[IMail Forum] Need Assistance!

Tue, 28 Nov 2000 09:15:26 -0800 

> It appears that we had someone send a message to one of our clients using
a valid username
> from ei8htlegs.net.  They asked them to change their password.  Luckily
they checked back with
> us before doing so.

Nothing unusual about that.  If I tell my mail client that I am
"bushanddole@whitehouse .gov", that's what it's going to say on my outgoing
mail.

> Below is the header information.  Can someone let me know where to go to
get information on
> the IP Address?  Also, is there a way to stop this from happening?  I have
our server set-up to
> relay for addresses only and this ip is not in the table.

> Received: from EIGHTLEGS.net [208.46.44.173] by route-one.com
>   (SMTPD32-6.05) id A994133D0294; Wed, 22 Nov 2000 18:41:08 -0500

The IP address that they were coming from was 208.46.44.173.  There is no
reverse DNS set up for that IP.  A tracert shows that they are customers of
Qwest (or a customer of a customer of Qwest).  "whois whois.arin.net
208.46.44.173" reports an owner of that IP as NETBLK-QWEST-208-46-44, who
is:

==================================================
SUNMAN TELECOMMUNICATIONS CORP/ISP ALLIANCE, INC (NETBLK-QWEST-208-46-44)
   123 NEIMAN STREET
   SUNMAN, IN 47041
   US

   Netname: QWEST-208-46-44
   Netblock: 208.46.44.0 - 208.46.44.255

   Coordinator:
      Miles, Chad  (CM355-ARIN)  [EMAIL PROTECTED]
      8126232122

   Record last updated on 23-Sep-1999.
   Database last updated on 28-Nov-2000 07:49:03 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
==================================================

So, give Chad a call at 812/623-2122 if you want more information.  He
almost certainly didn't do it, but you have a right to bug him to give you
more information about why someone from one of his IP addresses was forging
mail from your domain.  There's a good chance it won't lead anywhere, if
Chad isn't too cooperative, and you don't want to spend a lot of money to
pursue this.
                                          -Scott

Declude: Anti-spam and Anti-virus solutions for IMail.
http://www.declude.com


Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Reply via email to