DNSO Archives: [ga-abuse]

ICANN/DNSO DNSO Mailling lists archives

[ga-abuse]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [ga-abuse] Spams

To: Elisabeth Porteneuve <Elisabeth.Porteneuve@cetp.ipsl.fr>
Subject: Re: [ga-abuse] Spams
From: Harald Tveit Alvestrand <harald@Alvestrand.no>
Date: Mon, 14 May 2001 13:07:23 +0200
Cc: ga-abuse@dnso.org
In-Reply-To: <200105120708.JAA04537@balsa.cetp.ipsl.fr>
Sender: owner-ga-abuse@dnso.org

At 09:08 12.05.2001 +0200, Elisabeth Porteneuve wrote:

>Greetings,
>
>FYI: I noted massive arrival (starting 11 May) of this message to DNSO
>listadmin account, tens (hundred ?) bounces.
>Then several complains like the attached.

Elisabeth,
this is a chain-mail. And someone apparently at rescuethenet.org is 
shipping large volumes of it, hoping to elicit a reaction.

Critical header line:

 > Received: from mail.rescuethenet.org (mail.rescuethenet.org [63.251.22.2])
 >       by f1node03.rhrz.uni-bonn.de (8.9.3/8.9.3) with ESMTP id VAA52648;
 >       Fri, 11 May 2001 21:48:05 +0200

All the Received: headers above this one are within Bonn.
Assuming that uni-bonn is not participating, this comes from the owner of 
the IP address 63.251.22.2, apparently part of rescuethenet.org (reverse 
mapping worked).

The only thing DNSO related is that some of the URLs in the message refer 
to dnso.org website. Some people complain to the domain of all URLs listed 
in a message, since this is often the real source of the spam.

What to do about it? Nothing much TO be done - one may follow up the domain 
name to find out who is behind it....but what is the chance they left real 
information behind?

               Harald

References:
- [ga-abuse] Spams
  - From: Elisabeth Porteneuve <Elisabeth.Porteneuve@cetp.ipsl.fr>

<<< Chronological Index >>> <<< Thread Index >>>