them with "what are you doing about spam?" isn't going to get much of a response, even if they do have the technical expertise to even understand the ramifications of the complaint.

So is all hope lost?

You might think so. And in fact many people now appear to accept spam, phishing and assorted scams as annoying but an inevitable cost of life on the internet.

But I believe that there's hope.

I'm a strong believer in education. Spam works because people buy from spammers. The more people that understand that and stop it, the less lucrative spamming will be. Phishing works because people don't understand it and don't take appropriate precautions. The more people that understand that the less lucrative phishing will become.

I'm also a big believer in technological solutions. There are ways to alter the email system to stop spam. The problem is political more than technical, and requires getting a lot of people to agree on and them implement a solution. I have hope. It'll take a long time, but I have hope.

I'm also hopeful that law enforcement will be able to make some strategic progress. Even today, as this article is written, there's a current news story about a so called "king of spam" being arrested. This is a case of an individual being a big enough problem to warrent the authorities attention, who then used a combination of the tracking techniques above and others to finally get their man.

Article C3042 - May 31, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

June 1, 2007 7:34 PM

Great article. Just the subject that has been on my mind latley.

George Arauz
June 3, 2007 9:45 AM

They even have spamming in online video games now. In World Of Warcraft there is a spam message every 10 minutes asking you to buy stuff. ON A VIDEO GAME. Its getting out of hand

June 3, 2007 7:42 PM

I am frustrated by this too. I also find that somehow these spammers are getting all of my sub-email accounts. I had 162 messages the other day to a sub account I don't even give out. How do they get all my sub accounts? Do you know? Txs

June 4, 2007 10:42 PM

Here is some credibility as to why spamming and phishing works so well, check out this item on with the title "Hundreds Click on 'Click Here to Get Infected' Ad.",1895,2132447,00.asp#talkback


C. Newman
June 5, 2007 8:50 AM

Leo, this issue will never go away because the majority of users simply will not protect themselves properly. I open anything and everything at home and I don't get spam or viruses. They are blocked. Period. Am I luck? No! Does it take a little effort to run and maintain 2 or 3 programs to achieve this? Yep! But I don't spend any of my time whining and grieving over spam and viruses. At work where the fine IT department doesn't share my ethic we have lots of spam. The people who are waiting for "someone" to fix the ills of the world have a really long wait.

Lou Gascon
June 18, 2007 11:18 AM

Thanx Leo and thank you Mr Newman, but may I say to all you guys who read good old Leo - not to forget you email husbandry...
Keeping a clean house is what it's all about...
Do not buy from or through spammers...
Send the spammers mail (usually unkown to you with an odd subject title) to your ISP's spam box, and they will prevent it being sent out to anyone else...
Watch your email and who you give/send it too...!
but, I think above all, do not reply or send on those damn emails that appear to come from friends warning you about a virus, like "Invitation" for example and the Olympic torch or those other silly presentations with lovely scenes and warbling birds etc...
These are sent out originally by the spammers and are tracked by them to harvest email addresses...
So there you are receiving a mail that someone thinks you should get, with 20 or more email addresses on from your mate, and a further 20 or more email addresses from their previous mate and so-on...
God, the spammers luv you...
Nope! Straight into the bin and tell your friend kindly not to send'em any more...
And if a few more thousand people do that then the spammers source goes right out of the window...
Ha! out of the windows, ha! it's the way I tell 'em...!
anyway, you know what I mean - please don't send them on...


Heide Briggs
October 19, 2008 12:14 PM

Just received a PHISHING E-mail form a hotmail subscriber. See copy below:

Hello My Good Friend,

Greeting from Dr. Sandy Bangura who contacted you long ago, i'm happy to inform you that I have succeeded in moving those funds out with a new helper from Australia, whom based on agreement received %30 of the entire money for his financial involvement and efforts. I have since embarked on an Electronic Company projects with my share of the money.

Meanwhile, I did appreciate your efforts and attempts to help move the funds even though we couldn't realize it together. Notwithstanding, I appreciates the facts that you are a true friend, I kept for your compensation bank draft valued at 1,450,000.00GBP. Feel free to contact my account keeper, Mike Denis via e-mail:, +229 93479668 with the following informations, he will forward the draft to you.

Your Full Name: ............................
Your Home Address:......................
Your Phone Number: .....................
Your Cell Number: .....................
Your Occupation: ........................
Your Age: .............................
Sex :....................................
Your Country: .........................

Please accept it in good faith. Let me know when you get it for us to share the joy.I'm busy here with the investment projects, I had forwardedinstruction to him concerning your bank draft, So he will send the amount to
you upon request.

I remain your friend,
Dr. Sandy Bangura---------------------------------

Find the home of your dreams with eircom net property Sign up for email alerts now

Please advise,
Heide Briggs

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.