North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Spam from net.tw (was: Re: anybody else been spammed by "no-ip.com"yet?)
Well I just started getting a *LOT* of these (read 30+ an hour) to my nannog list address. Am I going to have to start filtering all emails from net.tw ?: Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 38418 invoked from network); 3 May 2002 21:15:41 -0000 Received: from 61-220-202-229.hinet-ip.hinet.net (HELO Hacker) (61.220.202.229) by apple.silverwraith.com with SMTP; 3 May 2002 21:15:41 -0000 Received: from kimo by saturn.seed.net.tw with SMTP id iHhWXQgWgHOu7kU5MupXr0; Sat, 04 May 2002 05:16:24 +0800 Message-ID: <[email protected]> From: [email protected] To: 8qw_y15 Subject:goodluck everyone TLxzltPT08kAVaZWfJvsidzt On Fri, 3 May 2002, Simon Higgs wrote: > At 05:25 PM 5/3/2002 +0100, you wrote: > > I got some of these a few weeks ago. I believe these test messages are sent > to find the non-deliverables in their mailing list. Right after I got these > test messages, they started sending quite a bit of spam. I filtered > sohu.com and it went away. > > >Not me, but I am getting an awful lot of emails from this one person, to > >my nanog address lately: > > > >Return-Path: <[email protected]> > >Delivered-To: [email protected] > >Received: (qmail 21586 invoked from network); 3 May 2002 03:09:28 -0000 > >Received: from unknown (HELO sohu.com) (203.240.184.78) > > by apple.silverwraith.com with SMTP; 3 May 2002 03:09:28 -0000 > >Reply-To: [email protected] > >Return-Path: [email protected] > >From: richard <[email protected]> > >To: <[email protected]> > >Subject: test > >Sender: richard <[email protected]> > >Mime-Version: 1.0 > >Content-Type: text/html; charset="ks_c_5601-1987" > >Date: Fri, 3 May 2002 12:09:13 +0900 > > > > [ The following text is in the "ks_c_5601-1987" character set. ] > > [ Your display is set for the "ISO-8859-1" character set. ] > > [ Some characters may be displayed incorrectly. ] > > > >test > > > > > > > > > >On Fri, 3 May 2002, Paul Vixie wrote: > > > > > > > > as a coauthor of rfc2136, my curiousity is always > > > piqued when spammers use the technology. can i get > > > private forwards of other similar messages? (see > > > below.) > > > > > > (and yes, i'll also be in touch with level3, who > > > serves 166.90.15.236, from whence this message came.) > > > > > > (time was, anyone who could use postfix and php would > > > also know better than to spam, or at least, to spam *me*. > > > <grump> <grumble>.) > > > > > > re: > > > > > > ------- Forwarded Message > > > > > > Return-Path: [email protected] > > > Delivery-Date: Fri May 3 07:44:25 2002 > > > Return-Path: <[email protected]> > > > Delivered-To: [email protected] > > > Received: from isrv3.isc.org (isrv3.isc.org [204.152.184.30]) > > > by as.vix.com (Postfix) with ESMTP id 2360D28B6B > > > for <[email protected]>; Fri, 3 May 2002 07:44:25 -0700 (PDT) > > > (envelope-from [email protected]) > > > Received: from www.no-ip.com (yoka.vitalwerks.com [166.90.15.236]) > > > by isrv3.isc.org (8.11.2/8.9.1) via ESMTP id g43EiOT08718 > > > for <[email protected]>; Fri, 3 May 2002 14:44:25 GMT > > > env-from ([email protected]) > > > Received: by www.no-ip.com (Postfix, from userid 99) > > > id 4A10F833A4; Fri, 3 May 2002 07:54:40 -0700 (PDT) > > > To: [email protected] > > > Subject: Your password for no-ip.com > > > From: No-IP Registration <[email protected]> > > > Reply-To: [email protected] > > > X-Mailer: PHP/4.1.2 > > > Message-Id: <[email protected]> > > > Date: Fri, 3 May 2002 07:54:40 -0700 (PDT) > > > > > > Hello, > > > > > > Welcome to No-IP.com. > > > Your number one stop for dynamic dns services. > > > > > > Your password is: jnMgta > > > > > > To logon to no-ip.com go to http://www.no-ip.com/ and enter your email > > > address and the password above. Once you logon you may change your > > > password by clicking the "Change Password" link. > > > > > > Remember that you can use our dynamic update client to keep our system > > > is sync with your IP address. These clients are available at > > > http://www.no-ip.com/downloads.php > > > > > > Also, keep in mind that No-IP offers services for use with personal > > > domain names. This service, No-IP Plus, allows you to use YOUR domain > > > name with our dynamic dns, and other facilities. More information on > > > this and other services is at http://www.no-ip.com/services.php. > > > > > > If you have any further questions about this service, please refer to > > > our FAQ at http://www.no-ip.com/faq.php. If the FAQ doesn't answer your > > > question(s) contact us at [email protected] > > > > > > > > > > > > Enjoy! > > > > > > > > > The No-IP Team > > > [email protected] > > > http://www.no-ip.com/ > > > > > > > > > > > > ------- End of Forwarded Message > > > > > > > > > >-- > >Avleen Vig > >Work Time: Unix Systems Administrator > >Play Time: Network Security Officer > >Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf > > > Best Regards, > > Simon > > -- > ### > > -- Avleen Vig Work Time: Unix Systems Administrator Play Time: Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
|