[PLUG] Trying to ID a spammer...

Brian Horan bhoran at hexdev.com
Wed Jun 5 21:54:28 UTC 2002


well, you could email Anthony...hopefully he knows what his mail server is 
being used for...or you could see if his server is an open relay....for 
example:
it doesn't look like an open relay.....here's a transcript:

bhoran at Darkstar(~) % socket inbox.org 25
220 upstartinternet.com ESMTP Sendmail 8.11.6 ready at Wed, 5 Jun 2002 
17:29:48 -0400 (EDT)
HELO dingleberry.com
250 upstartinternet.com Hello adsl-156-XXX-XXX-XX.bct.bellsouth.net 
[66.156.212.74], pleased to meet you
MAIL From: bob at aol.com
250 2.1.0 bob at aol.com... Sender ok
RCPT To: cow at hexdev.com
550 5.7.1 cow at hexdev.com... SMTP relay denied, authenticate via POP/IMAP first
QUIT
221 2.0.0 upstartinternet.com closing connection

so if the full headers show it came from inbox.org (not just the From: 
part).....the sender has an account with inbox....

On Wednesday 05 June 2002 05:13 pm, you wrote:
> I've been told that trying to identify spammers is a waste of
> time.  Since losing my job at IBM, I have the time and wanted to
> see what I could find about "inbox.org," who wants me to
> refinance my house.
>
> The spam is from rachel at inbox.org.  I suppose if you're going to
> use phony names, "Rachel" is as good as any.  The offer is to
> refi my house, has the usual opt-out info, and a disclaimer.
>
> The disclaimer pronounces their right to spam me because they are
> in compliance with some proposed legislation, but that if I am
> not having any luck getting off their list I can contact the
> "Abuse Control Center" in Canoga Park, CA.
>
> The Center must have relocated, because a google search for the
> phone# for the opt-out turned up something indicating the
> so-called Abuse Control Center was in Irvine.
>
> Trying to learn about inbox.org I ran;
>
> $ whois "inbox.org"@whois.crsnic.net     ......which returned the
> registrant as Anthony DiPierro, in Brewster, NY.
>
> I ran a google search on DiPierro, found discussion threads he
> contributed to a couple of years ago relating to C vs Perl stuff,
> Free BSD vs Microsoft, and his email (anthony at inbox.org).
> DiPierro at inbox.org appears to exist.  Looks like he registered
> inbox.org through tucows.
>
> I ran nslookup on inbox.org and found a matching IP address
> (161.58.166.119), which I can ping.
>
> But what now?  Is it possible that some spammer has cracked into
> Anthony's machine and is using it as a base for their own
> nefarious purposes, or is likly that Anthony is just a good old
> New Jersey type trying to make a living by freeloading off the
> Internet?
>
>
> Stuart Mathews
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

-- 
Brian Horan
bhoran at hexdev.com




More information about the PLUG mailing list