Re: SPAM, RE: Internic and there lame response

[Dean Robb <pceasy () norfolk infi net>]

At 21:22 7/10/98 -0400, Andrea Di Lecce wrote:
> At 20:21 7/8/98 -0400, you wrote:
> > Incredibly two-faced response.  How do you determine the user's ISP?  Check
> > WhoIs.  But...OOOPPSS!...the information in WhoIs is phoney, and we don't
> > do anything about that.  Sorry, guess you're just screwed.
>
> There are many other ways to track a spammer.
>
> - Do nslookup on the IP that originated the spam (sometimes this takes a
> bit of detective work to find what IP actually originated the spam).
> - Traceroute to the originating IP.  Email the ISP that is directly upstream.

*I* know these techniques.  Joe User who's irritated at his spam likely
does not.

> - Look in the Whois information for contact emails and nameservers - if
> these are for the upstream ISP, or some ISP other than the spammer, report
> it to them.

But there's the rub.  A great deal of the information (including
delegations) in domain registrations by net.abusers is complete
fabrication.  InterNIC refuses to deal with it, even when it's pointed out
to them.

> - If they are advertising a web page, track the web page host, and their
> upstream, and report it to them.

All the time :>
> > What do spammers and nails have in common?  They're both intended for
> > hammering.
>
> Amen. 

Witnesses available at www.witness.com...:)


What do spammers and nails have in common?  They're both intended for
hammering.

Dean Robb
PC-Easy 
On-site computer services
(757) 495-EASY [3279]