SPAM, RE: Internic and there lame response

Dean Robb pceasy at
Sun Jul 12 18:29:04 UTC 1998

At 21:22 7/10/98 -0400, Andrea Di Lecce wrote:
>At 20:21 7/8/98 -0400, you wrote:
>>Incredibly two-faced response.  How do you determine the user's ISP?  Check
>>WhoIs.  But...OOOPPSS!...the information in WhoIs is phoney, and we don't
>>do anything about that.  Sorry, guess you're just screwed.
>There are many other ways to track a spammer.
>- Do nslookup on the IP that originated the spam (sometimes this takes a
>bit of detective work to find what IP actually originated the spam).
>- Traceroute to the originating IP.  Email the ISP that is directly upstream.

*I* know these techniques.  Joe User who's irritated at his spam likely
does not.

>- Look in the Whois information for contact emails and nameservers - if
>these are for the upstream ISP, or some ISP other than the spammer, report
>it to them.

But there's the rub.  A great deal of the information (including
delegations) in domain registrations by net.abusers is complete
fabrication.  InterNIC refuses to deal with it, even when it's pointed out
to them.

>- If they are advertising a web page, track the web page host, and their
>upstream, and report it to them.

All the time :>
>>What do spammers and nails have in common?  They're both intended for

Witnesses available at

What do spammers and nails have in common?  They're both intended for

Dean Robb
On-site computer services
(757) 495-EASY [3279]

More information about the NANOG mailing list