Anders Jakobsen <newton@os.dk> wrote:
> Min emailadresse er blevet fanget i et spam mail net. Jeg vil for alt i
> verden beskytte mine email adresser, så jeg vil sende udbyderen en mail. Men
> de er jo kloge prøver at dække deres spor. Så er der nogen, der kan fortælle
> hvor udbyderensdomæne adresse står i dette:
>
> > Return-Path: <sisms@hotmail.com> Received: from smtpin02.mac.com
> > ([10.13.10.69]) by mail03.mac.com (Netscape Messaging Server 4.15) with
> > ESMTP id GDV43I00.BH9 for <ajk@mac.com>; Thu, 24 May 2001 16:04:30 -0700
> > Received: from tw_mail.courier.co.uk ([195.171.163.135]) by
> > smtpin02.mac.com (Netscape Messaging Server 4.15) with ESMTP id
> > GDV43I00.NBP for <ajk@mac.com>; Thu, 24 May 2001 16:04:30 -0700
> > Received: from 210.33.88.1 (ppp155-206.lino.sympatico.ca
> > [142.217.206.155]) by tw_mail.courier.co.uk with SMTP (Microsoft
> > Exchange Internet Mail Service Version 5.5.2650.21) id LBR2RV7G; Thu, 24
> > May 2001 23:56:56 +0100 Message-ID:
> > <000069d42b7f$000074b3$00000fa2@208.245.148.82> To: <sisms@hotmail.com>
> > From: sisms@hotmail.com Subject: Re: Have You Looked at This Yet? Date:
> > Thu, 24 May 2001 15:37:03 -0700 X-Priority: 3 X-MSMail-Priority: Normal
>
> Undskyld at jeg er lidt off topic. Men.... øhh .... jeg modtog mailen på
> min mac.
>
>
> Anders
Nu skal man være forsigtig med hvem man sender klage til, man kan
sagtens komme til at sende til spammeren selv,hvis han ejer sit ejet
domæne og driver et såkaldt spamhaus, så skal du have fat i upstream
udbyderen. Det kan f.eks. være et webhotel eller en webgarage.
Når man skal opspore en spammer kigger man på Received headerne:
HEADER 1
Received: from smtpin02.mac.com ([10.13.10.69]) by
mail03.mac.com (Netscape Messaging Server 4.15) with ESMTP id
GDV43I00.BH9 for <ajk@mac.com>; Thu, 24 May 2001 16:04:30 -0700
Denne header kan ikke bruges til noget, idet 10.13.10.69 er en privat
netværksadresse der ikke bruges på internet
HEADER 2
Received: from tw_mail.courier.co.uk ([195.171.163.135]) by
smtpin02.mac.com (Netscape Messaging Server 4.15) with ESMTP id
GDV43I00.NBP for <ajk@mac.com>; Thu, 24 May 2001 16:04:30 -0700
PortSniffer 2.0 fortæller mig at der ikke er en SMTPd på
195.171.163.135:25
Det betyder at mailen er blevet sendt direkte til din mailserver fra
spammerens bulkmailer eller at SMTPd'en er nede nu.
Der er ingen rDNS på 195.171.163.135, WHOIS søgning på whois.arin.net
sender mig videre til whois.ripe.net
195.171.163.135@whois.ripe.net giver følgende resultat:
% This is the RIPE Whois server.
% Rights restricted by copyright.
% See
http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 195.171.163.128 - 195.171.163.191
netname: LEICESTER-MERCURY-GROUP-1
descr: Leicester Mercury Group Ltd
country: GB
admin-c: PW535-RIPE
tech-c: TF481-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
mnt-by: BTNET-MNT
changed: Clive.Stones@bt.net 19980330
changed: ipmaster@bt.net 20001106
source: RIPE
route: 195.171.0.0/16
descr: BTnet UK
origin: AS2856
remarks: Please send abuse notification to abuse@bt.net
remarks: PLEASE DIRECT ALL QUERIES TO support@bt.net
mnt-by: BTNET-MNT
changed: support@bt.net 19990212
source: RIPE
person: Paul Woodward
address: Leicester Mercury
address: St George Street
address: Leicester
address: LE1 9FQ
phone: +44 116 2224510
fax-no: +44 116 2224687
nic-hdl: PW535-RIPE
changed: Clive.Stones@bt.net 19980330
source: RIPE
person: Tony Foy
address: Leicester Mercury
address: St George Street
address: Leicester
address: LE1 9FQ
phone: +44 116 2224523
fax-no: +44 116 2224687
nic-hdl: TF481-RIPE
changed: Clive.Stones@bt.net 19980330
source: RIPE
HEADER 3
Received: from 210.33.88.1 (ppp155-206.lino.sympatico.ca
[142.217.206.155]) by tw_mail.courier.co.uk with SMTP (Microsoft
Exchange Internet Mail Service Version 5.5.2650.21)
id LBR2RV7G; Thu, 24 May 2001 23:56:56 +0100
Ingen rDNS på 210.33.88.1 WHOIS søgning på whois.arin.net sender mig til
apnic:
210.33.88.1@whois.apnic.net
% Rights restricted by copyright. See
http://www.apnic.net/db/dbcopyright.html
inetnum: 210.33.88.0 - 210.33.95.255
netname: HZIC-CN
descr: ~{:<V]ILQ'T
}
descr: Hangzhou Institute of Commerce
descr: Hangzhou, Zhejiang 310035, China
country: CN
admin-c: CJ2-AP
tech-c: JL14-AP
notify: address-allocation-staff@net.edu.cn
changed: szhu@net.edu.cn 970218
source: APNIC
person: Chunhua Ju
address: Computer Department
address: Hangzhou Institute of Commerce
address: Hangzhou, Zhejiang 310035, China
phone: +86-571-8071024-483
e-mail: ip-staff@net.edu.cn
nic-hdl: CJ2-AP
notify: address-allocation-staff@net.edu.cn
mnt-by: MAINT-NULL
changed: szhu@net.edu.cn 19970218
source: APNIC
person: Junqiang Liu
address: Computer Department
address: Hangzhou Institute of Commerce
address: Hangzhou, Zhejiang 310035, China
phone: +86-571-8828598
e-mail: ip-staff@net.edu.cn
nic-hdl: JL14-AP
notify: address-allocation-staff@net.edu.cn
mnt-by: MAINT-NULL
changed: szhu@net.edu.cn 19970218
source: APNIC
142.217.206.155 har rDNS ppp155-206.lino.sympatico.ca
Derimod er har tw_mail.courier.co.uk ingen DNS
Headeren er falsk og hæftet på af spammeren.
Du skal klage til abuse@bt.net
--
Jesper Oersted. My mailaccount is spamfiltered by ORBS.
http://www.orbs.org.
"Beware what you wish for, especially if it's 13-and-a-half
inches long."- Steven Lemons, Solon Magazine about John C. Holmes.