Re: sprint
- Date: Mon, 28 Jan 2002 16:52:16 +0100
Dear Sir or Madam,
This is an automatically generated response concerning spam-mails
and hacker attacks, including our suggestions how you may be able to find the
one responsible for them.
The DENIC eG is only responsible for the registration of domain names within
the TLD ".de". Other organizations, such as the respective access provider,
are responsible for the IP-Nets or Subdomains,(www.domain.de, mail.domain.de,
dialin.frankfurt.domain.de, etc.). For this reason, DENIC itself cannot trace
the person responsible for such occurences or take any direct action against
them.
In the following there are suggestions how you can yourself research spam-mail or
hacker attacks:
When you can identify an involved domain name or subdomain within the
TLD ".de":
1. Find the domain owner or administrative contact (admin-c) using our
whois-search function (http://www.denic.de/servlet/Whois).
2. Contact the owner or admin-c with your request for his help. In order to
identify the person involved from his log-files, he will need exact information
regarding the occurence from you, including mail-header, time and time-zone,
domain name, etc.
3. Because of data-security concerns and the rights of other interested
parties, it is the decision of the respective provider, owner or admin-c if
they will give you the person's identity or take action themselves. If you
have suffered any damages as a result of such an occurence, then it is
probably a good idea to get legal counsel.
If you cannot identify a domain name, but you do identify an IP address,
you can try to find the corresponding domain name by using a tool named
"nslookup" and then go ahead as exposed above.
In case there is no corresponding domain name, you can make an attempt to find
the owner of the net or the administrative contact by using the whois servers of
the three network coordination centres based in Europe, USA and Asia.
The centres are RIPE (Europe, Middle East, parts of Africa ), ARIN (North and
South America, the Caribbean and sub-Saharan Africa) and APNIC (Asia Pacific)
and their whois servers are located at:
RIPE (Europa): http://www.ripe.net/db/whois.html
ARIN (Amerika): http://www.arin.net/whois/index.html
APNIC (Asien): http://www.apnic.net/apnic-bin/whois.pl
Next steps are the same as presented above (2./3.).
If you should have trouble in your contacts with an owner or admin-c of a
.de-domain, please feel free to contact us again and we will try to approach
them on your behalf.
When you come across TLD's other than ".de" in your research, then you should
use the appropriate registry's WHOIS-search function to find your information.
A list of TLD registries can be found at:
http://www.centr.org
Best Regards,
Your DENIC eG
+-----------------------------------+--------------------------------+
| DENIC eG | DENICoperations |
| Wiesenhuettenplatz 26 | Phone: +49 (0)69/27235-272 |
| D-60329 Frankfurt am Main | Fax: +49 (0)69/27235-234 |
| Germany | E-Mail: ops@localhost |
| | http://www.denic.de |
| don't hesitate to contact us ... | |
+-----------------------------------+--------------------------------+
| PGP-KeyID: 0xF81AE61F |
| Fingerprint: 4943 3AA7 6A85 306E 23A4 A1AC D4B9 6CF6 F81A E61F |
+-----------------------------------+--------------------------------+
> Received: from smtp.denic.de (smtp.denic.de [194.246.96.22])
> by denics3.denic.de with esmtp
> id 16VDbr-0002s4-00; Mon, 28 Jan 2002 16:22:15 +0100
> Received: from mail-relay.denic.de (mail-relay.denic.de [194.246.96.21])
> by smtp.denic.de with esmtp
> id 16VDcW-0000nn-00; Mon, 28 Jan 2002 16:22:56 +0100
> Received: from postman.ripe.net (postman.ripe.net [193.0.0.199])
> by mail-relay.denic.de with smtp
> id 16VDcV-00014W-00; Mon, 28 Jan 2002 16:22:55 +0100
> Received: (qmail 19181 invoked by alias); 28 Jan 2002 15:22:04 -0000
> Delivered-To: lists-anti-spam-wg-out@localhost
> Received: (qmail 19178 invoked by uid 66); 28 Jan 2002 15:22:04 -0000
> Reply-To: paul@localhost
> From: paul@localhost
> To: anti-spam@localhost
> Subject: sprint
> Date: Mon, 28 Jan 2002 15:18:28 -0000
> Message-ID: <006f01c1a80f$0ad34bc0$0400a8c0@localhost>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="US-ASCII"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> In-Reply-To: <p05100306b879aeae4bb3@localhost>
> X-MDRemoteIP: 192.168.0.4
> X-Return-Path: paul@localhost
> X-MDaemon-Deliver-To: anti-spam@localhost
> Sender: owner-anti-spam-wg@localhost
> Precedence: bulk
>
> Our company has today had the legal department of Sprint in the USA threaten
> us because we said we would write to their corporate customers regarding
> Sprint's spam support policies and urging them to dump Sprint. We get a
> large percentage of our spam from persistent spammers on Sprint. We've
> reported them to abuse but they've never been closed down. The spam
> continues.
>
> The Sprint lawyer said that our claims that they continue to host spammers
> in breach of their AUP were untrue and that they would take whatever legal
> action possible against us. We're not worried since everything we say is
> true and Spamhaus bears this out (great site BTW).
>
> The saddest part is that after getting zero response or action for any
> complaint sent to the Sprint abuse address, we decided to send each spam
> report to every email address (including press contacts and
> executive-offices) we could get off the Sprint site. All of a sudden we've
> had real people contacting us, even if it is only because we've annoyed
> them.
>
> I know this kind of thing isn't be the answer to spam (more email, etc.),
> but it has produced a couple of phone calls and a crappy threatening letter
> from Sprint's legal department and that's more than a year's worth of abuse
> complaints has achieved. And we would only consider it reasonable to take
> such action when it is against spammers who have not been closed down
> despite numerious abuse reports. At least we know these emails are getting
> through to real people and not just being discarded. And sadly, if Sprint
> employees start to have to sift through this kind of stuff, they might do
> something about it.
>
> We have written back to the legal department today asking for clarification
> on why the sites we reported are still live despite their AUP. I don't
> expect an explanation, they will ignore it or fudge the issue. Bottom line
> is, you can see exactly what Sprint are up to on Spamhaus... and if it's
> true, you can't sue.
>
>
> Paul Gay
> Director
> Cactusoft Ltd.
>
>