IP addresses are fundamental to the way that packets travel between
computers on the internet. It is not possible to send a packet from computer A
to computer B and hide or disguise the IP address of computer A, or the router
though which it is connected to the internet.
What that means is that in order to “disguise” your IP address, you need to
use a different computer entirely.
Spammers have just the technology for that, in the form of botnets. The
result is that spam could easily be coming from computers that are completely
unrelated to and nowhere near the spammer.
In this audio excerpt from a recent Ask Leo! webinar,
I’ll discuss what this all means.
Can you disguise an IP address? Lots of spam in many different countries that spam is sent from the same person using the same computer?
So several different questions actually in there. Can you disguise an IP address? Not really. IPs are fundamental to the way packets are sent between the equipment that makes up the internet.
So if you get data sent to your computer, in that data, the actual lower-level guts of that data is the IP address it came from; that cannot be spoofed. Now, where things get confusing is the second part of that question. Can spam be sent from the same person using the same computer? Absolutely, that’s exactly what botnets are all about as just one example.
So what’s a botnet? Let’s say I have a virus on my computer. That virus might be software that actually does nothing harmful to my computer, nothing at all. All it does is it connects to that remote site that periodically gives the virus instructions for what to do.
Those instructions might be ‘Send a piece of email; send spam.’ In fact, the instructions might be ‘send a piece of email; send it from email@example.com; send it to firstname.lastname@example.org and here’s the text of the message: Viagra or whatever other body-part enhancing or drug, pharmaceutical thing it’s trying to sell. When that email gets sent, it gets sent from the infected computer. So when that gets sent, it means it gets sent from that IP address of that infected computer.
The person who has that computer may have no idea that this is happening. They may have no idea that spam is being sent from their computer, but it is. And if anybody were to take the spam and attempt to backtrack the IP address from the headers, where that would lead them is not to the spammer, but to this infected machine. And in fact that does happen from time-to-time: a machine will be so badly infected that it’s sending out tons of spam. The ISP will get notified that ‘Hey, this IP address, they’re sending a lot of spam’ and probably got infected.
That is an extremely common way for spammers to hide the IP address where they really are by basically remote controlling thousands if not hundreds of thousands of other computers on the internet to send the spam on their behalf.
So it’s very common. You’ll often see spam come from all over the planet just because machines are infected all over the planet and yet they may all (under the control of a single bot herder who is giving instructions to all of these remotely infected machines too) go off and send spam. So it’s very difficult given a piece of spam, a piece of email to really, honestly, truly determine where that spam truly originated. At best, you can find out what machine it was sent from, but that’s not the same. So I hope that answers your question.