Subject: StockAlert News: UNFC expects increase of $50M in assets over near term

[an error occurred while processing this directive]
The report for this spam can be found at: Remington Hall Edition.
Return-Path: <cuufefuu49@sds.se>
Received: from www.stthomasu.ca ([192.197.141.232])          
by santaclara01.pop.internex.net (Post.Office MTA v3.1.2          
release (PO203-101c) ID# 0-34792U7500L7500S0) with ESMTP          
id AAA5661 for <chris@lanets.com>;          
Mon, 26 Jan 1998 04:00:32 -0800
Received: from academic.stu.StThomasU.ca ([192.197.141.211])	
by www.stthomasu.ca (8.8.5/8.8.5) with ESMTP id HAA19434;	Mon, 26 Jan 1998 07:13:45 -0400
Date: Mon, 26 Jan 1998 07:13:45 -0400
From: cuufefuu49@sds.se
Received: from ACADEMIC/MERCURY by academic.stu.StThomasU.ca (Mercury 1.21);    
26 Jan 98 07:21:14 AST
Received: from MERCURY by ACADEMIC (Mercury 1.21); 26 Jan 98 05:44:28 AST
Received: from Default by academic.stu.StThomasU.ca (Mercury 1.21);    
26 Jan 98 05:44:26 AST
To: cuufefuu49@sds.se
Comments: Authenticated sender is <cuufefuu49@sds.se>
Subject: StockAlert News: UNFC expects increase of $50M in assets over near term
Message-Id: <199801261554IAA48759@post.stu.stthomasu.ca>

>nslookup 192.197.141.232
Server:  dns.mediacity.com
Address:  205.216.172.10

Name:    www.stthomasu.ca
Address:  192.197.141.232

>nslookup www.stthomasu.ca
Server:  dns.mediacity.com
Address:  205.216.172.10

Name:    www.stthomasu.ca
Address:  192.197.141.232

That completely resolves, showing me the relaying server.

Now onto the originating point:
>nslookup 192.197.141.211
Server:  dns.mediacity.com
Address:  205.216.172.10

*** dns.mediacity.com can't find 192.197.141.211: Non-existent host/domain

>nslookup academic.stu.StThomasU.ca
Server:  dns.mediacity.com
Address:  205.216.172.10

Name:    academic.stu.StThomasU.ca
Address:  192.197.143.211

Seems like a static location to me. Perhaps a telnet server with PINE? No, can't be PINE
as it clearly identifies itself in the headers.

What's nice is that now these spammers have their own spamming domain.

>whois remington-hall.com
Remington - Hall Capital Corporation (REMINGTON-HALL-DOM)
   1401 Elm Street Suite 1818
   Dallas, TX 75202
   US

   Domain Name: REMINGTON-HALL.COM

   Administrative Contact:
      Fonteno, Douglas  (DF3575)  r-hall@MPSI.NET
      (972) 749-4600 (FAX) (972) 749-4646
   Technical Contact, Zone Contact:
      Liu, William  (LW33-ORG)  domain@WT.NET
      713-965-0485
Fax- 713-965-0396
   Billing Contact:
      Fonteno, Douglas  (DF3575)  r-hall@MPSI.NET
      (972) 749-4600 (FAX) (972) 749-4646

   Record last updated on 16-Jan-98.
   Record created on 24-Nov-97.
   Database last updated on 26-Jan-98 04:15:30 EDT.

   Domain servers in listed order:

   VOYAGER.WTD.NET              208.227.232.8
   NS3.WTD.NET                  208.227.232.7

>nslookup www.remington-hall.com
Server:  dns.mediacity.com
Address:  205.216.172.10

*** dns.mediacity.com can't find www.remington-hall.com: Non-existent host/domain

The spam links(or attempts to link) you to a web site, but there is no DNS entry for this domain.

>traceroute remington-hall.com
traceroute: unknown host remington-hall.com

This suggest that even their so-called email address is invalid
Got video tapes? Need DVDs? $32 per tape gets it done fast!