[PLUG] Trying to ID a spammer...

Rich Shepard rshepard at appl-ecosys.com
Wed Jun 5 14:35:21 PDT 2002

On Wed, 5 Jun 2002, Stuart Mathews wrote:

> I've been told that trying to identify spammers is a waste of time.  Since
> losing my job at IBM, I have the time and wanted to see what I could find
> about "inbox.org," who wants me to refinance my house.


  Takes only a few minutes at most. 

> I ran nslookup on inbox.org and found a matching IP address
> (, which I can ping.
> But what now?

  Do you still have that spam message?

[rshepard at salmo ~]$ whois at whois.arin.net
Verio, Inc. (NET-VRIO-161-058)
   8005 South Chester Street
   Englewood, CO 80112

   Netname: VRIO-161-058
   Netblock: -
   Maintainer: VRIO

      Verio, Inc.  (VIA4-ORG-ARIN)  vipar at verio.net

   Domain System inverse mapping provided by:


   Reassignment information for this block is
   available at rwhois.verio.net port 4321

   Record last updated on 26-Sep-2001.
   Database last updated on  4-Jun-2002 20:01:16 EDT.

  Now you know the ISP of the sender. Forward the spam -- with full headers
turned on -- to abuse at verio.net. My usual comment is:

  "Please take the appropriate actions to prevent this spammer from sending
more UCE via your servers.

Thank you,"

  Works very well.

  Ignore the "we're not spamming because some proposed legislation says what
we're doing is OK as long as we tell you how to opt out." That's nonsense.
The legislation died before it went to committee. Treat it as spam and
you'll find the ISPs are extremely helpful.


More information about the PLUG mailing list