<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: spamvertizing on Level3



Dear Sir or Madam,

This is an automatically generated response concerning spam-mails 
and hacker attacks, including our suggestions how you may be able to find the 
one responsible for them.

The DENIC eG is only responsible for the registration of domain names within 
the TLD ".de". Other organizations, such as the respective access provider, 
are responsible for the IP-Nets or Subdomains,(www.domain.de, mail.domain.de, 
dialin.frankfurt.domain.de, etc.). For this reason, DENIC itself cannot trace 
the person responsible for such occurences or take any direct action against 
them.

In the following there are suggestions how you can yourself research spam-mail or 
hacker attacks:

When you can identify an involved domain name or subdomain within the 
TLD ".de":

1. Find the domain owner or administrative contact (admin-c) using our 
whois-search function (http://www.denic.de/servlet/Whois).

2. Contact the owner or admin-c with your request for his help. In order to 
identify the person involved from his log-files, he will need exact information
regarding the occurence from you, including mail-header, time and time-zone, 
domain name, etc.

3. Because of data-security concerns and the rights of other interested 
parties, it is the decision of the respective provider, owner or admin-c if 
they will give you the person's identity or take action themselves.  If you 
have suffered any damages as a result of such an occurence, then it is 
probably a good idea to get legal counsel.

If you cannot identify a domain name, but you do identify an IP address,
you can try to find the corresponding domain name by using a tool named
"nslookup" and then go ahead as exposed above.

In case there is no corresponding domain name, you can make an attempt to find
the owner of the net or the administrative contact by using the whois servers of
the three network coordination centres based in Europe, USA and Asia.

The centres are RIPE (Europe, Middle East, parts of Africa ), ARIN (North and 
South America, the Caribbean and sub-Saharan Africa) and APNIC (Asia Pacific) 
and their whois servers are located at:

   RIPE (Europa): http://www.ripe.net/db/whois.html
   ARIN (Amerika): http://www.arin.net/whois/index.html
   APNIC (Asien): http://www.apnic.net/apnic-bin/whois.pl

Next steps are the same as presented above (2./3.).

If you should have trouble in your contacts with an owner or admin-c of a 
.de-domain, please feel free to contact us again and we will try to approach 
them on your behalf.

When you come across TLD's other than ".de" in your research, then you should 
use the appropriate registry's WHOIS-search function to find your information.
A list of TLD registries can be found at:

http://www.centr.org

Best Regards,

Your DENIC eG



+-----------------------------------+--------------------------------+
| DENIC eG                          | DENICoperations                |
| Wiesenhuettenplatz 26             | Phone:  +49 (0)69/27235-272    |
| D-60329 Frankfurt am Main         | Fax:    +49 (0)69/27235-234    |
| Germany                           | E-Mail: ops@localhost           |
|                                   | http://www.denic.de            |
| don't hesitate to contact us ...  |                                |
+-----------------------------------+--------------------------------+
| PGP-KeyID: 0xF81AE61F                                              |
| Fingerprint: 4943 3AA7 6A85 306E 23A4  A1AC D4B9 6CF6 F81A E61F    |
+-----------------------------------+--------------------------------+



> Received: from smtp.denic.de (smtp.denic.de [194.246.96.22])
> 	by denics3.denic.de with esmtp 
> 	id 16o2UX-0000UF-00; Thu, 21 Mar 2002 14:20:29 +0100
> Received: from postman.ripe.net (postman.ripe.net [193.0.0.199])
> 	by smtp.denic.de with smtp 
> 	id 16o2UX-0004WS-00; Thu, 21 Mar 2002 14:20:29 +0100
> Received: (qmail 29897 invoked by alias); 21 Mar 2002 13:20:29 -0000
> Delivered-To: lists-anti-spam-wg-out@localhost
> Received: (qmail 29894 invoked by uid 66); 21 Mar 2002 13:20:29 -0000
> Reply-To: paul@localhost
> From: paul@localhost
> To: anti-spam@localhost
> Cc: <caroline.skene@localhost
> Subject: spamvertizing on Level3
> Date: Thu, 21 Mar 2002 13:17:44 -0000
> Message-ID: <005801c1d0da$ca5b6600$0400a8c0@localhost>
> MIME-Version: 1.0
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> Importance: Normal
> X-MDRemoteIP: 192.168.0.4
> X-Return-Path: paul@localhost
> X-MDaemon-Deliver-To: anti-spam@localhost
> Sender: owner-anti-spam-wg@localhost
> Precedence: bulk
> 
> Is anyone aware that Level3 may have changed their AUP to permit
> spamvertizing?
> 
> Although the posted Level3 AUP says this:
> 
> "Use of the service of another provider to send UCE, spam or mailbombs, to
> promote a site hosted on or connected to the Level 3 network, is similarly
> prohibited. Likewise, you may not use the Service to collect responses from
> mass unsolicited e-mail messages."
> 
> We've received many spams over the past week promoting various sites, all
> with the giveaway 'opt-out' link to InsuranceIQ.com and sometimes promoting
> that site too. Caroline Skene, UK Operations Manager for Level3 told me this
> after I enquired why nothing was being done to remove them:
> 
> > While InsuranceIQ may also have services with Level 3 we cannot act on
> > activity on another backbone provider's network.
> 
> As I understand it, she is in charge of enforcing it in the UK, so she
> *should* know it quite well. It appears she is suggesting that spamvertizing
> is no longer considered abuse on Level3, as long as you send the mail from
> somewhere else, which is certainly not my reading of the AUP.
> 
> Paul
> 
> 





<<< Chronological >>> Author    Subject <<< Threads >>>