oh, seems the BCCed message didnt make it. Dont worry, Ill make it
available here:
Here it goes. Read it, its fun.
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: Abuse report of spam coming from
adsl-76-226-66-120.dsl.sfldmi.sbcglobal.net
Hi, abuse response teams
Im having a problem with an account of your domain
adsl-76-226-66-120.dsl.sfldmi.sbcglobal.net [76.226.66.120]
>From what I can tell he is using a Linux OS, and has set a cron job to
send 12 email messages every 30 minutes to my email account using his
nail program attaching a 1MB of binary data, which seem its clearly an
automated spam incident.
I received today from in my account 150 messages of 1MB each from
this ip, with a fake name:
Return-Path: <[EMAIL PROTECTED]>
adsl-76-226-66-120.dsl.sfldmi.sbcglobal.net [76.226.66.120]
Subject: This shit will continue until you correct your behavior
At the end of the email there is a complete header from stmp server
identifying the IP, times and dates of the incident. From the best I
can tell the IP hasnt changed today so you can pin point precisely
where this came from, despite being an adsl range. Funny enough the
guy left his name in the email (Aaron Kulkis), apparently because this
data was set in his linux account
This is clearly an abuse of conduct, and at the same time spam. The
intent, it seems was to flood my account.
Since this is a violation of internet good manners (and a violation of
the ISP's TOS too), Im asking for you to take some action against it,
as this may end in some blacklisting your ISP in smtp blacklists and
etc.
By now a simple rule to reject mail from that network will do anyway.
Despite the use of SPF filtering, I believe google should be checking
reverse dns settings and blocking dsl ranges, to avoid this kind of
childish behavior.
Also I will have to ask google to put you DSL range blacklisted in
SPF, to avoid further problems.
Im copying the raw headers of one of the emails from google SMTP.
Please, let me know if I can give you anymore information. I deleted
the messages but I have saved all the headers, in case you want to
cross those data with your own logs.
Thanks a lot
Marcio Ferreira
---
System Administrator
/* HEADERS */
Delivered-To: [EMAIL PROTECTED]
Received: by 10.143.32.19 with SMTP id k19cs142480wfj;
Sat, 8 Sep 2007 11:56:52 -0700 (PDT)
Received: by 10.35.62.19 with SMTP id p19mr3720737pyk.1189277810643;
Sat, 08 Sep 2007 11:56:50 -0700 (PDT)
Return-Path: <[EMAIL PROTECTED]>
Received: from kulkix.kulkinet
(adsl-76-226-66-120.dsl.sfldmi.sbcglobal.net [76.226.66.120])
by mx.google.com with ESMTP id f45si3426818pyh.2007.09.08.11.47.20;
Sat, 08 Sep 2007 11:56:50 -0700 (PDT)
Received-SPF: neutral (google.com: 76.226.66.120 is neither permitted
nor denied by best guess record for domain of [EMAIL PROTECTED])
client-ip=76.226.66.120;
Authentication-Results: mx.google.com; spf=neutral (google.com:
76.226.66.120 is neither permitted nor denied by best guess record for
domain of [EMAIL PROTECTED]) [EMAIL PROTECTED]
Received: by kulkix.kulkinet (Postfix, from userid 1000)
id ABAF010C34; Sat, 8 Sep 2007 14:40:51 -0400 (EDT)
Date: Sat, 08 Sep 2007 14:40:51 -0400
To: [EMAIL PROTECTED]
Subject: This shit will continue until you correct your behavior
User-Agent: nail 11.25 7/29/05
MIME-Version: 1.0
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Aaron Kulkis)
<attachment deleted>
Delivered-To: [EMAIL PROTECTED]
Received: by 10.143.32.19 with SMTP id k19cs151821wfj;
Sat, 8 Sep 2007 14:40:16 -0700 (PDT)
Received: by 10.65.183.7 with SMTP id k7mr6205238qbp.1189287614547;
Sat, 08 Sep 2007 14:40:14 -0700 (PDT)
Return-Path: <[EMAIL PROTECTED]>
Received: from kulkix.kulkinet
(adsl-76-226-66-120.dsl.sfldmi.sbcglobal.net [76.226.66.120])
by mx.google.com with ESMTP id 12si8749097nzn.2007.09.08.14.39.16;
Sat, 08 Sep 2007 14:40:13 -0700 (PDT)
Received-SPF: neutral (google.com: 76.226.66.120 is neither permitted
nor denied by best guess record for domain of [EMAIL PROTECTED])
client-ip=76.226.66.120;
Authentication-Results: mx.google.com; spf=neutral (google.com:
76.226.66.120 is neither permitted nor denied by best guess record for
domain of [EMAIL PROTECTED]) [EMAIL PROTECTED]
Received: by kulkix.kulkinet (Postfix, from userid 1000)
id 7D61210CA2; Sat, 8 Sep 2007 17:39:16 -0400 (EDT)
Date: Sat, 08 Sep 2007 17:39:16 -0400
To: [EMAIL PROTECTED]
Subject: This shit will continue until you correct your behavior
User-Agent: nail 11.25 7/29/05
MIME-Version: 1.0
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Aaron Kulkis)
<attachment deleted>
/* END OF HEADERS */
On 9/8/07, Druid <[EMAIL PROTECTED]> wrote:
> Hi Aaron,
>
> Your isp and your mom will finally hear from you. Time for you at
> adsl-76-226-66-120.dsl.sfldmi.sbcglobal.net [76.226.66.120] to finally
> get busy.
>
> Have a good time
>
> Fun you know how to use cron, but next time set a fake account. You
> spam like a little kiddy girl.
>
> Marcio
> ---
> Druid
>
> On 9/8/07, Aaron Kulkis <[EMAIL PROTECTED]> wrote:
> > Mike wrote:
> > > On Saturday 08 September 2007 15:27, Billie Walsh wrote:
> > >> The fall back position when running out of intelligence is usually
> > >> insults and profanity.
> > >
> > > I just think it's hilarious that these two are going at each other
> > > instead of the rest of us. Isn't it amazing how they were attracted to
> > > each other. Both are showing their maturity and intelligence. It just
> > > appears to the rest of the world that they are lacking in both.
> >
> > It takes someone with a spine to stand up to arrogant assholes and
> > bullies such as Druid/Marcio.
> >
> > Don't worry, he won't be bothering this or any list quite shortly.
> >
> > > Mike
> > >
> >
> >
> > --
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
