Help - Search - Members - Calendar
Full Version: Still something amiss
hsc message board > Main > hsc Software Support
Codger
Jul 7 2004, 12:58 PM
I got a polite letter from SBCYahoo informing me that they were not the ISP of the spammer. When I checked ARIN WHOIS, I found they were right.

Here's the relevant information:

QUOTE
SMTP Info Start ====================================

Received: from adsl-68-248-189-93.dsl.klmzmi.ameritech.net
([68.248.189.93])
          by sccrmxc14.comcast.net (sccrmxc14) with SMTP
          id <20040705022539s140009vsde>; Mon, 5 Jul 2004 02:25:45 +0000
X-Originating-IP: [68.248.189.93]
X-Message-Info: xij80GZ265903XM3VcoClKJ98rVWM55adMqmBAZ42DAE2
Received: from mail pickup service by 68.248.189.93 with Microsoft SMTPSVC;
  Mon, 05 Jul 2004 17:44:02 -0200
Content-Class: urn:content-classes:message
Reply-To: "Isidro Rodrigues" <lbolet@hotmail.com>
From: "Isidro Rodrigues" <hxilshfg@hotmail.com>
To: "Madmonk" <madmonk@attbi.com>
Subject:    bigger in a couple days...
Date: Mon, 05 Jul 2004 22:40:02 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--0629673830552833"


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=Windows-1252"> <META NAME="Generator" CONTENT="MS Exchange Server version 6.0.4630.0"> <TITLE></TITLE> </HEAD> <BODY>
<!-- Converted from text/plain format -->


Here is Spamx's log:

QUOTE
Processing bigger in a couple days...
68.248.189.93 Is Listed In Internet Lookups
Received Answer
Evaluating Answer For 68.248.189.93
Received Net Block Answer NET-68-248-188-0-1
Received Answer
Evaluating Answer For NET-68-248-188-0-1
Finding Domains
Found Domain SWBELL.NET
Found Domain SBCIS.SBC.COM
Found Domain AMERITECH.NET
Found Domain SBIS.SBC.COM
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
ABUSE@SWBELL.NET
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
SBC-ABUSE@SBC.COM
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
ABUSE@SBCGLOBAL.NET
ABUSE@AMERITECH.NET
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
Finished With NET-68-248-188-0-1
Spammer Successfully Reported!
Deleting bigger in a couple days...


Here's the ARIN output:

QUOTE
  Search results for: 68.248.189.93

Ameritech Electronic Commerce SBCIS-AMER-100902 (NET-68-248-0-0-1)
                                  68.248.0.0 - 68.255.255.255
PPPoX Pool - Rback4 KLMZMI SBC068248188000030917 (NET-68-248-188-0-1)
                                  68.248.188.0 - 68.248.191.255

# ARIN WHOIS database, last updated 2004-07-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


And:

QUOTE
  Search results for: ! NET-68-248-188-0-1


CustName:  PPPoX Pool - Rback4 KLMZMI
Address:    2701 W 15th ST PMB 236
City:      Plano
StateProv:  TX
PostalCode: 75075
Country:    US
RegDate:    2003-09-22
Updated:    2003-09-22

NetRange:  68.248.188.0 - 68.248.191.255
CIDR:      68.248.188.0/22
NetName:    SBC068248188000030917
NetHandle:  NET-68-248-188-0-1
Parent:    NET-68-248-0-0-1
NetType:    Reassigned
Comment:    For Policy Abuse issues, contact: abuse@swbell.net
Comment:    For Technical issues, contact: noc@swbell.net
RegDate:    2003-09-22
Updated:    2003-09-22

TechHandle: IPADM3-ARIN
TechName:  IPAdmin-Ameritech
TechPhone:  +1-877-722-3755
TechEmail:  IPAdmin-Ameritech@sbis.sbc.com

OrgAbuseHandle: ABUSE7-ARIN
OrgAbuseName:  abuse
OrgAbusePhone:  +1-877-722-3755
OrgAbuseEmail:  abuse@ameritech.net

OrgNOCHandle: SUPPO-ARIN
OrgNOCName:  Support - Southwestern Bell Internet Services
OrgNOCPhone:  +1-877-722-3755
OrgNOCEmail:  support@swbell.net

OrgTechHandle: IPADM4-ARIN
OrgTechName:  IPAdmin-Ameritech
OrgTechPhone:  +1-877-722-3755
OrgTechEmail:  IPAdmin-Ameritech@sbis.sbc.com

# ARIN WHOIS database, last updated 2004-07-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


It looks as though SpamX is taking all the domain names from the ARIN results page, not just the abuse address. Since this is a reassigned pool, there seem to be several upstream domains, but really only one, maybe two relevant ones:

QUOTE
For Policy Abuse issues, contact: abuse@swbell.net and OrgAbuseEmail:  abuse@ameritech.net
Jeff Hendrickson
Jul 7 2004, 11:24 PM
Hi Codger,

Thanks for this feedback.

I've seen this myself, and have looked into this.

According to my SpamX run -

abuse@sbcglobal.net
abuse@ameritech.net

- would be the abuse addresses based on the header you supplied. I believe you got the same result according to your log.

I believe these are the correct addresses. I've sent responses to these folks asking about this, and received the same automated response I got when I sent in the spam complaint. I don't believe that the complaints sent to these domains are actually examined by any process, OR by any human, and that every complaint gets sent the automated response "this is not from us".

What do you think??

Regs,
-Jeff blink.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.