Subject: Re: Here's one I'm working on. What do you think?

[an error occurred while processing this directive]
This spam report is at Anti-Spam Assistance Pages
Subject:     Re: Here's one I'm working on.  What do you think?
Date:        7/5/98 10:36
To:          Scott Huffman, scooty2@webkorner.com

On 7/5/98 09:13, Scott Huffman sent the following ASCII stream:

>Chris,
>
>I got this one a little while ago.  I've researched this one.  Have I 
>found what I'm looking for?  I've been using Neotrace to find my 
>information and Nslookup.  Do I need more stuff to find everything?
>
>Thanks,
>Scott

I got one of these too, but from a different hijacked server.
http://www.studio42.com/kill-the-spam/1998/reports/1998-deadbeats11.html#moneyhelp-2
Links to Strike 1, as this is Strike 2.

OK, first tip: Don't ask a question. Make a statement. Your solution: remove the "why are you 
receiving this complaint?" line. That's it.

Second: I agree with your logic of complaining to Canus.net, but they are a spam house and 
have most likely snarfed your email address for future spamming. Isn't that cute? I recommend 
that in the future, you do not complain to known spam houses. Two ways of figuring this out: 
read "news.admin.net-abuse.email" and seeing where your spam is coming from. I use a "three 
strikes and you're a spamhouse" along with reading NANAE. This is more advanced, but Canus.net 
is hosted by Bellsouth.net. Complain to postmaster and abuse over there.

Regarding UU.Net:
This is also advanced, but GTE owns the netblock used by the address harvesting/alternate web 
site. I can't remember which is which because I've recieved one of each today for the same web 
site, just different page. The site is a netblock controlled by Market Response Center, a known 
address harvesting/scam operation. GTE.Net also needs to be identified.

Using ARIN, you can find out who owns and controls netblocks. I'm thinking of tweaking a copy of 
my "whois" cgi to allow for ARIN lookups. To find a Class C netblock (192.x.x.x and higher), use 
this: "whois -h whois.arin.net", and then put in the first 3 octets of the netblock as-is, and 
use a 0 for the last octet. I'm not sure what your IP expertise is, but usually the last octet 
of a 0 identifies the Class C network/wire. You'll probably run into Class B and A licenses too, 
but if you know IP, you'll know what to do.

Regarding your complaints to:
PRINTRAK.COM
CERFNET.COM C/O IRS.NET
Your complaint upstream is a tad pre-mature. Usually, a hijacked server is run by administrators 
who are initially unaware that this has happened. These days, there really is no excuse for an 
open server.
Should Printrak.com not respond within a 48-hour period(since it's a weekend, otherwise, 24 
hours, 72 if on a Friday), definately escalate this upstream.

I personally am not checking your work on this one as you seem to be competent in most of this 
area, so I'm sure it's correct. You made some mistakes regarding web sites. When you get IP 
addresses, confirm the network owners and file accordingly.