Stewart, William C (Bill), RTSLS writes on 12/11/2003 8:37 PM:

- Personally I like the suggestion that someone had that you start serving DNS for the fake names, either pointing to 127.0.0.3 or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com, which is some disposable address block on which you run a web site and stub email server explaining that it's not your fault.

That was my idea. And I would not recommend the "or" option about setting a clever sounding DNS record "annoying-spammers-forged-dns". A lot of skript kiddies are out there with limited to zero email header reading / DNS skills, who still know just enough to download and launch rootkits and DoS attacks. This is an old and time honored tradition to deal with lusers anyway, kind of like the warez.* "ftp servers" (though one of the more popular of these, warez.slashdot.org, seems to have found itself a non-localhost IP some months back) :( And more to the point, you don't waste your bandwidth dealing with DNS queries and bounced email hitting your customer's server. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations

Looks sane to me once I resolved the name Dns resolved neulevel.biz to 209.173.53.163 [IPv4 whois information on 209.173.53.163 ] [Query Origin: Main Whois Query ] [whois.arin.net] OrgName: NeuStar, Inc. OrgID: NEUS Address: 45980 Center Oak Plaza Address: Network Operations Center City: Sterling StateProv: VA PostalCode: 20166 Country: US NetRange: 209.173.48.0 - 209.173.63.255 CIDR: 209.173.48.0/20 NetName: NEUSTAR-BLK1 NetHandle: NET-209-173-48-0-1 Parent: NET-209-0-0-0-0 NetType: Direct Allocation NameServer: OAK.NEUSTAR.COM NameServer: PINE.NEUSTAR.COM Comment: RegDate: 2001-03-21 Updated: 2001-09-06 TechHandle: MT635-ARIN TechName: Thomas, Mark TechPhone: +1-312-928-4610 TechEmail: mark.thomas@neustar.com OrgTechHandle: NETWO336-ARIN OrgTechName: Network Engineering OrgTechPhone: +1-866-638-6622 OrgTechEmail: wan.engineering@neustar.biz # ARIN WHOIS database, last updated 2003-12-11 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. "Stewart, William C (Bill), RTSLS" <billstewart@att.com> wrote: I can see a couple of obvious approaches for getting Neulevel's attention - Their web site lists two Registry Relationship Managers, one with popup contact info Ivor Sequeira - Senior Manager, European, African, and Middle Eastern Regions 571-434-5776 ivor.sequeira@neulevel.biz (That appears to be +1-571-434-5776 ...) - Their whois entry for neulevel.biz lists +1.5714345757 as their phone number, fax +1.5714345758, and snailmail address list. http://www.whois.biz/whois.cgi?TLD=biz&WHOIS_QUERY=neulevel.biz&TYPE=DOMAIN&Search=Submit+Query - They've got a snailmail address, you've got a lawyer and Fedex, they've got a Nasty Letter.... Since the requests to use your DNS server were bogus, you could probably file a John Doe suit and do discovery on Neulevel, but a Nasty Letter is probably enough. - They've got an online trademark dispute process. It's got pointers to ICANN dispute resolution mechanisms, which are more likely to get their attention than random email. Their entry point is stopsupport@neulevel.biz Normally, if somebody registers that annoying-little-spammer.com has nameserver 1.2.3.4, you'd be using this to complain that you own the name annoying-little-spammer.com, but you could try using it to complain that you own 1.2.3.4, and maybe even contend that since the registrant falsely listed you as the nameserver for the domain, that it's theft of service and you ought to be awarded ownership of the name. - You might also drop a note to ICANN about the lack of a phone number on their web site and the lack of email responsiveness. - Personally I like the suggestion that someone had that you start serving DNS for the fake names, either pointing to 127.0.0.3 or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com, which is some disposable address block on which you run a web site and stub email server explaining that it's not your fault.