Spamcop reports that 31.22.43.56(Bounce) sent spam mail usually about 10 a day but not all from just this bounce address.

Anyone know how to find the real address behind the bounce?

What is the source of the report, and what does the (Bounce) mean?
Checking with Spamcop on that IP returns
Note: if that's an obfuscated IP address, I'm not sure how to help you.
Spamcop lists IPs that are reported to have delivered spam. From their home page:
There is no other address "behind" the listed address.

stopping spam is like trying to avoid nitrogen in the atmosphere. You just can't do it. what is unclear is what you are trying to do. tracking down a spammer is pointless. They are usually on the other side of the planet and don't care that you are annoyed. In fact that tells them that they are being effective.

If you are hosting a mail server, then tighten the firewall and perhaps scan the email going thru for keywords and phrases that indicate spam. I used to do that and killed 20k to 30k per day that way.

If you are being used to send spam but you are not hosting a mail server then just disable the services and problem solved.

if you are just looking to track down an annoying spammer, good luck.

1 members found this post helpful.

Stopping? No. Mitigating? Yes.
We use the SORBS, SBL-XBL, and SPAMCop Real-time Block Lists. We also have our own blocking in place using ucspi-tcp‘s tcpserver. We also use clamav and spamassassin to filter incoming email.
68% of email connections to our server are rejected outright. 4% of those that get through are rejected by the clamav or spamassassin filters.
Some of the spam that gets through gets trapped and reported to the delivering ISP.

Controlling incoming spam is possible, but it took me years to get all the pieces in place. Still, I get many less complaints from customers than I used to.

2 members found this post helpful.

I don't get as much spam as I used to. There used to be loads of advertisements for Swiss watches and viagra but I haven't seen any of those for a long time now. They seem to know I'm getting old. I do get those occasional heartbreaking messages from dying philanthropists who want to use my bank account. They tend to appear in my Yahoo account, which is the one I use for commercial emails.

If I get a phishing email, I try to find out if the organisation concerned has an address for reporting these things. If so, I send it there, carefully copying in the headers. I consider that to be good netizenship. But otherwise I just delete spam and forget about it..

A large percentage are probably people trying to connect via tor?
I.e. practically all tor exit nodes are on those blocklists?

1 members found this post helpful.

I don't know or care about what the RBLs are blocking.
I only manage/maintain my internal blocks.
We block connections from servers and networks that have delivered spam to our servers. That's what blocks the 68%, which happens before the RBLs are checked, or the virus and spam filters are used.
What we do is:

• Spam/UCE is received
• It's reported to the connecting ISP
• The country of origin is checked.

If it's from a country we want to block (actually, if not from a country we've decided to permit) the entire netblock to which the IP belongs is blocked. Again, we do that at the smtp connect level, so we're only blocking email delivery attempts.
It's been pretty effective.