North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Christmas spam from RESERVED IANA adressblock ?

  • From: Jon Lewis
  • Date: Wed Dec 24 07:52:24 2008

Lots of networks use RFC1918 space _internally_, as obviously does between their webmail server and their SMTP relay. It's no more suspicious than your own ISP's use of 10.0.1 between their MX and the mailstore to which your message was delivered. Recognizing this is pretty basic to reading SMTP headers.

On Wed, 24 Dec 2008, macbroadcast wrote:

hello ladys and getlepersons

just out of curiosity i looked a bit closer into this spammail header, because
this company is really annoying and abusing a lot of internet citizens.

Anfang der weitergeleiteten E-Mail:
Von: [email protected]
Datum: 24. Dezember 2008 12:30:18 MEZ
An: [email protected]
Betreff: E-Mail For You @
Return-Path: <[email protected]>
Received: from ([]) by (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA; Wed, 24 Dec 2008 12:30:25 +0100
Received: from ([]) by with esmtp (Exim 4.69) (envelope-from <[email protected]>) id 1LFRwW-00011o-DY for [email protected]; Wed, 24 Dec 2008 12:30:25 +0100
Received: from (w1 []) by (Postfix) with ESMTP id B71CF3504DB for <[email protected]>; Wed, 24 Dec 2008 11:30:18 +0000 (UTC)
Received: by (Postfix, from userid 33) id A5C7917A405C; Wed, 24 Dec 2008 06:30:18 -0500 (EST)

Whois wurde gestartet &

OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US

NetRange: -
NetHandle:  NET-172-16-0-0-1
Parent:     NET-172-0-0-0-0
NetType:    IANA Special Use
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information.
RegDate:    1994-03-15
Updated:    2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  [email protected]

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2008-12-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

so how is this possible ?

merry christmas anyway


X-Sieve: CMU Sieve 2.2
Envelope-To: [email protected]
Delivery-Date: Wed, 24 Dec 2008 12:30:25 +0100
X-Id-From: 1000
X-Id-To: 238141
X-Mail-Id: 203714382
Mime-Version: 1.0
Content-Type: text/html
Message-Id: <[email protected]>
X-Spam-Suspicion: No
X-Purgate: Clean X-purgate-ID: 150741::081224123024-0FFB86C0-283E8BDE/0-0/0-1 X-purgate-Ad: For more information about eXpurgate please visit

marc, You have new mail This is to notify you that you have received an E-Mail from

View Photos
DetailsIrina O #1000
Subject: Destiny has linked us...

Date: 24 December 2008

To read the message go here:


Thank you, Support Team


24x7 Call center

United States
+1 (315) 849-5814

United Kigdom
+44 (315) 849-5814

Skype support : ualadys

For any question in english
about this site please call:
+1 (212) 226-8900
Mon-Fri 9:00-16:00 (EST)

---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ for PGP public key_________