It's the people at dotcomnic.net I'm 95% positive of it.
I'll post why. I've taken emails from [EMAIL PROTECTED] (who is part
of the dotcomnic.net site, and has previously been busted on the
[EMAIL PROTECTED] list as posting as a "customer" of their RSP and
raving about how great it was) and compared them to headers in the
BruceP forgeries.
>From the susancho email:
X-Priority: 3
X-SMTP-HELO: mail4.maxis.net.my
X-SMTP-MAIL-FROM: [EMAIL PROTECTED]
X-SMTP-RCPT-TO: [EMAIL PROTECTED]
X-SMTP-PEER-INFO: [172.16.1.116]
>From the "BruceP" email:
X-SMTP-HELO: mail4.maxis.net.my
X-SMTP-MAIL-FROM: [EMAIL PROTECTED]
X-SMTP-RCPT-TO: [EMAIL PROTECTED],[EMAIL PROTECTED]
X-SMTP-PEER-INFO: [172.16.1.116]
Notice the localnet address from behind their NAT router?
There are other exact match hits that show that these emails are
coming from their network, if someone compares the headers some more.
Personally, its the kind of actions I've come to expect from them
based on their past actions and behaviors (including a widespread spam
effort a couple years back when they wanted to replace the APNIC with
their own company being the IP registry).
Dotcomnic.net: stop playing games. You've been busted, yet again.
--
Best regards,
William mailto:[EMAIL PROTECTED]
