"This Message was undeliverable due to the following reason:
Your message was not delivered because the return address was refused.
The return address was "<my email address@xxxxx.net>"

Please reply to <Postmaster@xxxxx.net>
if you feel this message to be in error."

--===========================
"Final-Recipient: RFC822; <abuse@maxonline.com.sg>
Action: failed
Status: 5.1.1
Remote-MTA: dns; mxcm.scvmaxonline.com.sg (202.156.1.88)
Diagnostic-Code: smtp; 550 5.0.0 Stop Spamming.You are being monitored!"

*************************

I sent an email to abuse@maxonline.com.sg explaining that I was NOT spamming, but merely reporting the spam that came from their domain, and I got the same bounce.
In addition, their bounces got flagged by POPmonitor as having the "My Doom" virus.


Has anyone else have to deal with maxonline's stupidity?

If you google "maxonline" you'll find that they're a division of Jeeves. Depending on how annoyed you are.....if I was sufficiently annoyed, I'd track down an email address at Jeeves for someone in management and complain to them about both the original spam as well as the reply you got from them.

Thanks. I think that may be a different maxonline since the one with the spam has an ".sg"
It maybe from StarHub Cable Vision Ltd, but I need to double check.

202.156.1.88 resolves to:

so I guess abuse@starhub is your next point of complaint!

Thanks

I'm not sure whether or not to send them a complaint at the moment. Maybe I'll wait until I get another similar bounce. Any suggestions? Should I just send them an email now?

What I did not like at all was that apparently they were sending me a virus (My Doom).

As I said on another post, I've been getting bounces with viruses attached. My AV check says my system is clean so that only leaves their's that is compromised. How that can happen to an ISP is rather alarming. I'd suggest you send your complaint with a note informing them that their message carried a virus. Hard as it is to imagine, they may not be aware of it %-(

Eddie

I have had a lot of these "Stop Spamming.You are being monitored!" responses over the last couple of months. Most recent one was Fri, 27 May 2005 08:11:28 +0930 (CST). Like you, I have replied explaining that I have been trying to send spam reports and got the same response.

So several times I have checked the APNIC whois record for the IP address and every time the record has been for starhub.com, not maxonline.com.sg. I have informed Jeff about this as it seemed strange, and he tells me that his DNS resolves this address to maxonline.com.sg. So it seems that Jeff (and presumably Sp@mX) are looking up a different information source from me, and hence getting a different domain as the result. Jeff hasn't taken this issue any further and I don't know how to properly resolve this problem.

Therefore I have adopted this workaround. For each bounce from abuse@maxonline.com.sg, I check the IP adress again, get starhub.com as the domain, and forward the bounced report to abuse@starhub.com after editing out the error and session transcript details. abuse@starhub.com always send a polite automated reply, so hopefully they are dealing with my reports. It's a bit of a nuisance to have to send these reports manually, but it's the best I can do.

Peter

Just to help out with the tracing of this...

Sp@mX will verify a domain name using the IP address.

Then using the domain name it will look to abuse.net for the abuse contact information as it's preferred source of information.

If it doesn't find an entry, then it will use the contact information in the RIR.

If you apply this same trace technique, you should produce the same result produced by Sp@mX. If you are not, then it would be helpful to post a sample of an IP address, who your DNS thinks this address belongs to, and, using the method described above, the contact information.

I have deleted their spam, but from what I can tell and Tifferg and Peter have already mentioned it, STARHUB CABLE VISION LTD seems to be the owner of the domain maxonline.com.sg

From abuse.net we get these addresses:
postmaster@maxonline.com.sg
abuse@maxonline.com.sg

From APNIC I get @starhub.com addresses, but it does not say whether they are for reporting spam.

If I get another bounce from maxonline, I'll forward it to starhub as Peter is doing, and explain what has been going on. Perhaps they have some automated procedure that needs revising.

Here my most recent example.

From cddp@mymail.ph Thu May 26 21:26:18 2005
Received: from cm129.gamma40.maxonline.com.sg (unverified [202.156.40.129])
by mail.internode.on.net (SurgeMail 3.1c) with ESMTP id 160761983
for multiple; Thu, 26 May 2005 21:21:20 +0930 (CST)
Return-Path: <cddp@mymail.ph>
Delivered-To: cddp@mymail.ph
Received: by fabian (Wostfix)
id B58C1148629; Thu, 26 May 2005 13:44:40 +0100
Date: Thu, 26 May 2005 07:41:40 -0500
From: "Jolene Hopkins" <cddp@mymail.ph>
Message-ID: <305z7fzlsc.fsf@calle81.net>
To: *a*@adelaide.on.net, *b*@adelaide.on.net, *c*@adelaide.on.net, *d*@adelaide.on.net, *e*@adelaide.on.net, *f*@adelaide.on.net, *g*@adelaide.on.net
Subject: Millions
X-Mailer: Mulberry/2.1.2 (Win32)
X-Rcpt-To: <*e*@adelaide.on.net>
X-Vpipe: Scanner said clean (/usr/local/clamav/sbin/vscand-nclamd)
X-IP-stats: Incoming Last 0, First 0, in=3, out=0, spam=0
X-External-IP: 202.156.40.129
Status: U
X-UIDL: 1117108284.17489_50119.bld-mail02
< snip >

Sp@mX has added this:

email item - msg4.txt - 27/5/05 - 8:11:27

spam source - maxonline.com.sg, IP = 202.156.40.129
abuse contact - abuse@maxonline.com.sg

and sent reports to abuse@maxonline.com.sg, SPAM@UCE.GOV, REPORTINGSPAM@ACA.GOV.AU (the last two addresses are my CC:s).

When I check the IP Address 202.156.40.129 at <http://www.apnic.net/apnic-bin/whois.pl>, I get this record.

inetnum: 202.156.0.0 - 202.156.95.255
netname: SGCABLVISION-SG
descr: StarHub Cable Vision Ltd
descr: SINGAPORE CABLE NETWORK PROVIDER
country: SG
admin-c: FK6-AP
tech-c: FK6-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-SG-SCV
changed: hostmaster@apnic.net 19990929
changed: apnic-dbm@apnic.net 20000905
changed: hm-changed@apnic.net 20030728
changed: hm-changed@apnic.net 20030729
status: ALLOCATED PORTABLE
source: APNIC
person: CHAN FANG KHOON
address: StarHub Cable Vision Ltd
address: 2D Ayer Rajah Crescent
address: Singapore 139938
country: SG
phone: +65-65862903
fax-no: +65-68726204
e-mail: abuse@starhub.com
nic-hdl: FK6-AP
mnt-by: SCV-FKCHAN
changed: serene@starhub.com 20030103
source: APNIC

If I use Apple Network Utility's Whois, it returns the same record.

Then checking <http://www.abuse.net/lookup.phtml> for domain starhub.com, I get this:

abuse@starhub.com (for starhub.com)

Hope this helps

Peter

I got no abuse information using my regular Whois page, but found this through Ripe.net, consistent with Peter's query:

"% Information related to '202.156.0.0 - 202.156.95.255'

inetnum: 202.156.0.0 - 202.156.95.255
netname: SGCABLVISION-SG
descr: StarHub Cable Vision Ltd
descr: SINGAPORE CABLE NETWORK PROVIDER
country: SG
admin-c: FK6-AP
tech-c: FK6-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-SG-SCV
source: APNIC # Filtered

person: CHAN FANG KHOON
address: StarHub Cable Vision Ltd
address: 2D Ayer Rajah Crescent
address: Singapore 139938
country: SG
phone: +65-65862903
fax-no: +65-68726204
e-mail: abuse@starhub.com
nic-hdl: FK6-AP
mnt-by: SCV-FKCHAN
source: APNIC # Filtered"

(I added the bold format.)

As in my WHOIS info, it clearly shows abuse@starhub.com as the complaint address for maxonline.sg so something is not happening correctly in Sp@mX Jeff. I got the same result using SmartWhoIs and the whois facility in VisualRoute.

Good news that Starhub have at least acknowledged receipt of the complaint. Let's hope it does lead somewhere positive.