Re: Spam .. Find the sender !

From: Jay R. Ashworth (no email)
Date: Mon May 11 1998 - 12:11:59 EDT


On Sun, May 10, 1998 at 11:00:27AM +0200, Jan Czmok wrote:
> We got some spam mail from
> > Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007)
> (153.37.184.151)
> > by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000
>
> and i cannot query the database (arin , ripe or radb) for the owner of
> this network.
> Any hints ?

I debated posting this to this list instead of mailing it privately,
but I decided the response had some pedagogical value, for some folks,
anyway (and y'all who needed to know this are invited to write
privately and tell me so, so I have some ammo when randy and jhawk jump
my shit. :-)

The .uu.net on the lookup implies that the port belongs, physically, to
UUnet; the tnt1 means it's a dialup port on the Tampa, Florida, POP,
which is an Ascend MAX TNT.

You'll have to send it to uunet, to find out which of their lessees'
customers it is, they should be able to look it up in radius logs,
based on the entire headers in the message.

Note that you may have to explicitly point out to them that you _know_
it may not be their customer, and that you also know that they _can_
look up whose customer is _is_ and forward the report along --
otherwise they've demonstrated a disturbing habit in the past of
playing dumb, at least with me.

I believe the proper address is , unless a DOS attack or
something criminal appears to be involved, in which case, send it to
.

Cheers,
-- jra

-- 
Jay R. Ashworth                                                
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "Two words: Darth Doogie."  -- Jason Colby,
Tampa Bay, Florida             on alt.fan.heinlein             +1 813 790 7592
Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD