I ran the "WhoIs" tool from Hendricom on a spam today and got the spam mail kicked back in reply like this:
Input: 82.207.40.43
Output:
No match found for Received: from 211.48.62.166 (211.48.62.166) at KTMAIL with ESMTP Hanmir by ktmail4;Sat, 08 Sep 2007 15:30:36 +0900X-MsgID: 1189233036589495.0.ktmail4Message-ID: <1189233036589495.0.ktmail4@ktmail4>Received: from [82.207.40.43] ([82.207.40.43]) by relay6.kornet.net ([211.48.62.166]) with ESMTP id 2007090815:30:34:325684.18852.9232 Sat, 08 Sep 2007 15:30:31 +0900 (KST) Received: from [82.207.40.43] by mx2.webhero.com; Sat, 8 Sep 2007 08:29:59 +0200Date: Sat, 8 Sep 2007 08:29:59 +0200X-RECEIVED-IP: 211.48.62.166From: "Joyce Schaefer" <vbv@boegers.com>X-Mailer: The Bat! (v3.60.07) HomeReply-To: vbv@boegers.comX-Priority: 3 (Normal)Y-Message-ID: <094575576.03863702169230@boegers.com>To: whlee7989@kornet.netSubject: [SPAM] Re:INTERNAL MIME-Version: 1.0Content-Type: text/plain; charset=iso-8859-1Content-Transfer-Encoding: 7bitX-TERRACE-SPAMMARK: YES-__TRSYS_LV__3 (SR:-4.35) (SRN:spamrobot) ----------------- Have you ever wanted a expensive Watch?We have the piece for you!We sell all the expensive brands for a very small precentage of the price.www.ajsuhewyy.com82.207.40.43.
# ARIN WHOIS database, last updated 2007-09-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Contacts:
1189233036589495.0.ktmail4@ktmail4received
vbv@boegers.comx-mailer
vbv@boegers.comx-priority
094575576.03863702169230@boegers.comto
whlee7989@kornet.netsubject
- - - - - -
When I check the address through whois.ripe, the real IP address is displayed, which is in the Ukraine.
So who is poisoning the well here?
Don't worry about munging my e-mail address here; it is not listed thought this appeared in my mail account.
Full Version: WhoIs tool defeated?
Wierd... 
I ran this here and got ...
...
I wonder what blocked your response? It's not impossible that RIPE was offline when you made this query...??
I ran this here and got ...
...
I wonder what blocked your response? It's not impossible that RIPE was offline when you made this query...??
Nope, I ran the address through another means and it did the job correctly with the same results you got from RIPE. Only in your "WhoIs" application did it do that.
Is the date on your WhoIs binary Apr 17, 2007??
It's April 18, 2007
Thanks Helen. Windows? OSX? (I want to try to reproduce this 
)
)
This was OSX.
IMHO, Purify will not be complete unless it comes with a gun.
IMHO, Purify will not be complete unless it comes with a gun.
<ROFL> 
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.