[PLUG] Trying to ID a spammer...

Rich Shepard rshepard at appl-ecosys.com
Wed Jun 5 14:35:21 PDT 2002


On Wed, 5 Jun 2002, Stuart Mathews wrote:

> I've been told that trying to identify spammers is a waste of time.  Since
> losing my job at IBM, I have the time and wanted to see what I could find
> about "inbox.org," who wants me to refinance my house.

Stuart,

  Takes only a few minutes at most. 

> I ran nslookup on inbox.org and found a matching IP address
> (161.58.166.119), which I can ping.
> 
> But what now?

  Do you still have that spam message?

[rshepard at salmo ~]$ whois 161.58.166.119 at whois.arin.net
[whois.arin.net]
Verio, Inc. (NET-VRIO-161-058)
   8005 South Chester Street
   Englewood, CO 80112
   US

   Netname: VRIO-161-058
   Netblock: 161.58.0.0 - 161.58.255.255
   Maintainer: VRIO

   Coordinator:
      Verio, Inc.  (VIA4-ORG-ARIN)  vipar at verio.net
      303.645.1900

   Domain System inverse mapping provided by:

   NS0.VERIO.NET                129.250.15.61
   NS1.VERIO.NET                204.91.99.140
   NS2.VERIO.NET                129.250.31.190

   ********************************************
   Reassignment information for this block is
   available at rwhois.verio.net port 4321
   ********************************************

   Record last updated on 26-Sep-2001.
   Database last updated on  4-Jun-2002 20:01:16 EDT.

  Now you know the ISP of the sender. Forward the spam -- with full headers
turned on -- to abuse at verio.net. My usual comment is:

  "Please take the appropriate actions to prevent this spammer from sending
more UCE via your servers.

Thank you,"

  Works very well.

  Ignore the "we're not spamming because some proposed legislation says what
we're doing is OK as long as we tell you how to opt out." That's nonsense.
The legislation died before it went to committee. Treat it as spam and
you'll find the ISPs are extremely helpful.

Rich





More information about the PLUG mailing list