On 7/12/2011 10:00 AM, Randy Bush wrote:
thanks for the hard work, folk.
Let's work harder
thanks for volunteering. when will you be flying out to the bay?
randy
I'm with you Randy, I'm disappointed with the complaints I see here.
People don't seem to show much appreciation.
Jason
On Jul 12, 2011, at 11:02 AM, Thomas Donnelly wrote:
I received no spam, and had I received 2 pieces, it may have been slightly
irritating.
What is irritating is the sheer number of people complaining about it. Can we
stop please? I think they get it.
-=Tom
Tom, you are one
message and various other
spams that are dripping through are from real subscribers...
Err...
what I find most interesting is that I have received no spam via this list
today. I've checked my spamfilters' garbage heap...
Did someone unsubscribe me from the spam part of the list? Thank you :)
Elmar.
Also, where is the reply to header?
still in the garbage, where it belongs
On 7/12/11 9:47 AM, Ryan Pavely wrote:
As far as I can tell me neither. I feel so left out :(
You probably don't have nanog@nanog.org and its associated mail servers
whitelisted in spamassassin/filtering/etc. In an effort to avoid
bouncing list mail, I put them in a while back.
- Original Message -
From: Randy Bush ra...@psg.com
thanks for the hard work, folk.
Let's work harder
thanks for volunteering. when will you be flying out to the bay?
I suspect, Randy, that Ferg *knows* how to use ssh.
Cheers,
-- jra
--
Jay R. Ashworth Baylink
- Original Message -
From: Randy Bush ra...@psg.com
Also, where is the reply to header?
still in the garbage, where it belongs
NANOG, being a traditional, (semi-)public, technical mailing list, has never
had a Reply-to header, and never should. I concur with the people who assert
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Tue Jul 12 11:29:29
2011
Date: Tue, 12 Jul 2011 12:22:09 -0400 (EDT)
From: Jay Ashworth j...@baylink.com
To: NANOG nanog@nanog.org
Subject: Re: Spam?
- Original Message -
From: Randy Bush ra...@psg.com
Also, where
: Andrew Kirch trel...@trelane.net
Sent: Monday, June 06, 2011 11:42 AM
To: nanog@nanog.org
Subject: [SPAM-Low] Re: (OT) Firearms Was: UN declares Internet access a
human right
nothing like 40 short and wimpy! Might I interest you in a 45? :)
On 6/6/2011 11:37 AM, Nick Olsen wrote:
Don't leave
Hi All :
How is this an operational related discussion ?
Perhaps it can be taken to more appropriate forum.
thanks
Mike
-Original Message-
From: Nick Olsen [mailto:n...@flhsi.com]
Sent: Monday, June 06, 2011 10:15 AM
To: Andrew Kirch; nanog@nanog.org
Subject: re: [SPAM-Low] Re: (OT
Hence the (OT) tag.
-Nick Olsen
From: Mike Rae mike@sjrb.ca
Sent: Monday, June 06, 2011 12:20 PM
To: nanog@nanog.org
Subject: RE: [SPAM-Low] Re: (OT) Firearms Was: UN declares Internet access
ahuman right
Hi All :
How is this an operational
Hi :
Fair enough, missed that,
Thanks
Mike
From: Nick Olsen [mailto:n...@flhsi.com]
Sent: Monday, June 06, 2011 10:22 AM
To: Mike Rae; nanog@nanog.org
Subject: RE: [SPAM-Low] Re: (OT) Firearms Was: UN declares Internet
access ahuman right
Hence the (OT) tag.
-Nick Olsen
.
thanks
Mike
-Original Message-
From: Nick Olsen [mailto:n...@flhsi.com]
Sent: Monday, June 06, 2011 10:15 AM
To: Andrew Kirch; nanog@nanog.org
Subject: re: [SPAM-Low] Re: (OT) Firearms Was: UN declares Internet
access ahuman right
I've got a 4 inch Springfield XD service model
I agree. I am a gun owner (Glock model 19, Remington semi-auto 12 ga., ...)
and staunch supporter of 2nd Amendment rights, but this is not the place to
have this discussion. To some, it will be spam messages, and to others,
whose opinions should be respected, this discussion will be very
That's as cluebie an answer as it gets.
ps: man iptables on restricting / allowing by uid.
cheers
srs
On Fri, Mar 4, 2011 at 12:21 PM, Joshua William Klubi
joshua.kl...@gmail.com wrote:
Then like Robert Suggest he should implement step 2
and it would solve his problem asap
--
Suresh
Is anyone else getting spam similar to this:
I started getting this (albeit in English) a month or two ago, and it
went away about the same time I turned on the CBL/XBL filters on
postfix. It appears it's back again.
Note, I have absolutely zero connection with baosteel.com before these
started
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Wed Mar 2 02:53:14
2011
Date: Wed, 02 Mar 2011 10:46:03 +0200
From: Peter Rudasingwa peter.rudasin...@altechstream.rw
To: nanog@nanog.org
Subject: Postfix spam
Hello,
I am being attacked by a lot of spams on my postfix box. What
Get A.S.S.P and integrate it with your postfix box, implement SPF and run
dkimproxy on your postfix box and bid spams adieu .
You would be surprised the power of ASSP . It is the best out there that kills
spam dead on arrival and departure.
Sent from my iPhone
On Mar 3, 2011, at 10:18
The headers this guy sent me offlist = what you suggest just wouldn't
work, sorry.
He most likely had a rootkit on his server that was emitting direct to MX spam.
On Fri, Mar 4, 2011 at 2:38 AM, Joshua Klubi joshua.kl...@gmail.com wrote:
Get A.S.S.P and integrate it with your postfix box
Hello,
I am being attacked by a lot of spams on my postfix box. What is the
best way to block them and fix this for good?
It is so bad some of my IPs have been black listed.
Thanks for your help.
--
Best Regards,
Peter R.
***
*
MAAWG best practices - please see http://www.maawg.org for several
best practice documents.
If your IPs are getting blacklisted - they are emitting spam.
Please email me offlist and I'll try to help you with some suggestions
On Wed, Mar 2, 2011 at 2:16 PM, Peter Rudasingwa
peter.rudasin
I saw in my mail logs tonight, a bounced spam from 'unknown[1.52.36.176]'
1/8? When did that happen?
(Yes, yes, I know; last year. Just never seen one before...)
Cheers,
-- jra
On Wed, 23 Feb 2011, Jay Ashworth wrote:
1/8? When did that happen?
For this block, end of january judging from the changed:-line below.
inetnum:1.52.0.0 - 1.52.127.255
netname:FPT-NET
country:VN
descr: IP range for FPT Broadband Service
descr: 48
On Thu, Feb 24, 2011 at 9:19 AM, Mikael Abrahamsson swm...@swm.pp.se wrote:
remarks: For spamming matters, mail to ab...@fpt.vn
aka /dev/null as far as I can see. Huge volumes of abuse from this
range and from VNPT.
If any ops from there are around please email me offlist
--srs
On 1/17/2011 6:55 PM, Raymond Dijkxhoorn wrote:
Hi!
1) The sites were already null routed. The problem is with Spamhaus'
inability to contact me prior to impacting other legitimate customers.
Null routed?
Its up!
[root@master tmp]# host www.viagra-shopping.com
www.viagra-shopping.com
Hi!
Actually, that was just a brain lapse. The domain didn't resolve at
all (misspelled?) and it returned the Cox default resolution.
Instead of looking at typo's or misspelled stuff, can you null route the
rest of the abuse reports that came in? Or should we get it added on the
SBL listing
Raymond,
All of this IP space is null routed. The customer has been served with
notice to vacate. What more are you asking for?
Best regards, Jeff
On Mon, Jan 17, 2011 at 7:35 PM, Raymond Dijkxhoorn
raym...@prolocation.net wrote:
Hi!
Actually, that was just a brain lapse. The domain didn't
Hmmm. Null routed? Lets see
http://www.apothekeosterreich.at/Home.aspx
http://www.viagra-shopping.com/Home.aspx
Do I really need to show you more?
Tom
On Jan 17, 2011, at 7:38 PM, Jeffrey Lyon wrote:
Raymond,
All of this IP space is null routed. The customer has been served with
On 18/01/2011 00:38, Jeffrey Lyon wrote:
All of this IP space is null routed. The customer has been served with
notice to vacate. What more are you asking for?
Summarising other people positions: a functional abuse desk, a less
defensive attitude when people point out serious abuse going on
I've tried taking it to Spamhaus directly on a few occasions but we
continue to get treated like crap. At least this way the public can
see that we have infact acted on the complaints.
Jeff
On Mon, Jan 17, 2011 at 8:04 PM, Nick Hilliard n...@foobar.org wrote:
On 18/01/2011 00:38, Jeffrey Lyon
Nick Hilliard wrote:
Summarising other people positions: a functional abuse desk, a less
defensive attitude when people point out serious abuse going on in your
network, and the slightest inclination to investigate really serious
crap on your network when it's brought to your attention in the
On Mon, Jan 17, 2011 at 8:32 PM, Jeffrey Lyon
jeffrey.l...@blacklotus.netwrote:
I've tried taking it to Spamhaus directly on a few occasions but we
continue to get treated like crap. At least this way the public can
see that we have infact acted on the complaints.
We have found Spamhaus to
On Mon, Jan 17, 2011 at 9:28 PM, Mark Wall ospfisi...@gmail.com wrote:
On Mon, Jan 17, 2011 at 8:32 PM, Jeffrey Lyon
jeffrey.l...@blacklotus.netwrote:
I've tried taking it to Spamhaus directly on a few occasions but we
continue to get treated like crap. At least this way the public can
see
On Jan 3, 2011, at 1:04 55PM, Ken Chase wrote:
I have two independent mailservers, and two other customers that run their own
servers, all largely unrelated infrastructures and target domains, suddenly
experiencing low levels of spam.
Total emails/day dropping from some 175,000-250,000ish
On 1/3/11 6:42 PM, Jay Farrell wrote:
I noticed a substantial drop in spam in my gmail account in recent days,
from several hundred a day to maybe a hundred. Ironically, gmail filtered
this thread to my spam folder.
Yes, I found these messages my gmail spam today, too. Lately, gmail has
been
On 1/4/11 7:10 AM, William Allen Simpson wrote:
On 1/3/11 6:42 PM, Jay Farrell wrote:
I noticed a substantial drop in spam in my gmail account in recent days,
from several hundred a day to maybe a hundred. Ironically, gmail filtered
this thread to my spam folder.
Yes, I found these messages
On Tue, Jan 4, 2011 at 18:10, Seth Mattinen se...@rollernet.us wrote:
Not being a gmail user this may be a stupid question: can't you
whitelist things in gmail? The ratio of spam/ham on NANOG is pretty good.
Yes, you can, done it a while ago as some messages were going to spam for me
also
On Tue, Jan 4, 2011 at 11:21 AM, Danijel theghost...@gmail.com wrote:
On Tue, Jan 4, 2011 at 18:10, Seth Mattinen se...@rollernet.us wrote:
Not being a gmail user this may be a stupid question: can't you
whitelist things in gmail? The ratio of spam/ham on NANOG is pretty good.
Yes, you can
I have two independent mailservers, and two other customers that run their own
servers, all largely unrelated infrastructures and target domains, suddenly
experiencing low levels of spam.
Total emails/day dropping from some 175,000-250,000ish to 50-75,000ish (legit
mail in the 2-5,000 per day
-- Original Message ---
From: Ken Chase k...@sizone.org
To: nanog@nanog.org
Sent: Mon, 3 Jan 2011 13:04:55 -0500
Subject: sudden low spam levels?
I have two independent mailservers, and two other customers that run
their own servers, all largely unrelated infrastructures
On Mon, Jan 3, 2011 at 10:04 AM, Ken Chase k...@sizone.org wrote:
I have two independent mailservers, and two other customers that run their
own
servers, all largely unrelated infrastructures and target domains, suddenly
experiencing low levels of spam.
There's definitely been a drop-off
levels of spam.
There's definitely been a drop-off in spam levels over the past week, which
comes on top of a general drop over the past few months.
According the to Symantec December 2010 State of Spam Phishing Report,
spam is reducing
http://www.spamfighter.com/News-15570-Spam-Volume
Ken Chase wrote:
I have two independent mailservers, and two other customers that run their own
servers, all largely unrelated infrastructures and target domains, suddenly
experiencing low levels of spam.
Total emails/day dropping from some 175,000-250,000ish to 50-75,000ish (legit
mail
On 04/01/11 04:04, Ken Chase wrote:
I have two independent mailservers, and two other customers that run their own
servers, all largely unrelated infrastructures and target domains, suddenly
experiencing low levels of spam.
Connection and rejection counts have been going bonkers of late for me
I noticed a substantial drop in spam in my gmail account in recent days,
from several hundred a day to maybe a hundred. Ironically, gmail filtered
this thread to my spam folder.
Cheers,
Jayfar
Well -- spammers are following the NANOG list in real-time, it seems. A few
hours after my post this afternoon, I received some spam with a correct
Subject: line for that post. I'll be happy to forward the email to anyone who
wants to analyze it or find the offender and permanently blacklist
Well -- spammers are following the NANOG list in real-time, it seems. A =
few hours after my post this afternoon, I received some spam with a =
correct Subject: line for that post. I'll be happy to forward the email =
to anyone who wants to analyze it or find the offender and permanently
Yup, same purported sender...
On Dec 7, 2010, at 6:46 40PM, Joe Greco wrote:
Well -- spammers are following the NANOG list in real-time, it seems. A =
few hours after my post this afternoon, I received some spam with a =
correct Subject: line for that post. I'll be happy to forward
--- s...@cs.columbia.edu wrote:
From: Steven Bellovin s...@cs.columbia.edu
Yup, same purported sender...
From what company? So we don't make the mistake of buying from them.
scott
From: Scott Weeks sur...@mauigateway.com
From: Steven Bellovin s...@cs.columbia.edu
Yup, same purported sender...
From what company? So we don't make the mistake of buying from them.
--
Never mind, I got one too.
same, sent via yahoomail webmail (I think):
srcaddr: 173.208.103.211
On Tue, Dec 7, 2010 at 8:46 PM, Scott Weeks sur...@mauigateway.com wrote:
--- s...@cs.columbia.edu wrote:
From: Steven Bellovin s...@cs.columbia.edu
Yup, same purported sender...
All
Taken care of (at least for the @yahoo address I received the spam from).
Chris and Steven, mind fwd'ing the problem emails to adm...@nanog.org?
Kris
On Dec 7, 2010, at 6:19 PM, Christopher Morrow wrote:
same, sent via yahoomail webmail (I think):
srcaddr: 173.208.103.211
On Tue, Dec
I have been seeing targeted spam for a while now - typically from someone
with my last name and a random first name,
and a familiar subject line.
Just wait until they start using the _text_ from open mail lists as well.
Regards
Marshall
On Dec 7, 2010, at 6:46 PM, Joe Greco wrote:
Well
, Marshall Eubanks t...@americafree.tvwrote:
I have been seeing targeted spam for a while now - typically from someone
with my last name and a random first name,
and a familiar subject line.
Just wait until they start using the _text_ from open mail lists as well.
Regards
Marshall
In message aanlktikaibkwc3r2ijkhpyhb=i+acyn_ht7jgthth...@mail.gmail.com,
Ryan Hayes ryguill...@gmail.com wrote:
Can you please not use the word retarded in a pejorative sense?
Obviously not a Colbert fan.
http://www.huffingtonpost.com/2010/02/09/colbert-sarah-palin-is-a_n_454744.html
Ignoring the irony, you could signup with Microsoft's spam filtering service
(formerly frontbridge) or postini (now google) and use them as outbound
relays.
They will do outbound relay, with attendant spam filtering and increases in
deliverability. That means a lot more people will accept your
of our OSS/BSS mail is getting spam filtered by Google. Among
others, these e-mails include invoices, order confirmations, payment
notifications, customer portal logins, and tickets. Almost anything we send
to customers on Google ends up in their spam folder. This results in a lot of
calls
We have proper A+PTR records on the edge MTAs, proper SPF records for
the originating domain, proper Return-Path and other headers, and so
on. There isn't anything that I can think of other than the content
itself which would be abnormal, and obviously the content is
repetitive and can't be
Erik L wrote:
Received-SPF: pass ...
Authentication-Results: mx.google.com; spf=pass ...
So the problem is unlikely to be a SPF issue, as mentioned in my first e-mail.
http://david.woodhou.se/why-not-spf.html
The lack of SPF records should never be the reason to block an email.
It's about
Have you tried DKIM signing? All email sent from Gmail is DKIM signed,
so they probably also support checking it and a valid signature may
lower your spam score.
DKIM is definitively a must have for gmail.
At least this isn't Hotmail where mail is just silently deleted with no NDR
after it's
been blacklisted. I can send an identical message from the same MTA,
changing only the From header, and it will be delivered to Inbox. Only when the
From header contains @caneris.com will the message be delivered to spam. Any
changes to the MTA IP, content, headers, etc. don't have any effect
such records.
- Original Message -
From: Jeroen van Aart jer...@mompl.net
To: nanog nanog@nanog.org
Sent: Wednesday, September 29, 2010 2:11:43 PM
Subject: Re: What must one do to avoid Gmail's retarded non-spam filtering?
Erik L wrote:
Received-SPF: pass ...
Authentication-Results
at this point is that the
domain has been blacklisted. I can send an identical message from the same
MTA, changing only the From header, and it will be delivered to Inbox. Only
when the From header contains @caneris.com will the message be delivered to
spam. Any changes to the MTA IP
On 09/29/2010 12:05 AM, Erik L wrote:
Google appears to have blacklisted our domain. From the edge MTA, I
sent three messages, differing only in the From header: 1. valid
email @klssys.com 2. valid email @caneris.com 3. abc...@caneris.com
1 not spam; 2 3 spam
Ok, so its the domain
-Ursprüngliche Nachricht-
Von: John R. Levine [mailto:jo...@iecc.com]
Gesendet: Mittwoch, 29. September 2010 21:49
An: Erik L
Cc: nanog@nanog.org
Betreff: Re: What must one do to avoid Gmail's retarded non-spam filtering?
As I mentioned in my follow-up post, the issue at this point
Message -
From: Joe Sniderman joseph.snider...@thoroquel.org
To: nanog@nanog.org
Sent: Wednesday, September 29, 2010 3:29:10 PM
Subject: Re: What must one do to avoid Gmail's retarded non-spam filtering?
On 09/29/2010 12:05 AM, Erik L wrote:
Google appears to have blacklisted our domain. From
No
- Original Message -
From: Seth Mattinen se...@rollernet.us
To: nanog@nanog.org
Sent: Wednesday, September 29, 2010 2:51:49 PM
Subject: Re: What must one do to avoid Gmail's retarded non-spam filtering?
On 9/29/2010 11:48, Erik L wrote:
Thanks John. This was a common question
.
An increasingly large number of our customers are using Gmail or Google Apps
and almost all of our OSS/BSS mail is getting spam filtered by Google. Among
others, these e-mails include invoices, order confirmations, payment
notifications, customer portal logins, and tickets. Almost anything we
On Sep 29, 2010, at 4:08 PM, Ryan Hayes wrote:
Can you please not use the word retarded in a pejorative sense?
The word please is probably not required, since using that word in this
manner is prosecutable hate speech in some jurisdictions.
Le mercredi 29 septembre 2010 à 16:31 -0500, Daniel Seagraves a écrit :
On Sep 29, 2010, at 4:08 PM, Ryan Hayes wrote:
Can you please not use the word retarded in a pejorative sense?
The word please is probably not required, since using that word in this
manner is prosecutable hate
On Sep 29, 2010, at 2:31 PM, Daniel Seagraves wrote:
On Sep 29, 2010, at 4:08 PM, Ryan Hayes wrote:
Can you please not use the word retarded in a pejorative sense?
The word please is probably not required, since using that word in
this manner is prosecutable hate speech in some
I realize that this is somewhat OT, but I'm sure that others on the list
encounter the same issues and that at least some folks might have useful
comments.
An increasingly large number of our customers are using Gmail or Google Apps
and almost all of our OSS/BSS mail is getting spam filtered
On Tue, Sep 28, 2010 at 4:15 PM, Erik L erik_l...@caneris.com wrote:
An increasingly large number of our customers are using
Gmail or Google Apps and almost all of our OSS/BSS mail
is getting spam filtered by Google. Among others, these
e-mails include invoices, order confirmations, payment
Hi,
Have you checked the IronPort reputation scores for your mailserver IPs?
Google uses this data as part of it's spam detection method.
William
On Tue, 2010-09-28 at 16:15 -0400, Erik L wrote:
I realize that this is somewhat OT, but I'm sure that others on the list
encounter the same
end up in spam as well.
I created a new mailbox under a Google Apps domain and sent it one of the
typical messages. It went into spam. I also ran the same message through
SpamAssassin as per your suggestion and it came out clean.
A test message sent directly from the same edge MTA but with a From
, September 28, 2010 6:06:49 PM
Subject: Re: What must one do to avoid Gmail's retarded non-spam filtering?
Hi,
Have you checked the IronPort reputation scores for your mailserver IPs?
Google uses this data as part of it's spam detection method.
William
On Tue, 2010-09-28 at 16:15 -0400, Erik L
On Tue, 04 May 2010 19:38:15 CDT, Jorge Amodio said:
Are spammers getting smarter ? or users getting dumber ?
http://uxmag.com/short-news/these-are-your-users-read-and-be-horrified
Remember that statistically speaking, roughly half of all people are below
average on the IQ bell curve. A
this is obviously no news and the attachment as you all probably know
is a trojan executable.
The interesting part and kind of a test to determine who is more
stupid, the one sending the message or the one opening and executing
the attachment, the message is supposedly sent by UPS but signed as
On 02/22/2010 12:11 AM, Tarig Y. Adam wrote:
Hi
Messages we send from our mail sever always received at SPAM box in many
Public Mail servers like hotmail, yahoo, and gmail. We made a revers dns
lookup, and there is no spamming from our server, still messages go to junk.
how to solve
On 2/22/2010 4:09 AM, Raoul Bhatia [IPAX] wrote:
On 02/22/2010 12:11 AM, Tarig Y. Adam wrote:
Hi
Messages we send from our mail sever always received at SPAM box in many
Public Mail servers like hotmail, yahoo, and gmail. We made a revers dns
lookup, and there is no spamming from our
Hi
Messages we send from our mail sever always received at SPAM box in many Public
Mail servers like hotmail, yahoo, and gmail. We made a revers dns lookup, and
there is no spamming from our server, still messages go to junk.
how to solve this.
thanx
This message may contain confidential
You should head over to the mail groups and ask this, more on topic there.
Sent via BlackBerry from T-Mobile
At least this is new for me...
I host scvrs.org on one of my servers, and, it does not have any outlook or owa
services. For some reason, someone decided to try and send this message
out to various internet recipients:
Dear user of the scvrs.org mailing service!
We are informing you that
I host scvrs.org on one of my servers, and, it does not have any outlook or
owa
services. For some reason, someone decided to try and send this message
out to various internet recipients:
...
Anyone seen this before? Any good techniques for combatting it?
If you look more closely at the
...@delong.com]
Sent: Friday, January 08, 2010 1:22 PM
To: Nanog list
Subject: New SPAM DOS
At least this is new for me...
I host scvrs.org on one of my servers, and, it does not have any outlook or
owa
services. For some reason, someone decided to try and send this message
out to various internet
: Shane Ronan [mailto:sro...@fattoc.com]
Sent: Friday, January 08, 2010 12:34 PM
To: Owen DeLong
Cc: Nanog list
Subject: Re: New SPAM DOS
I recently started receiving these as well for my domain.
Would appreciate anyone's input on what the deal is.
On Jan 8, 2010, at 2:22 PM, Owen
It's a phish people.
I've received several of these for zimmy.co.uk, they lasted about a
week, then they stopped. I would suggest waiting this out, if after a
week or two they haven't ceased then I would suggest contacting the ISP
from where these EMails are originating.
As for the blacklisting
the
sites
they are hoping to protect when they start treating the initial advertised
URL as
being the spam advertised site.
Owen
On Jan 8, 2010, at 11:39 AM, sth...@nethelp.no wrote:
I host scvrs.org on one of my servers, and, it does not have any outlook or
owa
services. For some reason
regards, nosoliciting.dirtside.com Technical S=
upport.brbrMessage ID#MK8S99OOMIEPVRAZDVIG4/font/p
And yes, we're all getting a crapload of these but most die in the
spam filter so we never see them. The message I quoted from achieved a
spam-assassin score of 26.
Regards,
Bill
--
William D
forwards to a single .net which lists their mailing
address
as a PO box an single link to an unsubscribe field.
Classic snowshoe spam setup, probably a professional snowshoe spam
outfit known to Spamhaus as 'Tactara' and 'Webzero'.
Snowshoe spam operations operate by contacting ISP pretending
On Wed, Nov 25, 2009 at 09:25:27AM -0800, Michael Peddemors wrote:
I here people saying that they don't publish whois information because they
don't want the email's made public. Okay, at least the registered company
name, or individual who presented the ID should be there.
Without
Not to keep endlessly on this thread, but again with reference to good whois
record keeping and bad..
64.21.87.136: mx2.yvzus.com
64.21.87.141: mx3.xmabs.com
64.21.87.168: mx5.zgows.com
64.21.87.170: mx5.zntas.com
GOOD We know the activity is probably limited to:
Found a referral to
BusinessB. CustomerA seem to retain BusinessC for IT Solutions even
though all three entities purport to be IT solutions providers.
BusinessC came into the picture after the spamming started saying a wholly
different /24 (Different from the spam source) doesn't work. It routes
fine on our end. I
On Tue, Nov 24, 2009 at 10:22:36PM -0500, Russell Myba wrote:
Looks like of our customers has decided to turn their /24 into a nice little
space spewing machine. Doesn't seem like just one compromised host.
1. This is possibly/probably better on spam-l.
2. This is a very common operational
Hi Richard,
I am late to this dicussion. So I don't have a full understanding of the
context or history of this debate.
It is clear to many of us that Telcos lost the content wars and this is their
way of trying to get a slice of the content providers (Google, Microsoft, etc.)
add revenues.
Russell,
My personal inclination would be to look for what legit entities are
provisioning them with critical resources and what margins they appear
to be paying.
For DNS resources, the domains, to identify registry preference,
probably a simple volume correlation, and the registrars, which
on spam-l.
2. This is a very common operational model. Any number of spamgangs
have been busy doing this with multiple /24's scattered over numerous
providers in order to distribute the workload and minimize the impact
of any takedown.
One of them actually patented it. Further proof that you can
On Wed, Nov 25, 2009 at 2:17 AM, Paul Ferguson fergdawgs...@gmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Nov 24, 2009 at 10:55 PM, Michael Peddemors
mich...@linuxmagic.com wrote:
Depends on the activity, but this re-iterates the importance of
maintaining correct
Could you elaborate on what constitutes correct swip information?
Sure, you just opened the door to my opinions on this :)
-- WRONG --
OrgName:FortressITX
OrgID: FORTR-5
Address:100 Delawanna Ave
City: Clifton
StateProv: NJ
PostalCode:
On Wed, 25 Nov 2009 09:25:27 -0800
Michael Peddemors mich...@linuxmagic.com wrote:
Could you elaborate on what constitutes correct swip information?
Sure, you just opened the door to my opinions on this :)
hmmm - odd that the 2 you chose to show as wrong, both feature highly
in my
501 - 600 of 783 matches
Mail list logo