North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: contact for the world etc (nanog)
Barry, we can follow up offlist.The text the guy cites isn't from our staff, we don't even have an auto-ack system. Maybe it's from some customer or maybe entirely forged, he doesn't include any headers and seems to just want to vent.
Here's the full text of the email (one of a quite a few just yesterday).
I'm unsure how abuse desks are supposed to even deal with things like this. We've plonked the user but we have no way to let you know. We also have no way of getting you to actually email [email protected] instead of my personal email address.
Received: (qmail 25489 invoked by uid 114); 14 Dec 2004 06:15:37 -0000
Received: from 188.8.131.52 by fiona (envelope-from <[email protected]>, uid 106) with qmail-scanner-1.24
(clamdscan: 0.80/614. spamassassin: 3.0.1.
Processed in 3.873291 secs); 14 Dec 2004 06:15:37 -0000
X-Spam-Status: No, hits=4.4 required=5.0
Received: from pcls4-e.std.com (HELO TheWorld.com) (184.108.40.206)
by secure.perfectemail.net with SMTP; 14 Dec 2004 06:15:33 -0000
Received: (from [email protected])
by TheWorld.com (8.12.8p1/8.12.8) id iBE6ACu2008864;
Tue, 14 Dec 2004 01:10:12 -0500
Date: Tue, 14 Dec 2004 01:10:12 -0500
Message-Id: <[email protected]>
To: [email protected]
References: <[email protected]>
In-Reply-To: <[email protected]>
From: [email protected] (Mail Delivery Subsystem)
Subject: EVERYDNS piracy spams not allowed
Cc: [email protected], [email protected], [email protected]
This is an automated mailing in response to your spamvertisement for
pirated software - and porn websites purporting to depict images of rape.
If you are receiving this message it is likely because you are a spammer.
Perhaps you host the site of the spammer, last seen at 220.127.116.11
(APPZPLANET.COM; APPZPLA.NET). Then, you are a spammer.
DNS for this netblock is owned by free.net/run.net, administered by hobot.ru,
and zone-transferred by hobot.ru (possibly illegally) to EV1.NET's spammer-
service subsidiary "EVERYDNS.NET" - also known as freelooklist.com,
perfectemail.net, stayoff.org, etc.
state: REGISTERED, DELEGATED
person: MAXIM N PONIZOVTSEV
phone: +7 095 7967750
e-mail: [email protected]
ns1.everydns.net has address 18.104.22.168
ns2.everydns.net has address 22.214.171.124
ns3.everydns.net has address 126.96.36.199
ns4.everydns.net has address 188.8.131.52
EVERYDNS.NET however is currently aliased to fiona.everybox.com at 184.108.40.206.
220.127.116.11/24 is the responsible party for these and a huge number of other
recent spams that tout illegal and fraudulent products, services and content.
OrgName: Co-Location.com Inc.
Address: 333 S. Beverly Drive
Address: Suite 207
City: Beverly Hills
NetRange: 18.104.22.168 - 22.214.171.124
OrgTechEmail: [email protected]
This spammer has been scanning networks worldwide in order to exploit
any found "open SMTP proxies". He is also documented to have broken
into zombied machines to use their DSL connections for spam transmission
and, as previously stated, transferring DNS zones to mask the origins of
both his spams and websites.
Thus a spammer, a software pirate AND a burglar.
A criminal, in any event.
The unread message which you just sent to an unassigned address on our
network, and which follows, has already been sent to law enforcement
Hopefully you will be sent to them as well, shortly.
[Administrators and legal/investigative officials reading this:
We urge you to consider a course of action which will result in
termination of all services to the above-referenced hosts and
netblocks as soon as administratively possible - a more permanent
solution pending completion of any additional investigation.
Regarding those investigations we may be counted upon to furnish
any additional documentation we can offer to assist in prosecution,
and to ensure civil liability.]
----- Original message follows, unread -----
From [email protected] Tue Dec 14 01:10:11 2004
Received: from CPE-65-27-11-91.kc.rr.com (CPE-65-27-11-91.kc.rr.com [126.96.36.199])
by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id iBE69kja005923
for <[email protected]>; Tue, 14 Dec 2004 01:09:47 -0500
Received: from unknown (HELO localhost) (127.0.0.1)
by localhost.edit.com with SMTP; Tue, 14 Dec 2004 06:18:14 +0000
Received: from 188.8.131.52 (184.108.40.206[220.127.116.11])
by CPE-65-27-11-91.kc.rr.com (IMP) with HTTP
for <[email protected]>; Tue, 14 Dec 2004 06:18:14 +0000
Message-ID: <[email protected]>
From: "Mike" <[email protected]>
To: "Benny" <[email protected]>
Subject: Any software backups for lowest pricest.
Date: Tue, 14 Dec 2004 06:18:14 +0000
Content-Type: text/html; charset="iso-8859-1"
User-Agent: Internet Messaging Program (IMP) 3.2.2
<P>2005 is just a few days away. Start the new year with a much needed software
<P>Tired of your old Windows system? Get XP Professional here for only $33 ($170
cheaper than stores):<BR><A href="http://down.cd/">http://down.cd/</A></P>
<P>Your old Office program no longer state of the art? Get the superb Office
2003 here for $38 less than retail:<BR><A
<P>View our full software selection. Whether you need new virus software, art
and graphical software or anything else,<BR>we have it - and so much cheaper
than the stores. =)</P>
<P><A href="http://down.cd/">http://down.cd/</A> or <A