[110083] in North American Network Operators' Group
Re: Christmas spam from RESERVED IANA adressblock ?
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Dec 24 07:52:10 2008
Date: Wed, 24 Dec 2008 07:51:58 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: macbroadcast <marc@let.de>
In-Reply-To: <C442CBF4-05C3-422B-9DBB-A624C118C3D4@let.de>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Lots of networks use RFC1918 space _internally_, as iispp.com obviously
does between their webmail server and their SMTP relay. It's no more
suspicious than your own ISP's use of 10.0.1 between their MX and the
mailstore to which your message was delivered. Recognizing this is pretty
basic to reading SMTP headers.
On Wed, 24 Dec 2008, macbroadcast wrote:
> hello ladys and getlepersons
>
>
> just out of curiosity i looked a bit closer into this spammail header,
> because
> this company is really annoying and abusing a lot of internet citizens.
>
>
> Anfang der weitergeleiteten E-Mail:
>> Von: mailling@ualadys.com
>> Datum: 24. Dezember 2008 12:30:18 MEZ
>> An: marc@let.de
>> Betreff: E-Mail For You @ ualadys.com
>> Return-Path: <www-data@web1.iispp.com>
>> Received: from mx2.mail.vrmd.de ([10.0.1.21]) by vm42.mail.vrmd.de (Cyrus
>> v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA; Wed, 24 Dec 2008 12:30:25
>> +0100
>> Received: from mx2.iispp.com ([76.74.250.247]) by mx2.mail.vrmd.de with
>> esmtp (Exim 4.69) (envelope-from <www-data@web1.iispp.com>) id
>> 1LFRwW-00011o-DY for marc@let.de; Wed, 24 Dec 2008 12:30:25 +0100
>> Received: from web1.iispp.com (w1 [172.16.21.244]) by mx2.iispp.com
>> (Postfix) with ESMTP id B71CF3504DB for <marc@let.de>; Wed, 24 Dec 2008
>> 11:30:18 +0000 (UTC)
>> Received: by web1.iispp.com (Postfix, from userid 33) id A5C7917A405C; Wed,
>> 24 Dec 2008 06:30:18 -0500 (EST)
>
>
> �Whois� wurde gestartet &
>
>
> OrgName: Internet Assigned Numbers Authority
> OrgID: IANA
> Address: 4676 Admiralty Way, Suite 330
> City: Marina del Rey
> StateProv: CA
> PostalCode: 90292-6695
> Country: US
>
> NetRange: 172.16.0.0 - 172.31.255.255
> CIDR: 172.16.0.0/12
> NetName: IANA-BBLK-RESERVED
> NetHandle: NET-172-16-0-0-1
> Parent: NET-172-0-0-0-0
> NetType: IANA Special Use
> NameServer: BLACKHOLE-1.IANA.ORG
> NameServer: BLACKHOLE-2.IANA.ORG
> Comment: This block is reserved for special purposes.
> Comment: Please see RFC 1918 for additional information.
> Comment: http://www.arin.net/reference/rfc/rfc1918.txt
> RegDate: 1994-03-15
> Updated: 2007-11-27
>
> OrgAbuseHandle: IANA-IP-ARIN
> OrgAbuseName: Internet Corporation for Assigned Names and Number
> OrgAbusePhone: +1-310-301-5820
> OrgAbuseEmail: abuse@iana.org
>
> OrgTechHandle: IANA-IP-ARIN
> OrgTechName: Internet Corporation for Assigned Names and Number
> OrgTechPhone: +1-310-301-5820
> OrgTechEmail: abuse@iana.org
>
> # ARIN WHOIS database, last updated 2008-12-23 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
>
>
> so how is this possible ?
>
> merry christmas anyway
>
>
> Marc
>
>> X-Sieve: CMU Sieve 2.2
>> Envelope-To: marc@let.de
>> Delivery-Date: Wed, 24 Dec 2008 12:30:25 +0100
>> X-Id-From: 1000
>> X-Id-To: 238141
>> X-Mail-Id: 203714382
>> Mime-Version: 1.0
>> Content-Type: text/html
>> Message-Id: <20081224113018.A5C7917A405C@web1.iispp.com>
>> X-Spam-Suspicion: No
>> X-Purgate: Clean X-purgate-ID:
>> 150741::081224123024-0FFB86C0-283E8BDE/0-0/0-1 X-purgate-Ad: For more
>> information about eXpurgate please visit http://www.expurgate.net/
>>
>>
>>
>>
>> marc, You have new mail
>> This is to notify you that you have received an E-Mail from
>>
>> View Photos
>> DetailsIrina O #1000
>> Subject: Destiny has linked us...
>>
>> Date: 24 December 2008
>>
>> To read the message go here:
>>
>> PLEASE, DO NOT REPLY TO THIS E-MAIL - FOLLOW THE LINK
>>
>> http://www.ualadys.com/view_mail.rpx?hash=a71d2600f032ece232a391296f5f071e&mid=203714382&uid=238141
>>
>> Thank you,
>> ualadys.com Support Team
>>
>> Favorites ualadys.com
>>
>> 24x7 Call center
>>
>> United States
>> +1 (315) 849-5814
>>
>> United Kigdom
>> +44 (315) 849-5814
>>
>> Skype support : ualadys
>>
>>
>>
>> For any question in english
>> about this site please call:
>> +1 (212) 226-8900
>> Mon-Fri 9:00-16:00 (EST)
>
>
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
