Can anyone help me interpret spam headers please?

[AmeliaG]

Okay, I have been getting a lot of "goth" spam for the last week and it is really bothering me because I know there are going to be consumers who think it is coming from our sites. The spams are designed to look like they might be coming from our sites but they are NOT coming from us and they are NOT going to any site we have an ownership stake in. Can anyone give me a hand interpreting where the following headers are coming from:


(1)

Message-ID: <md5:55CD44CA17AC80B8371D475D762915F3>
Return-Path: <[email protected]>
Received: (qmail 94458 invoked from network); 7 May 2003 11:19:30 -0000
Received: from unknown (HELO mx13.victors-voluptious-videos.com) (65.241.155.188) by mail.4ph.com with SMTP; 7 May 2003 11:19:30-0000


The click appears to be going to the victors-voluptious-videos.com domain.


(2)

Return-Path: <[email protected]>
Received: (qmail 73140 invoked from network); 5 May 2003 20:13:33 -0000
Received: from unknown (HELO e-mail.ru) (80.36.117.88) by mail.4ph.com with SMTP; 5 May 2003 20:13:33 -0000
Message-ID: <[email protected]>
From: [email protected]

This one appears to go to conom.com although I am less concerned about this one because it does not design-wise look associated with us even though a lot of consumers may assume that it is us anyway because of the content claim.

[pornJester]

all your base are belong to us.

[AmeliaG]

Quote:

Originally posted by pornJester
all your base are belong to us.

?

[Mutt]

OrgName: Ion-Entertainment LLC
OrgID: IONENT
Address: 600 West 7th Street
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 65.241.155.0 - 65.241.155.255
CIDR: 65.241.155.0/24
NetName: UU-65-241-155
NetHandle: NET-65-241-155-0-1
Parent: NET-65-240-0-0-1
NetType: Reassigned
Comment:
RegDate: 2002-08-09
Updated: 2002-08-09

TechHandle: DI143-ARIN
TechName: Ion, Danny
TechPhone: +1-818-906-2466
TechEmail: [email protected]

[PowerCum]

1) appears to be sent from IP (65.241.155.188)
_This one has pionted the IP to domain "." (nothing), so it' appears to be a real spammer.
2) appears to be sent from IP (80.36.117.88)
This one is sent by a spanish DSL line user that is getting his line from Telefonica or Terra. It is running a web server and microsoft-ds services on that box
Appears to be a windows XP or something like box.

[AmeliaG]

Quote:

Originally posted by Mutt
OrgName: Ion-Entertainment LLC
OrgID: IONENT
Address: 600 West 7th Street
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 65.241.155.0 - 65.241.155.255
CIDR: 65.241.155.0/24
NetName: UU-65-241-155
NetHandle: NET-65-241-155-0-1
Parent: NET-65-240-0-0-1
NetType: Reassigned
Comment:
RegDate: 2002-08-09
Updated: 2002-08-09

TechHandle: DI143-ARIN
TechName: Ion, Danny
TechPhone: +1-818-906-2466
TechEmail: [email protected]

Thank you. Think they even semi-mean their abuse policy at http://www.ionent.com/antispam.asp or are they likely the originators as well as the senders? I haven't come across them before.

[PowerCum]

it apperas like the ionet user (1) has just bought or hired an IP from ionet and has started a spam campaign.

The user number (2) is just a stupid spanish spammer. You can shut him down by running ping -f 80.36.117.88 on his IP. He probably has a 256k line, so it's not very difficult to fuck it at all.
Or just deny all the mails comming from his IP.

[Mutt]

all u can do is send an abuse complaint to ION Net, sometimes it turns out they are the spammers or a spam friendly host. If he's a little spammer chances he'll get turfed out are better. Very hard to get anybody to do anything about a spammer who is paying alot of money.

[AmeliaG]

Quote:

Originally posted by PowerCum
it apperas like the ionet user (1) has just bought or hired an IP from ionet and has started a spam campaign.

The user number (2) is just a stupid spanish spammer. You can shut him down by running ping -f 80.36.117.88 on his IP. He probably has a 256k line, so it's not very difficult to fuck it at all.
Or just deny all the mails comming from his IP.

I'm not stressed about the mails coming in to me. I'm tense about other people thinking they are coming from me. If it is some affiliate from another country, chances are the program-owners won't be that thrilled either. I think one of the sponsors is a decent-sized sponsor and the other is a no-name AVS. Maybe the programs will shut these folks down.

[AmeliaG]

Quote:

Originally posted by PowerCum
it apperas like the ionet user (1) has just bought or hired an IP from ionet and has started a spam campaign.

The user number (2) is just a stupid spanish spammer. You can shut him down by running ping -f 80.36.117.88 on his IP. He probably has a 256k line, so it's not very difficult to fuck it at all.
Or just deny all the mails comming from his IP.

What should the ping -f 80.36.117.88 command line do?

Thanks, Amelia

[PowerCum]

Quote:

Originally posted by AmeliaG



What should the ping -f 80.36.117.88 command line do?

Thanks, Amelia

It floods the pinged IP connection causing a Denial of Service attack. In his case, it will really fuck his 256k DSL line.
If you send a mail to Telefonica or Terra (his ISP) they will do nothing. I use the same ISP, and my girl was network admin on the same ISP some time before. So, I know their policy is doing nothing unless the user attacks their own network.

[AmeliaG]

Quote:

Originally posted by PowerCum


It floods the pinged IP connection causing a Denial of Service attack. In his case, it will really fuck his 256k DSL line.
If you send a mail to Telefonica or Terra (his ISP) they will do nothing. I use the same ISP, and my girl was network admin on the same ISP some time before. So, I know their policy is doing nothing unless the user attacks their own network.

Thanks!