On Sun, May 10, 1998 at 11:00:27AM +0200, Jan Czmok wrote:
We got some spam mail from
Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007) (153.37.184.151) by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000
and i cannot query the database (arin , ripe or radb) for the owner of this network. Any hints ?
I debated posting this to this list instead of mailing it privately, but I decided the response had some pedagogical value, for some folks, anyway (and y'all who needed to know this are invited to write privately and tell me so, so I have some ammo when randy and jhawk jump my shit. :-) The .uu.net on the lookup implies that the port belongs, physically, to UUnet; the tnt1 means it's a dialup port on the Tampa, Florida, POP, which is an Ascend MAX TNT. You'll have to send it to uunet, to find out which of their lessees' customers it is, they should be able to look it up in radius logs, based on the entire headers in the message. Note that you may have to explicitly point out to them that you _know_ it may not be their customer, and that you also know that they _can_ look up whose customer is _is_ and forward the report along -- otherwise they've demonstrated a disturbing habit in the past of playing dumb, at least with me. I believe the proper address is abuse@uu.net, unless a DOS attack or something criminal appears to be involved, in which case, send it to security@uu.net. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com