One of our clients sustained a severe SMTP DDOS attack on New Years' Day. The DDOS was caused by a bulk mailing which had forged their domain name in the return address. The attack was staged over several days from dial-up lines at fast.net (Bethlehem, PA). We contacted fast.net shortly after the massmail began but it continued unabated for two additional days. Some of the source IPs were eventually listed by MAPS and Wirehub and they're still listed to this date. 5 minutes after our call to fast.net's support desk we tracked a portscan from one of their netblocks (206.245.164.0-206.245.164.255, Internet Unlimited, at nearly the same address in Bethlehem, PA). A quick check of the reverse DNS revealed nearly exclusive use by porn, throw-away, and otherwise spam domains. Though we're still tabulating damages and collecting evidence it appears the DDOS was hosted by and allowed to continue unabated by fast.net (aka iuinc.com) after they had knowledge of the problem, knowledge of its source, and knowledge of its effects. Since fast.net/iuinc.com has not replied to our email or phone calls we're looking for anyone with information on this company, its owners or operators, and any history of network or SMTP abuse. All help will be appreciated and kept confidential. Thanks in advance, -- Roger Marquis Roble Systems Consulting http://www.roble.com/