Spam .. Find the sender !
Jay R. Ashworth
jra at scfn.thpl.lib.fl.us
Mon May 11 16:11:59 UTC 1998
On Sun, May 10, 1998 at 11:00:27AM +0200, Jan Czmok wrote:
> We got some spam mail from
> > Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007)
> (153.37.184.151)
> > by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000
>
> and i cannot query the database (arin , ripe or radb) for the owner of
> this network.
> Any hints ?
I debated posting this to this list instead of mailing it privately,
but I decided the response had some pedagogical value, for some folks,
anyway (and y'all who needed to know this are invited to write
privately and tell me so, so I have some ammo when randy and jhawk jump
my shit. :-)
The .uu.net on the lookup implies that the port belongs, physically, to
UUnet; the tnt1 means it's a dialup port on the Tampa, Florida, POP,
which is an Ascend MAX TNT.
You'll have to send it to uunet, to find out which of their lessees'
customers it is, they should be able to look it up in radius logs,
based on the entire headers in the message.
Note that you may have to explicitly point out to them that you _know_
it may not be their customer, and that you also know that they _can_
look up whose customer is _is_ and forward the report along --
otherwise they've demonstrated a disturbing habit in the past of
playing dumb, at least with me.
I believe the proper address is abuse at uu.net, unless a DOS attack or
something criminal appears to be involved, in which case, send it to
security at uu.net.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby,
Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592
Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
More information about the NANOG
mailing list