Jason at XO's security/abuse staff. Very helpful chap Solved a problem with a downstream client of theirs that was pounding a network I help out.... Yes, I know off topic, but more on topic as this list SHOULD be about people HELPING people do good in these difficult times. YMMV, but I'm happy. Have a great day John Brown Chagres Technologies, Inc
On 04:36 PM 8/30/02, John M. Brown wrote:
Jason at XO's security/abuse staff. Very helpful chap
Indeed he is. Which is why I'm totally mystified about why rfc-ignorant insists that my domain doesn't have a working abuse address. I would privately email the admin at rfc-ignorant about this problem, but, well.... (see below) jc
From: Mail Delivery Subsystem <MAILER-DAEMON@wellington.cnchost.com> Subject: Returned mail: User unknown Message-ID: <200208262053.QAA27667@wellington.cnchost.com> Errors-To: <MAILER-DAEMON@wellington.cnchost.com> To: <lists@vo.cnchost.com> Auto-Submitted: auto-generated (failure) X-UIDL: 59729
The original message was received at Mon, 26 Aug 2002 16:53:15 -0400 (EDT) from adsl-208-201-244-240.sonic.net [208.201.244.240]
----- The following addresses had permanent fatal errors ----- <admin@rfc-ignorant.com>
----- Transcript of session follows ----- ... while talking to narn.megacity.org.:
RCPT To:<admin@rfc-ignorant.com> <<< 550 5.7.1 <admin@rfc-ignorant.com>... Message rejected because the connecting host (wellington.concentric.net) does not have abuse contact - see www.rfc-ignorant.org 550 <admin@rfc-ignorant.com>... User unknown
----- Original message follows -----
Return-Path: <lists@vo.cnchost.com> Received: from Erwin.vo.cnchost.com (adsl-208-201-244-240.sonic.net [208.201.244.240]) by wellington.cnchost.com id QAA27406; Mon, 26 Aug 2002 16:53:15 -0400 (EDT) [ConcentricHost SMTP Relay 1.14] Errors-To: <lists@vo.cnchost.com> Message-Id: <5.0.0.25.2.20020826135320.02fa2340@pop3.vo.cnchost.com> X-Sender: lists%vo.cnchost.com@pop3.vo.cnchost.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 26 Aug 2002 13:55:30 -0700 To: admin@rfc-ignorant.com From: JC Dill <abuse@vo.cnchost.com> Subject: Fwd: Returned mail: User unknown Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed
Can you explain why rfc-ignorant thinks my domain doesn't have a working abuse address?
jc
On Fri, 30 Aug 2002, JC Dill wrote:
On 04:36 PM 8/30/02, John M. Brown wrote:
Jason at XO's security/abuse staff. Very helpful chap
Indeed he is. Which is why I'm totally mystified about why rfc-ignorant insists that my domain doesn't have a working abuse address. I would privately email the admin at rfc-ignorant about this problem, but, well.... (see below)
RFC-ignorant is a little agressive sometimes. A while back they were blocking all of APNIC address ranges because they didn't have a contact email addresses in ARIN's whois database. The again such heavy-handed blocking isn't confined small anti-spam organisations like RFC-ignorant or Spews. New Zealand and Australian ISPs have to deal all the time with large providers who decide to block large address ranges. PBI had a email block for 202/8 a month or 3 back (not sure if it's gone yet) and another medium sized North American provider (whos name escapes me) currently blocks mail from 202/7 . At least with RFC-ignorant you know who to contact and they have proper records of what they are blocking, with other organisations you usually have to jump though about half a dozen people till you find someone to actually look at the filters and realize they were put in by some nightship admin the week before because he got a spam via some open relay in Korea. -- Simon Lyall. | Newsmaster | Work: simon.lyall@ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon@darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
On 8/30/2002 at 8:25 PM, nanog@vo.cnchost.com wrote:
On 04:36 PM 8/30/02, John M. Brown wrote:
Jason at XO's security/abuse staff. Very helpful chap
Indeed he is. Which is why I'm totally mystified about why rfc-ignorant insists that my domain doesn't have a working abuse address. I would privately email the admin at rfc-ignorant about this problem, but, well.... (see below)
jc
I don't think rfc-ignorant.org tests entries at a later time, ever. I have brought the concentric.net case to their attention today. Speaking of Concentric domains: cnc.net has not had a working abuse@ address for several YEARS, and I have brought that to Concentric's attention, oh, 3-4 years ago? I consider this a reckless way of operating: some people have interpreted RFC822 in such a way that you only have to accept mail to "postmaster@FQDN" if you actually accept any mail for the domain at all. I wonder who's smart idea within Concentric it was to use cnc.net for a bazillion FQDN's and in-addr.arpa records, but create an MX record for the domain and not accept postmaster and abuse@cnc.net . If I wouldn't know better (the whole incompetent vs. malevolent logic), I'd outright describe this as being "evasive". Speaking of evading: I wish to remind the readers of this thread (a subset of NANOG readers) that the good deeds of a few cannot make up for the colossal, corrupt policy failures of a bankrupt organization as a whole, or else I wouldn't currently be in possession of about 90 complaints (and corresponding 90 auto-replies, with exactly ZERO human-generated replies) from xo.com regarding spam-spewing factories of crime in their IP space, with such complaints sent to them in the short, short period of the last 2.5 months, based on an amazingly small swath of IP space at the receiving end of this Internet crime. Examples of XO customers who can't tell right from wrong, and "220 DO ME HARD" from "550 NO TRESPASSING, CRIMINAL SCUM", and who continue to criminally trespass onto other people's property after being told to stay away: Sep 9 08:13:25 sonet sendmail[895]: IAA00895: from=<Reply@ContentWatch.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=gw.iaccess.com [64.221.226.129] Sep 9 02:19:51 saturn sendmail[5229]: NOQUEUE: ruleset=check_relay, arg1=lsv-004.cynergen.net, arg2=66.239.204.53, relay=lsv-004.cynergen.net [66.239.204.53], reject=550 no access for OIN - Spammers must die. Sep 9 00:35:21 saturn sendmail[1729]: NOQUEUE: ruleset=check_relay, arg1=host28.anglcorp.com, arg2=67.105.80.91, relay=host28.anglcorp.com [67.105.80.91], reject=550 no access for list-washing twits at anglcorp.com - Spammers must die. Sep 8 00:13:57 saturn sendmail[12484]: NOQUEUE: ruleset=check_relay, arg1=lsv-001.cynergen.net, arg2=66.239.204.50, relay=lsv-001.cynergen.net [66.239.204.50], reject=550 no access for OIN - Spammers must die. Sep 7 20:58:36 saturn sendmail[6541]: NOQUEUE: ruleset=check_relay, arg1=host24.anglcorp.com, arg2=67.105.80.87, relay=host24.anglcorp.com [67.105.80.87], reject=550 no access for list-washing twits at anglcorp.com - Spammers must die. Sep 7 16:26:39 sonet sendmail[11480]: NOQUEUE: ruleset=check_relay, arg1=lsv-002.cynergen.net, arg2=66.239.204.51, relay=lsv-002.cynergen.net [66.239.204.51], reject=550 no access for OIN - Spammers must die. Sep 7 05:01:49 saturn sendmail[2655]: FAA02655: <X>... User unknown - user never existed - single-opt-in is spam - and Spammers must die. Sep 7 05:01:49 saturn sendmail[2655]: FAA02655: from=<102338940173691-7090200001-X?X@bounce.tilw.net>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=ul1.tilw.net [209.164.4.171] Sep 6 20:55:27 saturn sendmail[14573]: NOQUEUE: ruleset=check_relay, arg1=lsv-001.cynergen.net, arg2=66.239.204.50, relay=lsv-001.cynergen.net [66.239.204.50], reject=550 no access for OIN - Spammers must die. Sep 5 20:10:41 sonet sendmail[18779]: UAA18779: from=<reply@contentwatch.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=host228.iaccess.com [64.221.226.228] (may be forged) Sep 5 18:44:45 saturn sendmail[9560]: NOQUEUE: ruleset=check_relay, arg1=lsv-002.cynergen.net, arg2=66.239.204.51, relay=lsv-002.cynergen.net [66.239.204.51], reject=550 no access for OIN - Spammers must die. Sep 5 14:30:19 saturn sendmail[26113]: NOQUEUE: ruleset=check_relay, arg1=thething.emailfactory.com, arg2=64.35.34.30, relay=thething.emailfactory.com [64.35.34.30], reject=550 NO TRESPASSING for emailfactory.com/newc.com - Spammers must die. Sep 4 16:20:57 saturn sendmail[817]: NOQUEUE: ruleset=check_relay, arg1=lsv-001.cynergen.net, arg2=66.239.204.50, relay=lsv-001.cynergen.net [66.239.204.50], reject=550 no access for OIN - Spammers must die. There is no doubt in my mind that XO is fully aware of the criminal trespass committed by their customers, and continues to aid and abet these criminal activities on a daily basis by knowingly and willingly providing service and /dev/null'ing complaints about them - kinda like Sprintlink/Sprint aiding and abetting their criminals^Wcustomers while committing acts of forgery, false declaration of goods, false declaration of goods in interstate and international commerce, criminal impersonation, falsification of business records and business and wire fraud across state lines - only more passively. I could point the finger in almost any direction from here.
From UnSavvy to APiss&Pee. From Uh-Oh!Net to Clueless&Witless. From FraudLynx to VeryUglio, From Exorcism to Worldcunt. The bigger, the more bankrupt, the more aiding and abetting.
It's 5pm: do you know who you work for? -- "Just say No" to Spam Kai Schlichting New York, Palo Alto, You name it Sophisticated Technical Peon Kai's SpamShield <tm> is FREE! http://www.SpamShield.org | | LeasedLines-FrameRelay-IPLs-ISDN-PPP-Cisco-Consulting-VoiceFax-Data-Muxes WorldWideWebAnything-Intranets-NetAdmin-UnixAdmin-Security-ReallyHardMath
participants (4)
-
JC Dill
-
John M. Brown
-
Kai Schlichting
-
Simon Lyall