Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list
Spammer Scott Whittle has harvested not only email addresses from the NANOG list archives, but also Message-IDs, and is busily trying to abuse the hell out of them. I've seen 6 (edit: 11) (edit: 14) copies so far this morning, and no doubt more are on the way. He identifies himself thusly: IP Technology Labs Network Communications Simplified Scott Whittle | President | T: +1 301 570 6611 x601 | M/SMS: +1 301 339 3237 | E: scott@IpTechnologyLabs.com | W: http://iptechnologylabs.com Although the spam itself carries a return address of Return-Path: <scott.whittle@iptechlabs.com> So blocking on the latter should suffice, at least for this round. ---rsk p.s. Pro tip: proofread your spam content before sending: "I am looking contact your Product Manager/Sales Manager regarding possible distribution of our USA made and designed Plug-and-Play VPN products. We are the are a channel friendly company, can offer account protection, and ensure your margins."
On Jun 13, 2012, at 10:12 , Randy Bush wrote:
Spammer Scott Whittle has harvested not only email addresses from the NANOG list archives, but also Message-IDs
and draft-foo@ietf.org addresses
Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? Or is he using a botnet? (I got a couple dozen, but deleted them.) -- TTFN, patrick
On Jun 13, 2012, at 10:56 AM, Patrick W. Gilmore wrote:
Is his upstream, or the upstream of his hosting provider, on NANOG or IETF?
My sample came via GoDaddy: Return-Path: <scott.whittle@iptechlabs.com> Received: from p3plsmtps2ded01-02.prod.phx3.secureserver.net (p3plsmtps2ded01.prod.phx3.secureserver.net [208.109.80.58]) by gandalf.gizmopartners.com (8.14.3/8.14.3) with SMTP id q5D5ERPD029411 for <xx@gizmopartners.com>; Wed, 13 Jun 2012 00:14:58 -0500 (CDT) (envelope-from scott.whittle@iptechlabs.com) --Chris
On Jun 13, 2012, at 13:30 , Chris Boyd wrote:
On Jun 13, 2012, at 10:56 AM, Patrick W. Gilmore wrote:
Is his upstream, or the upstream of his hosting provider, on NANOG or IETF?
My sample came via GoDaddy:
GoDaddy is not blind to these problems. Has anyone asked them to look into this? -- TTFN, patrick
participants (4)
-
Chris Boyd
-
Patrick W. Gilmore
-
Randy Bush
-
Rich Kulawiec