QUOTE
Hi. This is the qmail-send program at xuxa.iecc.com.
I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<ct-abuse@abuse.sprint.net>:
199.0.233.6 does not like recipient.
Remote host said: 550 5.7.1 <ct-abuse@abuse.sprint.net>... Access denied Giving up on 199.0.233.6.
--- Below this line is a copy of the message.
Return-Path: <me@MyISP.com>
Received: (qmail 7615 invoked by uid 170); 23 Sep 2004 14:49:46 -0000
Delivered-To: abuse-special-CTSUMMARY@special.abuse.net
Received: (qmail 7613 invoked from network); 23 Sep 2004 14:49:45 -0000
Received: from rwcrmhc12.comcast.net (216.148.227.85)
by mail2.iecc.com with SMTP; 23 Sep 2004 14:49:45 -0000
Date: Thu, 23 Sep 2004 14:49:43 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium
Received: from myusername (h0002b34bf30f.ne.client2.attbi.com[66.30.24.21])
by comcast.net (rwcrmhc12) with SMTP
id <20040923144943014005232ne>; Thu, 23 Sep 2004 14:49:43 +0000 From:My Name <me@MyISP.com> To:Abuse <CTSUMMARY@SPECIAL.ABUSE.NET> Subject:Email Abuse Complaint 9/23/2004 10:49:35 AM Reply-To:My Name <me@MyISP.com>
X-DCC-IECC-Metrics: xuxa.iecc.com 1107; Body=1 Fuz1=1 Fuz2=1
Here is the SMTP information.
SMTP Info Start ====================================
Received: from scriptsportal.com (unknown[222.65.113.121](misconfigured sender))
by sccrmxc19.comcast.net (sccrmxc19) with SMTP
id <20040922061403s1900cu1upe>; Wed, 22 Sep 2004 06:15:38 +0000
X-Originating-IP: [222.65.113.121]
Message-ID: <0F120324.749350D@scriptsportal.com>
Date: Wed, 22 Sep 2004 09:30:27 +0600
Reply-To: "lawerence ramlakhan" <swessnalzche@scriptsportal.com>
From: "lawerence ramlakhan" <swessnalzche@scriptsportal.com>
User-Agent: aol 3.0 for windows 95 sub 52
X-Accept-Language: en-us
MIME-Version: 1.0
To: "lynn bottgenbach" <midnight1999@comcast.net>
Subject: Your whole health n_e_eds our precious care
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<ct-abuse@abuse.sprint.net>:
199.0.233.6 does not like recipient.
Remote host said: 550 5.7.1 <ct-abuse@abuse.sprint.net>... Access denied Giving up on 199.0.233.6.
--- Below this line is a copy of the message.
Return-Path: <me@MyISP.com>
Received: (qmail 7615 invoked by uid 170); 23 Sep 2004 14:49:46 -0000
Delivered-To: abuse-special-CTSUMMARY@special.abuse.net
Received: (qmail 7613 invoked from network); 23 Sep 2004 14:49:45 -0000
Received: from rwcrmhc12.comcast.net (216.148.227.85)
by mail2.iecc.com with SMTP; 23 Sep 2004 14:49:45 -0000
Date: Thu, 23 Sep 2004 14:49:43 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium
Received: from myusername (h0002b34bf30f.ne.client2.attbi.com[66.30.24.21])
by comcast.net (rwcrmhc12) with SMTP
id <20040923144943014005232ne>; Thu, 23 Sep 2004 14:49:43 +0000 From:My Name <me@MyISP.com> To:Abuse <CTSUMMARY@SPECIAL.ABUSE.NET> Subject:Email Abuse Complaint 9/23/2004 10:49:35 AM Reply-To:My Name <me@MyISP.com>
X-DCC-IECC-Metrics: xuxa.iecc.com 1107; Body=1 Fuz1=1 Fuz2=1
Here is the SMTP information.
SMTP Info Start ====================================
Received: from scriptsportal.com (unknown[222.65.113.121](misconfigured sender))
by sccrmxc19.comcast.net (sccrmxc19) with SMTP
id <20040922061403s1900cu1upe>; Wed, 22 Sep 2004 06:15:38 +0000
X-Originating-IP: [222.65.113.121]
Message-ID: <0F120324.749350D@scriptsportal.com>
Date: Wed, 22 Sep 2004 09:30:27 +0600
Reply-To: "lawerence ramlakhan" <swessnalzche@scriptsportal.com>
From: "lawerence ramlakhan" <swessnalzche@scriptsportal.com>
User-Agent: aol 3.0 for windows 95 sub 52
X-Accept-Language: en-us
MIME-Version: 1.0
To: "lynn bottgenbach" <midnight1999@comcast.net>
Subject: Your whole health n_e_eds our precious care
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
It seems the that SprintLink doesn't like mail sent from CTSUMMARY@special.abuse.net. Not good, but I understand what's happening so far. But The only complaint sent yesterday via CTSUMMARY was for a message that originated with Chinanet. Here is the relevant log entry:
QUOTE
Processing - Your whole health n_e_eds our precious care
Received Answer
Evaluating Answer For 222.65.113.121
Referred To Asia Pacific Network Information Centre
Received Answer
Evaluating Answer For 222.65.113.121
Finding Domains
HOSTMASTER@NS.CHINANET.CN.NET Is In 'Do Not Send List'
IP-ADMIN@MAIL.ONLINE.SH.CN Is In 'Do Not Send List'
Found Domain NS.CHINANET.CN.NET
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
ANTI-SPAM@CHINANET.CN.NET
POSTMASTER@CHINANET.CN.NET
CTSUMMARY@SPECIAL.ABUSE.NET
Finished With 222.65.113.121
Connecting to SMTP server
Connect smtp.comcast.net
Sending message Email Abuse Complaint 9/23/2004 10:49:35 AM
Response 220
Sending to ANTI-SPAM@CHINANET.CN.NET
EHLO My username
Response 250
MAIL FROM:<me@MyISP.com>
Response 250
RCPT TO:<ANTI-SPAM@CHINANET.CN.NET>
Response 250
DATA
Response 354
Transmitting Message
Message Transmitted
Response 250
QUIT
Response 221
Email abuse complaint sent to ANTI-SPAM@CHINANET.CN.NET
Connect smtp.comcast.net
Sending message Email Abuse Complaint 9/23/2004 10:49:35 AM
Response 220
Sending to POSTMASTER@CHINANET.CN.NET
EHLO My username
Response 250
MAIL FROM:<me@MyISP.comt>
Response 250
RCPT TO:<POSTMASTER@CHINANET.CN.NET>
Response 250
DATA
Response 354
Transmitting Message
Message Transmitted
Response 250
QUIT
Response 221
Email abuse complaint sent to POSTMASTER@CHINANET.CN.NET
Connect smtp.comcast.net
Sending message Email Abuse Complaint 9/23/2004 10:49:35 AM
Response 220
Sending to CTSUMMARY@SPECIAL.ABUSE.NET
EHLO My username
Response 250
MAIL FROM:<me@MyISP.com>
Response 250
RCPT TO:<CTSUMMARY@SPECIAL.ABUSE.NET>
Response 250
DATA
Response 354
Transmitting Message
Message Transmitted
Response 250
QUIT
Response 221
Email abuse complaint sent to CTSUMMARY@SPECIAL.ABUSE.NET
Received Answer
Evaluating Answer For 222.65.113.121
Referred To Asia Pacific Network Information Centre
Received Answer
Evaluating Answer For 222.65.113.121
Finding Domains
HOSTMASTER@NS.CHINANET.CN.NET Is In 'Do Not Send List'
IP-ADMIN@MAIL.ONLINE.SH.CN Is In 'Do Not Send List'
Found Domain NS.CHINANET.CN.NET
Received Answer
Evaluating Answer For ABUSE.NET
Finding Email Addresses
ANTI-SPAM@CHINANET.CN.NET
POSTMASTER@CHINANET.CN.NET
CTSUMMARY@SPECIAL.ABUSE.NET
Finished With 222.65.113.121
Connecting to SMTP server
Connect smtp.comcast.net
Sending message Email Abuse Complaint 9/23/2004 10:49:35 AM
Response 220
Sending to ANTI-SPAM@CHINANET.CN.NET
EHLO My username
Response 250
MAIL FROM:<me@MyISP.com>
Response 250
RCPT TO:<ANTI-SPAM@CHINANET.CN.NET>
Response 250
DATA
Response 354
Transmitting Message
Message Transmitted
Response 250
QUIT
Response 221
Email abuse complaint sent to ANTI-SPAM@CHINANET.CN.NET
Connect smtp.comcast.net
Sending message Email Abuse Complaint 9/23/2004 10:49:35 AM
Response 220
Sending to POSTMASTER@CHINANET.CN.NET
EHLO My username
Response 250
MAIL FROM:<me@MyISP.comt>
Response 250
RCPT TO:<POSTMASTER@CHINANET.CN.NET>
Response 250
DATA
Response 354
Transmitting Message
Message Transmitted
Response 250
QUIT
Response 221
Email abuse complaint sent to POSTMASTER@CHINANET.CN.NET
Connect smtp.comcast.net
Sending message Email Abuse Complaint 9/23/2004 10:49:35 AM
Response 220
Sending to CTSUMMARY@SPECIAL.ABUSE.NET
EHLO My username
Response 250
MAIL FROM:<me@MyISP.com>
Response 250
RCPT TO:<CTSUMMARY@SPECIAL.ABUSE.NET>
Response 250
DATA
Response 354
Transmitting Message
Message Transmitted
Response 250
QUIT
Response 221
Email abuse complaint sent to CTSUMMARY@SPECIAL.ABUSE.NET
Why did a complaint sent via CTSUMMARY@special.abuse.net, presumably meant for Chinanet (222.65.113.121) get sent to iecc.com (SDN.IECC.COM 208.31.42.94
LIGHT.LIGHTLINK.COM 205.232.34.1) which reports that Sprintlink (199.0.233.6) doesn't like Abuse.net?
Making things even more complicated, when I look up sprintlink (199.0.233.6) at ARIN I get:
QUOTE
OrgName: Sprint
OrgID: SPRN
Address: 12502 Sunrise Valley Dr.
City: Reston
StateProv: VA
PostalCode: 20196
Country: US
NetRange: 199.0.0.0 - 199.3.255.255
CIDR: 199.0.0.0/14
NetName: NETBLK-SPRINT-BLKA
NetHandle: NET-199-0-0-0-1
Parent: NET-199-0-0-0-0
NetType: Direct Allocation
NameServer: NS1-AUTH.SPRINTLINK.NET
NameServer: NS2-AUTH.SPRINTLINK.NET
NameServer: NS3-AUTH.SPRINTLINK.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1993-09-08
Updated: 2002-07-01
OrgID: SPRN
Address: 12502 Sunrise Valley Dr.
City: Reston
StateProv: VA
PostalCode: 20196
Country: US
NetRange: 199.0.0.0 - 199.3.255.255
CIDR: 199.0.0.0/14
NetName: NETBLK-SPRINT-BLKA
NetHandle: NET-199-0-0-0-1
Parent: NET-199-0-0-0-0
NetType: Direct Allocation
NameServer: NS1-AUTH.SPRINTLINK.NET
NameServer: NS2-AUTH.SPRINTLINK.NET
NameServer: NS3-AUTH.SPRINTLINK.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1993-09-08
Updated: 2002-07-01
ARIN doesn't provide the nameserver IP's so I look up SPRINTLINK.NET at InterNIC and get this:
QUOTE
Domain Name: SPRINTLINK.NET
Registrar: ALLDOMAINS.COM INC.
Whois Server: whois.alldomains.com
Referral URL: http://www.alldomains.com
Name Server: NS1-AUTH.SPRINTLINK.NET
Name Server: NS3-AUTH.SPRINTLINK.NET
Name Server: NS2-AUTH.SPRINTLINK.NET
Status: REGISTRAR-LOCK
Updated Date: 10-sep-2003
Creation Date: 11-may-1992
Expiration Date: 12-may-2005
Registrar: ALLDOMAINS.COM INC.
Whois Server: whois.alldomains.com
Referral URL: http://www.alldomains.com
Name Server: NS1-AUTH.SPRINTLINK.NET
Name Server: NS3-AUTH.SPRINTLINK.NET
Name Server: NS2-AUTH.SPRINTLINK.NET
Status: REGISTRAR-LOCK
Updated Date: 10-sep-2003
Creation Date: 11-may-1992
Expiration Date: 12-may-2005
So, I look it up at http://www.alldomains.com which coughs this up:
QUOTE
Registrant:
Sprint Communications Company L.P. (DOM-330263)
MAILSTOP: KSOPHT0101-Z3380 6391 Sprint Parkway
Overland Park KS 66251-3380
US
Domain Name: sprintlink.net
Registrar Name: Alldomains.com
Registrar Whois: whois.alldomains.com
Registrar Homepage: http://www.alldomains.com
Administrative Contact:
Domain Administrator (NIC-1533363) Sprint Communications Company L.P.
MAILSTOP: KSOPHT0101-Z3380 6391 Sprint Parkway
Overland Park KS 66251-3380
US
domain.names@mail.sprint.com
+1.8665052385
Fax- +1.8773880408
Technical Contact, Zone Contact:
Domain Administrator (NIC-1533363) Sprint Communications Company L.P.
MAILSTOP: KSOPHT0101-Z3380 6391 Sprint Parkway
Overland Park KS 66251-3380
US
domain.names@mail.sprint.com
+1.8665052385
Fax- +1.8773880408
Created on..............: 1992-May-11.
Expires on..............: 2005-May-12.
Record last updated on..: 2003-Nov-08 01:11:30.
Domain servers in listed order:
NS1-AUTH.SPRINTLINK.NET 206.228.179.10
NS2-AUTH.SPRINTLINK.NET 144.228.254.10
NS3-AUTH.SPRINTLINK.NET 144.228.255.10
Sprint Communications Company L.P. (DOM-330263)
MAILSTOP: KSOPHT0101-Z3380 6391 Sprint Parkway
Overland Park KS 66251-3380
US
Domain Name: sprintlink.net
Registrar Name: Alldomains.com
Registrar Whois: whois.alldomains.com
Registrar Homepage: http://www.alldomains.com
Administrative Contact:
Domain Administrator (NIC-1533363) Sprint Communications Company L.P.
MAILSTOP: KSOPHT0101-Z3380 6391 Sprint Parkway
Overland Park KS 66251-3380
US
domain.names@mail.sprint.com
+1.8665052385
Fax- +1.8773880408
Technical Contact, Zone Contact:
Domain Administrator (NIC-1533363) Sprint Communications Company L.P.
MAILSTOP: KSOPHT0101-Z3380 6391 Sprint Parkway
Overland Park KS 66251-3380
US
domain.names@mail.sprint.com
+1.8665052385
Fax- +1.8773880408
Created on..............: 1992-May-11.
Expires on..............: 2005-May-12.
Record last updated on..: 2003-Nov-08 01:11:30.
Domain servers in listed order:
NS1-AUTH.SPRINTLINK.NET 206.228.179.10
NS2-AUTH.SPRINTLINK.NET 144.228.254.10
NS3-AUTH.SPRINTLINK.NET 144.228.255.10
Notice that the IP addresses don't match up. Can anyone help me to understand this? I get the basic WHOIS info, but I can't follow the trail of IP addresses and domain names.
Thanks.
Hi Jeff,