i have been hit with alot of spam from corecomm.net ips.
i have sent several emails to them and NOT once have they replied.
so i trashed them into the kill file.
CORECOMM LIMITED (NET-CORECOMM-4)
10 S. Riverside Plaza, Suite 401
Chicago, IL 60606
US
Netname: CORECOMM-4
Netblock: 216.214.0.0 - 216.214.255.255
Maintainer: CORL
Coordinator:
Spath, Kenneth (KS326-ARIN) [EMAIL PROTECTED]
312-560-2451 (FAX) 312-474-0385
Domain System inverse mapping provided by:
NS1.CORECOMM.NET 208.150.60.2
NS2.CORECOMM.NET 208.133.80.2
---------- Original Message ----------------------------------
From: "Harry Hanson" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Sat, 17 Feb 2001 17:04:35 -0800
>well, generally you have to go by ip addresses as the dns info is usually
>forged. for instance, winproxy.anywhere is obviously not a vaild name. the
>mail.zushabrmanova.pvtnet.cz can be verified by a quick dns lookup:
>
>Received: from WinProxy.anywhere (mail.zushabrmanova.pvtnet.cz
>[195.47.60.155]) by smtp.nextra.cz (8.11.1/8.11.1) with SMTP id
>f1HAv8D35808; Sat, 17 Feb 2001 11:57:08 +0100 (CET) (envelope-from
>[EMAIL PROTECTED])
>
>the only thing you care about here is the IP 195.47.60.155
>
>this resolves to:
>
>nslookup 195.47.60.155
>Canonical name: mail.zushabrmanova.pvtnet.cz
>
>so the short answer is yes, you could put that in your kill list, which
>would bounce any mail coming from that mail server. the is not the origin of
>the mail however, but what appears to be an open relay. going a bit further:
>
>harryh@cet harryh]$ dig -x 195.47.60.155 soa
>
>; <<>> DiG 2.2 <<>> -x soa
>;; res options: init recurs defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
>;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
>;; QUESTIONS:
>;; 155.60.47.195.in-addr.arpa, type = SOA, class = IN
>
>;; AUTHORITY RECORDS:
>60.47.195.in-addr.arpa. 86400 SOA ns.pvt.net. hostmaster.pvt.net. (
> 2001013101 ; serial
> 28800 ; refresh (8 hours)
> 3600 ; retry (1 hour)
> 604800 ; expire (7 days)
> 86400 ) ; minimum (1 day)
>
>;; Total query time: 198 msec
>;; FROM: cet to SERVER: default -- 206.96.91.1
>;; WHEN: Sat Feb 17 16:45:55 2001
>;; MSG SIZE sent: 44 rcvd: 101
>
>using the whois server at abuse.net:
>
>[harryh@cet harryh]$ fwhois [EMAIL PROTECTED]
>[whois.abuse.net]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>
>if you wish to file a spam complaint, it would be sent to:
>[EMAIL PROTECTED] & [EMAIL PROTECTED]
>
>the source of the message is shown in this line:
>
>Received: from 216.214.77.248 by 195.47.60.155 (WinProxy); Sat, 17 Feb 2001
>
>
>this resolves to:
>
>nslookup 216.214.77.248
>Canonical name: max1-120.sanfrancisco.corecomm.net
>
> <<>> DiG 2.2 <<>> -x soa
>;; res options: init recurs defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
>;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
>;; QUESTIONS:
>;; 248.77.214.216.in-addr.arpa, type = SOA, class = IN
>
>;; AUTHORITY RECORDS:
>77.214.216.in-addr.arpa. 86400 SOA ns1.corecomm.net.
>postmaster.corecomm.net. (
> 2001010309 ; serial
> 10800 ; refresh (3 hours)
> 3600 ; retry (1 hour)
> 604800 ; expire (7 days)
> 86400 ) ; minimum (1 day)
>
>;; Total query time: 121 msec
>;; FROM: cet to SERVER: default -- 206.96.91.1
>;; WHEN: Sat Feb 17 16:49:55 2001
>;; MSG SIZE sent: 45 rcvd: 108
>
>using the whois server at abuse.net:
>
>[harryh@cet harryh]$ fwhois
>[EMAIL PROTECTED]
>[whois.abuse.net]
>[EMAIL PROTECTED]
>
>the complaint would be sent to: [EMAIL PROTECTED]
>
>Hope that helps.
>
>----- Original Message -----
>From: "Howard Reeves" <[EMAIL PROTECTED]>
>To: "I-Mail" <[EMAIL PROTECTED]>
>Sent: Saturday, February 17, 2001 12:24 PM
>Subject: [IMail Forum] Understading headers
>
>
>> I have been receiving a lot of unwanted e-mail. I am trying to understand
>> where it is coming from and what to enter in my kill.lst to stop it. I
>> opened one of the messages in Notepad and found the information pasted
>> below. Would this be the header? It appears to me that this message
>> originated from mail.zushabrmanova.pvtnet.cz. Is this correct? Would I
>enter
>> mail.zushabrmanova.pvtnet.cz in the kill.lst to stop receiving messages
>from
>> these people?
>>
>> Thanks,
>>
>> Howard Reeves
>> [EMAIL PROTECTED]
>>
>>
>> Received: from WinProxy.anywhere (mail.zushabrmanova.pvtnet.cz
>> [195.47.60.155])
>> by smtp.nextra.cz (8.11.1/8.11.1) with SMTP id f1HAv8D35808;
>> Sat, 17 Feb 2001 11:57:08 +0100 (CET)
>> (envelope-from [EMAIL PROTECTED])
>> Received: from 216.214.77.248 by 195.47.60.155 (WinProxy); Sat, 17 Feb
>2001
>> 06:56:26 +0100
>> Message-ID: <00005f860ccf$000065b8$00007056@>
>> To: <[EMAIL PROTECTED]>
>> From: [EMAIL PROTECTED]
>> Subject: Cash In Your Pocket Today 28758
>> Date: Fri, 16 Feb 2001 20:05:54 -0800
>> MIME-Version: 1.0
>> Content-Type: text/html;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-RCPT-TO: <[EMAIL PROTECTED]>
>> X-UIDL: 280952411
>> Status: U
>>
>>
>> Please visit http://www.ipswitch.com/support/mailing-lists.html
>> to be removed from this list.
>>
>> An Archive of this list is available at:
>> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>>
>
>
>Please visit http://www.ipswitch.com/support/mailing-lists.html
>to be removed from this list.
>
>An Archive of this list is available at:
>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
