Praise to XO's Security/Abuse
Kai Schlichting
kai at pac-rim.net
Mon Sep 9 20:49:48 UTC 2002
On 8/30/2002 at 8:25 PM, nanog at vo.cnchost.com wrote:
> On 04:36 PM 8/30/02, John M. Brown wrote:
> >
> >
> >Jason at XO's security/abuse staff. Very helpful chap
> Indeed he is. Which is why I'm totally mystified about why rfc-ignorant
> insists that my domain doesn't have a working abuse address. I would
> privately email the admin at rfc-ignorant about this problem, but, well....
> (see below)
> jc
I don't think rfc-ignorant.org tests entries at a later time, ever.
I have brought the concentric.net case to their attention today.
Speaking of Concentric domains: cnc.net has not had a working abuse@
address for several YEARS, and I have brought that to Concentric's
attention, oh, 3-4 years ago?
I consider this a reckless way of operating: some people have
interpreted RFC822 in such a way that you only have to accept mail
to "postmaster at FQDN" if you actually accept any mail for the domain
at all. I wonder who's smart idea within Concentric it was to use
cnc.net for a bazillion FQDN's and in-addr.arpa records, but create
an MX record for the domain and not accept postmaster and abuse at cnc.net .
If I wouldn't know better (the whole incompetent vs. malevolent logic),
I'd outright describe this as being "evasive".
Speaking of evading: I wish to remind the readers of this thread
(a subset of NANOG readers) that the good deeds of a few cannot
make up for the colossal, corrupt policy failures of a bankrupt
organization as a whole, or else I wouldn't currently be in
possession of about 90 complaints (and corresponding 90 auto-replies,
with exactly ZERO human-generated replies) from xo.com
regarding spam-spewing factories of crime in their IP space,
with such complaints sent to them in the short, short period of
the last 2.5 months, based on an amazingly small swath of IP
space at the receiving end of this Internet crime.
Examples of XO customers who can't tell right from wrong, and
"220 DO ME HARD" from "550 NO TRESPASSING, CRIMINAL SCUM", and
who continue to criminally trespass onto other people's property
after being told to stay away:
Sep 9 08:13:25 sonet sendmail[895]: IAA00895: from=<Reply at ContentWatch.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP,
relay=gw.iaccess.com [64.221.226.129]
Sep 9 02:19:51 saturn sendmail[5229]: NOQUEUE: ruleset=check_relay, arg1=lsv-004.cynergen.net, arg2=66.239.204.53,
relay=lsv-004.cynergen.net [66.239.204.53], reject=550 no access for OIN - Spammers must die.
Sep 9 00:35:21 saturn sendmail[1729]: NOQUEUE: ruleset=check_relay, arg1=host28.anglcorp.com, arg2=67.105.80.91, relay=host28.anglcorp.com
[67.105.80.91], reject=550 no access for list-washing twits at anglcorp.com - Spammers must die.
Sep 8 00:13:57 saturn sendmail[12484]: NOQUEUE: ruleset=check_relay, arg1=lsv-001.cynergen.net, arg2=66.239.204.50,
relay=lsv-001.cynergen.net [66.239.204.50], reject=550 no access for OIN - Spammers must die.
Sep 7 20:58:36 saturn sendmail[6541]: NOQUEUE: ruleset=check_relay, arg1=host24.anglcorp.com, arg2=67.105.80.87, relay=host24.anglcorp.com
[67.105.80.87], reject=550 no access for list-washing twits at anglcorp.com - Spammers must die.
Sep 7 16:26:39 sonet sendmail[11480]: NOQUEUE: ruleset=check_relay, arg1=lsv-002.cynergen.net, arg2=66.239.204.51,
relay=lsv-002.cynergen.net [66.239.204.51], reject=550 no access for OIN - Spammers must die.
Sep 7 05:01:49 saturn sendmail[2655]: FAA02655: <X>... User unknown - user never existed - single-opt-in is spam - and
Spammers must die.
Sep 7 05:01:49 saturn sendmail[2655]: FAA02655:
from=<102338940173691-7090200001-X?X at bounce.tilw.net>, size=0, class=0,
pri=0, nrcpts=0, proto=SMTP, relay=ul1.tilw.net [209.164.4.171]
Sep 6 20:55:27 saturn sendmail[14573]: NOQUEUE: ruleset=check_relay, arg1=lsv-001.cynergen.net, arg2=66.239.204.50,
relay=lsv-001.cynergen.net [66.239.204.50], reject=550 no access for OIN - Spammers must die.
Sep 5 20:10:41 sonet sendmail[18779]: UAA18779: from=<reply at contentwatch.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP,
relay=host228.iaccess.com [64.221.226.228] (may be forged)
Sep 5 18:44:45 saturn sendmail[9560]: NOQUEUE: ruleset=check_relay, arg1=lsv-002.cynergen.net, arg2=66.239.204.51,
relay=lsv-002.cynergen.net [66.239.204.51], reject=550 no access for OIN - Spammers must die.
Sep 5 14:30:19 saturn sendmail[26113]: NOQUEUE: ruleset=check_relay, arg1=thething.emailfactory.com, arg2=64.35.34.30,
relay=thething.emailfactory.com [64.35.34.30], reject=550 NO TRESPASSING for emailfactory.com/newc.com - Spammers must die.
Sep 4 16:20:57 saturn sendmail[817]: NOQUEUE: ruleset=check_relay, arg1=lsv-001.cynergen.net, arg2=66.239.204.50,
relay=lsv-001.cynergen.net [66.239.204.50], reject=550 no access for OIN - Spammers must die.
There is no doubt in my mind that XO is fully aware of the criminal trespass
committed by their customers, and continues to aid and abet these criminal
activities on a daily basis by knowingly and willingly providing service and
/dev/null'ing complaints about them - kinda like Sprintlink/Sprint aiding
and abetting their criminals^Wcustomers while committing acts of forgery,
false declaration of goods, false declaration of goods in interstate and
international commerce, criminal impersonation, falsification of business
records and business and wire fraud across state lines - only more passively.
I could point the finger in almost any direction from here.
>From UnSavvy to APiss&Pee. From Uh-Oh!Net to Clueless&Witless.
>From FraudLynx to VeryUglio, From Exorcism to Worldcunt.
The bigger, the more bankrupt, the more aiding and abetting.
It's 5pm: do you know who you work for?
--
"Just say No" to Spam Kai Schlichting
New York, Palo Alto, You name it Sophisticated Technical Peon
Kai's SpamShield <tm> is FREE! http://www.SpamShield.org
| |
LeasedLines-FrameRelay-IPLs-ISDN-PPP-Cisco-Consulting-VoiceFax-Data-Muxes
WorldWideWebAnything-Intranets-NetAdmin-UnixAdmin-Security-ReallyHardMath
More information about the NANOG
mailing list