This is great! Thanks for your detailed analysis. I had looked up Graphica in the IP Address Index but, of course, found no contact info for them. I'll get right on it. Thanks again, Jed My favorite person, Global Homes Webmaster, wrote this: > On 09/14/01 at 10:33, Jed Verity wrote: > >> Hello All, >> >> Normally, I send an email to the ISP of a spammer to try to get them to take >> action. Recently, I've been receiving international spam for which I can't >> locate the ISP. Does anyone have suggestions for how to handle this? (That >> is, on a larger scale than blackholing the domain...) >> >> SPAM follows... >> >> Return-Path: [EMAIL PROTECTED] >> Received: from [207.59.62.41] (HELO cluster2.Cluster.Local) >> by fentonwest.com (Stalker SMTP Server 1.8b9d9) >> with ESMTP id S.0000210331 for <[EMAIL PROTECTED]>; Fri, 14 Sep 2001 >> 10:21:43 -0700 > > I usually start with a reverse DNS lookup of the IP address in the top > 'Received:' header (i.e., the machine that transmitted the message to your > server). That's really the only address in the message headers that you can > count on to be real. In your example message, that address is 207.59.62.41. In > this case, there's no reverse DNS for it (no big surprise), so move on to a > whois lookup from whois.arin.net: > > % whois -h whois.arin.net 207.59.62.41 > Interpath Communications, Inc. (NETBLK-INTERPATH-BLK-2) INTERPATH-BLK-2 > 207.59.0.0 - 207.59.255.255 > Graphica Inc. (NETBLK-INTERPATH-251) INTERPATH-251 207.59.62.32 - 207.59.62.63 > > > And then another lookup for the smaller (Graphica Inc.) block: > > % whois -h whois.arin.net \!NETBLK-INTERPATH-251 > Graphica Inc. (NETBLK-INTERPATH-251) > 306 East Market St. > Greensboro, NC 27401 > US > > Netname: INTERPATH-251 > Netblock: 207.59.62.32 - 207.59.62.63 > > Coordinator: > Interpath Communications, Inc. (INTP-HM-ARIN) [EMAIL PROTECTED] > (800) 890-6305 > > Record last updated on 22-Jul-1998. > Database last updated on 13-Sep-2001 23:32:09 EDT. > > So the address we're interested in belongs to a block (207.59.62.32 - > 207.59.62.63) that's assigned to Graphica Inc. in Greensboro NC, and their > network provider is Interpath Communications, Inc. (Interpath is at least > responsible for the IP block). You can send your e-mail to the contact address > shown for Interpath Communications ([EMAIL PROTECTED]), or you can use > the listed 800 number. Graphica Inc. is more directly responsible for the > address, so you might want to try to contact them first. > > If there had been reverse DNS for the IP address, we could have done a whois > lookup on the domain name. Also, since this particular address is in North > America, whois.arin.net has a record for it. If it had not been an American > (i.e. North or South America) address, whois.arin.net would have directed us > to either whois.ripe.net (Europe) or whois.apnic.net (Asia-Pacific). > > Christopher Bort | [EMAIL PROTECTED] > Webmaster, Global Homes | [EMAIL PROTECTED] > <http://www.globalhomes.com/> | PGP public key available on request > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[EMAIL PROTECTED]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
