On 09/14/01 at 10:33, Jed Verity wrote:
> Hello All,
>
> Normally, I send an email to the ISP of a spammer to try to get them to take
> action. Recently, I've been receiving international spam for which I can't
> locate the ISP. Does anyone have suggestions for how to handle this? (That
> is, on a larger scale than blackholing the domain...)
>
> SPAM follows...
>
> Return-Path: [EMAIL PROTECTED]
> Received: from [207.59.62.41] (HELO cluster2.Cluster.Local)
> by fentonwest.com (Stalker SMTP Server 1.8b9d9)
> with ESMTP id S.0000210331 for <[EMAIL PROTECTED]>; Fri, 14 Sep 2001
> 10:21:43 -0700
I usually start with a reverse DNS lookup of the IP address in the top
'Received:' header (i.e., the machine that transmitted the message to your
server). That's really the only address in the message headers that you can
count on to be real. In your example message, that address is 207.59.62.41. In
this case, there's no reverse DNS for it (no big surprise), so move on to a
whois lookup from whois.arin.net:
% whois -h whois.arin.net 207.59.62.41
Interpath Communications, Inc. (NETBLK-INTERPATH-BLK-2) INTERPATH-BLK-2
207.59.0.0 - 207.59.255.255
Graphica Inc. (NETBLK-INTERPATH-251) INTERPATH-251 207.59.62.32 - 207.59.62.63
And then another lookup for the smaller (Graphica Inc.) block:
% whois -h whois.arin.net \!NETBLK-INTERPATH-251
Graphica Inc. (NETBLK-INTERPATH-251)
306 East Market St.
Greensboro, NC 27401
US
Netname: INTERPATH-251
Netblock: 207.59.62.32 - 207.59.62.63
Coordinator:
Interpath Communications, Inc. (INTP-HM-ARIN) [EMAIL PROTECTED]
(800) 890-6305
Record last updated on 22-Jul-1998.
Database last updated on 13-Sep-2001 23:32:09 EDT.
So the address we're interested in belongs to a block (207.59.62.32 -
207.59.62.63) that's assigned to Graphica Inc. in Greensboro NC, and their
network provider is Interpath Communications, Inc. (Interpath is at least
responsible for the IP block). You can send your e-mail to the contact address
shown for Interpath Communications ([EMAIL PROTECTED]), or you can use
the listed 800 number. Graphica Inc. is more directly responsible for the
address, so you might want to try to contact them first.
If there had been reverse DNS for the IP address, we could have done a whois
lookup on the domain name. Also, since this particular address is in North
America, whois.arin.net has a record for it. If it had not been an American
(i.e. North or South America) address, whois.arin.net would have directed us
to either whois.ripe.net (Europe) or whois.apnic.net (Asia-Pacific).
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/> | PGP public key available on request
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
