On Sun, Feb 11, 2001 at 02:36:03PM +0100, gerard patel wrote:
I had just last week a real-life experience with this kind of setup:
Received: from unknown-fn4p2i6 ([192.76.183.3]) by mail1.asi.fr (8.11.0/8.11.0) with SMTP id f1AKZmN32007
(...)
Message-Id: 200102102035.f1AKZmN32007@mail1.asi.fr
(...)
Subject: CAN YOU ADVERTISE TO OVER 20 MILLION E-MAIL ADDRESSES?
I won't give you the detail on how to use a Paypal account after which I would (eventually) get a Web address to download the evil stuff ;-). Very probably a complete crook.
As you see, I get this interesting proposal from an IP address (192.76.183.3) that is not responding to a nslookup query. So I guess it's probably a rogue mail server on ADSL. Now, I have sent a mail to abuse@verio.com, but I am not sure it will do much good : this guy has probably registered under a false name and with a stolen credit card, so after he get kicked out by verio (if it happens at all...) he will just get another IP address from another ISP (or the same) and get back at its game.
IMHO the main problem is that this kind of mail server is almost anonymous. Not as much as with relay mail, but my ISP takes care of that. If there was a regular Internet domain for the mail server, there would be *some* serious business information and as such some responsability.
Yep. Same SPAM mail, same reasoning (tried traceroute, which ended in the rain forest). abuse@verio.net is probably the best bet, but still... This is one of the nastiest forms of SPAM. No real usable info at all.
Hands up who else received that SPAM... Hmm, well, better don't do it, it might cause a wine-devel overload ;-)
BTW, I got two or three open relays closed last week. (not that this helps too much, though...)
Andreas Mohr