QUOTE
Dear Sir or Madam,
the user was identified by us. We passed the necessary information on to the provider responsible for this user.
Fa. 1&1 Internet AG
Herrn Uwira
Tel.: 02602/96-0
security-team@einsundeins.com
With further questions to this affair you turn please directly to the responsible provider.
Kind regards
Security Team
Deutsche Telekom AG
T-Com, Technische Infrastruktur Niederlassung Ueberregional Network Configuration Center (NCC) Projects, Processes and Security
Tel.: 0 18 05 / 33 43 32
Fax: 0 18 05 / 33 42 52
mailto:abuse@t-ipnet.de
the user was identified by us. We passed the necessary information on to the provider responsible for this user.
Fa. 1&1 Internet AG
Herrn Uwira
Tel.: 02602/96-0
security-team@einsundeins.com
With further questions to this affair you turn please directly to the responsible provider.
Kind regards
Security Team
Deutsche Telekom AG
T-Com, Technische Infrastruktur Niederlassung Ueberregional Network Configuration Center (NCC) Projects, Processes and Security
Tel.: 0 18 05 / 33 43 32
Fax: 0 18 05 / 33 42 52
mailto:abuse@t-ipnet.de
Here's the relevant part of the SpamX log:
QUOTE
Processing spam: Audrey
80.136.220.216 Is Listed In Internet Lookups
Received Answer
Evaluating Answer For 80.136.220.216
Referred To RIPE Network Coordination Centre
Received Answer
Evaluating Answer For 80.136.220.216
Finding Domains
Found Domain T-IPNET.DE
Found Domain NIC.DTAG.DE
Found Domain TE142.T-COM.XX
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
ABUSE@T-IPNET.DE
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
POSTMASTER@DTAG.DE Is In 'Do Not Send List'
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
Finished With 80.136.220.216
Spammer Successfully Reported!
80.136.220.216 Is Listed In Internet Lookups
Received Answer
Evaluating Answer For 80.136.220.216
Referred To RIPE Network Coordination Centre
Received Answer
Evaluating Answer For 80.136.220.216
Finding Domains
Found Domain T-IPNET.DE
Found Domain NIC.DTAG.DE
Found Domain TE142.T-COM.XX
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
ABUSE@T-IPNET.DE
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
POSTMASTER@DTAG.DE Is In 'Do Not Send List'
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
Finished With 80.136.220.216
Spammer Successfully Reported!
RIPE search gets:
QUOTE
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 80.128.0.0 - 80.146.159.255
netname: DTAG-DIAL16
descr: Deutsche Telekom AG
country: DE
admin-c: DTIP
tech-c: DTST
status: ASSIGNED PA
remarks: ************************************************************
remarks: * ABUSE CONTACT: abuse@t-ipnet.de IN CASE OF HACK ATTACKS, *
remarks: * ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. *
remarks: ************************************************************
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20010807
changed: ripe.dtip@telekom.de 20030211
source: RIPE
route: 80.128.0.0/11
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
changed: bp@nic.dtag.de 20010807
source: RIPE
changed: rv@TE142.T-COM.XX 20040615
person: DTAG Global IP-Addressing
address: Deutsche Telekom AG
address: D-90492 Nuernberg
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: ripe.dtip@telekom.de
nic-hdl: DTIP
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20031013
source: RIPE
person: Security Team
address: Deutsche Telekom AG
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: abuse@t-ipnet.de
nic-hdl: DTST
mnt-by: DTAG-NIC
changed: abuse@t-ipnet.de 20030210
source: RIPE
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 80.128.0.0 - 80.146.159.255
netname: DTAG-DIAL16
descr: Deutsche Telekom AG
country: DE
admin-c: DTIP
tech-c: DTST
status: ASSIGNED PA
remarks: ************************************************************
remarks: * ABUSE CONTACT: abuse@t-ipnet.de IN CASE OF HACK ATTACKS, *
remarks: * ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. *
remarks: ************************************************************
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20010807
changed: ripe.dtip@telekom.de 20030211
source: RIPE
route: 80.128.0.0/11
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
changed: bp@nic.dtag.de 20010807
source: RIPE
changed: rv@TE142.T-COM.XX 20040615
person: DTAG Global IP-Addressing
address: Deutsche Telekom AG
address: D-90492 Nuernberg
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: ripe.dtip@telekom.de
nic-hdl: DTIP
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20031013
source: RIPE
person: Security Team
address: Deutsche Telekom AG
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: abuse@t-ipnet.de
nic-hdl: DTST
mnt-by: DTAG-NIC
changed: abuse@t-ipnet.de 20030210
source: RIPE
Then, from Abuse.net:
QUOTE
abuse@t-ipnet.de (for t-ipnet.de)
abuse@t-ipnet.de (for telekom.de)
abuse@t-ipnet.de (for telekom.de)
And from InterNIC
[quote]Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: EINSUNDEINS.COM
Registrar: SCHLUND+PARTNER AG
Whois Server: whois.schlund.info
Referral URL: http://registrar.schlund.info
Name Server: NSA.SCHLUND.DE
Name Server: NSA2.SCHLUND.DE
Status: REGISTRAR-LOCK
Updated Date: 24-nov-2003
Creation Date: 23-nov-1999
Expiration Date: 23-nov-2004
QUOTE
abuse@online.de (for einsundeins.com)
There's no smoking gun here, but one has to go awaayy downstream from t-ipnet.de to einsundeins.com, and there's no clear connection between the abuse report address from Abuse.net and the WHOIS info.
It also strikes me as odd that, while they claim to pass on the complaints, I never hear from the downstream provider. Maybe I'm just cynical. If I am, I got that way for a reason.
