Paul Vixie did not spam you (this is an automated response)

Mailman List Mirror (Read Only)
1

cc'ed to nanog@ FYI

Paul Vixie wrote:

Today I started receiving a massive number of e-mail bounces and complaints
about spam. I immediately realized that someone had abused the network in my
name; sure enough, I shortly received the evidence shown below. I apologize
for this form letter response, but I'm expecting another 10,000 complaints and
I do not plan to send personalized replies to each one.

[Posting from home, since thats where I get nanog@, but posting
with my work hat on - Reply-To: set to peter@demon.net]

Please note that we were hit by the same spammer. The original
message went out, claiming it was from one of our customers (another
thread last week) when in actual fact it is from an address block
assigned the enterprise.net.

I understand that this ISP (Enterprise in the UK) has made a
statement to the effect that they in turn have traced this to a
Compuserve location. Since the only Recieved: header with anything
useful in it has one of their IP addrs in, this is difficult to
check.

Just for some background, the spammer proceeded to set the Reply-To:
address to a range of mail-news gateways (demon.service@news.demon.co.uk
was one) and really wound people up. This range of gateways have
now been permanently closed, which is in itself a great shame. I
would advise other out there to check if they have similar legacy
newsgroup@ type gateways operating and close them to reduce the
backlash of this type of spam.

Regards,

2

We have also been hit by the same spammer, he is using
exchangecurrency@forprofit.com as his reply-field (which is one of my
clients) Apparently one of the people at forprofit.com send a message to
on of the spammers "superiors" (I think he just sent the message to the
NOC contact of the host on a reply field that was sent to him :slight_smile: and
shortly after that, their domain name was showing up in the reply field of
the spam. I am flushing all mail heading for
exchangecurrency@forprofit.com to /dev/null. I've done a little research,
aparently the original postings were using a domain...

precipice:{root}67-> whois moneyworld.com
Financial Connections, Inc (MONEYWORLD-DOM)
   2508 5th Ave, #104
   Seattle, WA 98121

   Domain Name: MONEYWORLD.COM

   Administrative Contact, Technical Contact, Zone Contact, Billing
Contact:
      Williams, Bob (BW747) willie@MONEYWORLD.COM
      206 269 0846

   Record last updated on 13-Oct-96.
   Record created on 26-Oct-95.

   Domain servers in listed order:

   NSH.WORLDHELP.NET 206.81.217.6
   NSS.MONEYWORLD.COM 205.227.174.9

No answer at the number and apparently non of these DNS machines are
currently on the net... hmm.

This guy is causing my mail queues to fill up with a ton of bounces and
flames and I don't appreciate it one bit. The guys at forprofit have some
friends at the FBI, but they say that everytime they try to go after these
guys, the ISPs won't co-operate :slight_smile:

          Geoff White
          Virtual Sites
          http://www.v-site.net
          (415)437-4600 fax (415)437-4601