North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Christmas spam from RESERVED IANA adressblock ?

  • From: Jon Lewis
  • Date: Wed Dec 24 07:52:24 2008

Lots of networks use RFC1918 space _internally_, as iispp.com obviously does between their webmail server and their SMTP relay. It's no more suspicious than your own ISP's use of 10.0.1 between their MX and the mailstore to which your message was delivered. Recognizing this is pretty basic to reading SMTP headers.

On Wed, 24 Dec 2008, macbroadcast wrote:

hello ladys and getlepersons


just out of curiosity i looked a bit closer into this spammail header, because
this company is really annoying and abusing a lot of internet citizens.



Anfang der weitergeleiteten E-Mail:
Von: mailling@xxxxxxxxxxx
Datum: 24. Dezember 2008 12:30:18 MEZ
An: marc@xxxxxx
Betreff: E-Mail For You @ ualadys.com
Return-Path: <www-data@xxxxxxxxxxxxxx>
Received: from mx2.mail.vrmd.de ([10.0.1.21]) by vm42.mail.vrmd.de (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA; Wed, 24 Dec 2008 12:30:25 +0100
Received: from mx2.iispp.com ([76.74.250.247]) by mx2.mail.vrmd.de with esmtp (Exim 4.69) (envelope-from <www-data@xxxxxxxxxxxxxx>) id 1LFRwW-00011o-DY for marc@xxxxxx; Wed, 24 Dec 2008 12:30:25 +0100
Received: from web1.iispp.com (w1 [172.16.21.244]) by mx2.iispp.com (Postfix) with ESMTP id B71CF3504DB for <marc@xxxxxx>; Wed, 24 Dec 2008 11:30:18 +0000 (UTC)
Received: by web1.iispp.com (Postfix, from userid 33) id A5C7917A405C; Wed, 24 Dec 2008 06:30:18 -0500 (EST)


Whois wurde gestartet &


OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US

NetRange:   172.16.0.0 - 172.31.255.255
CIDR:       172.16.0.0/12
NetName:    IANA-BBLK-RESERVED
NetHandle:  NET-172-16-0-0-1
Parent:     NET-172-0-0-0-0
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information.
Comment:    http://www.arin.net/reference/rfc/rfc1918.txt
RegDate:    1994-03-15
Updated:    2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@xxxxxxxx

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@xxxxxxxx

# ARIN WHOIS database, last updated 2008-12-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


so how is this possible ?


merry christmas anyway


Marc


X-Sieve: CMU Sieve 2.2
Envelope-To: marc@xxxxxx
Delivery-Date: Wed, 24 Dec 2008 12:30:25 +0100
X-Id-From: 1000
X-Id-To: 238141
X-Mail-Id: 203714382
Mime-Version: 1.0
Content-Type: text/html
Message-Id: <20081224113018.A5C7917A405C@xxxxxxxxxxxxxx>
X-Spam-Suspicion: No
X-Purgate: Clean X-purgate-ID: 150741::081224123024-0FFB86C0-283E8BDE/0-0/0-1 X-purgate-Ad: For more information about eXpurgate please visit http://www.expurgate.net/





marc, You have new mail This is to notify you that you have received an E-Mail from

View Photos
DetailsIrina O #1000
Subject: Destiny has linked us...

Date: 24 December 2008

To read the message go here:

PLEASE, DO NOT REPLY TO THIS E-MAIL - FOLLOW THE LINK

http://www.ualadys.com/view_mail.rpx?hash=a71d2600f032ece232a391296f5f071e&mid=203714382&uid=238141

Thank you,
ualadys.com Support Team

Favorites ualadys.com

24x7 Call center

United States
+1 (315) 849-5814

United Kigdom
+44 (315) 849-5814

Skype support : ualadys



For any question in english
about this site please call:
+1 (212) 226-8900
Mon-Fri 9:00-16:00 (EST)



---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________