Re: [anti-spam-wg@localhost] Spam form unassigned IP address???
- Date: Wed, 17 Sep 2003 14:13:52 +0300
On Wed, Sep 17, 2003 at 11:05:40AM +0400, Igor Knyazev wrote:
> Hello anti-spam-wg@localhost
>
> We have received very many e-mail messages from many mail servers
> containing the following, for example:
>
> >A message that you sent could not be delivered to one or more of its
> >recipients. This is a permanent error. The following address(es) failed:
> >
> > chairman@localhost
> > no such address
> > evanhalen@localhost
> > no such address
> >
> >------ This is a copy of the message, including all the headers. ------
> >Return-path: info@localhost
> >Received: from [202.56.239.41] (helo=CIDEX01)
> > by server10.pronicsolutions.com with smtp (Exim 4.20)
> > id 19zVjE-0000yv-U1; Wed, 17 Sep 2003 02:23:54 -0400
> >Received: from 4dqqx.9xtxu.net [34.148.84.48] by CIDEX01 for chairman@localhost; Wed, 17 Sep 2003 10:17:24
> >+0300
>
> We dont send any messages to any users in that domain.
> We checked this ip 202.56.239.41,34.148.84.48 and found that
> this address unassigned any company or person.
> Whose is this work?
Somebody is forging your e-mail address, and using open relays to do it.
202.56.239.41 is owned by a company in India, see
http://www.geektools.com/whois.php?query=202.56.239.41 . It seems to be
an open relay.
http://www.geektools.com/whois.php?query=34.148.84.48 points to
Halliburton. Do they have zombie address ranges?
Not much you can really do, other than contact the owners of the abused
systems, and their upstreams. You cannot prevent somebody from faking
your e-mail address. You can go after them after the occurance, but in
this case they're probably hiding pretty well.
esa
--
PGP Fingerprint: 8C4D 4F5C 1094 5E00 D575 11B2 9412 AD93 7F78 EF7E
Public key at: http://iki.fi/laitinen/pubkey.html
YIM: reunaesa ICQ: 160631289 AIM: punkkinen MSN: esahi5@localhost