Return-Path: <bweber@soback.kornet.net> Received: from mail4.kornet.net (168.126.3.40) by studio42.com with ESMTP (Eudora Internet Mail Server 3.0.3) for <webmaster@studio42.com>; Fri, 17 Aug 2001 11:45:15 +0100 Received: from bwhome ([211.51.59.204]) by mail4.kornet.net (8.11.3/8.11.3) with SMTP id f7HIfT915752 for <webmaster@studio42.com>; Sat, 18 Aug 2001 03:41:30 +0900 (KST) Reply-To: <bweber@soback.kornet.net> From: "Butch Weber" <bweber@soback.kornet.net> To: "Studio42 Webmaster" <webmaster@studio42.com> Subject: RE: remove Date: Sat, 18 Aug 2001 03:41:23 +0900 Message-ID: <ILEGLPIBAPJLIHIHFDKGIEEIFNAA.bweber@soback.kornet.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <1214079528-3915670@studio42.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Importance: High Hello, Here is the header that was with the message below: Received: from adgrafix.com (adgrafix.com [216.248.194.2]) by soback.kornet.net (8.11.2/8.11.2) with ESMTP id f7H6EKJ11946 for <bweber@soback.kornet21.net>; Fri, 17 Aug 2001 15:14:20 +0900 (KST) Received: from relay27.jaring.my (relay27.jaring.my [192.228.128.138]) by adgrafix.com (8.9.3/8.9.3) with ESMTP id CAA05501 for <bweber@adgrafix.com>; Fri, 17 Aug 2001 02:14:48 -0400 (EDT) From: izorumpshy@google.com Received: from fzcmy.bellatlantic.com (j139.jhb36.jaring.my [161.142.134.153]) by relay27.jaring.my (8.9.3/8.9.3) with SMTP id OAA14556; Fri, 17 Aug 2001 14:12:24 +0800 (MYT) Date: Fri, 17 Aug 2001 14:12:24 +0800 (MYT) Message-Id: <200108170612.OAA14556@relay27.jaring.my> To: psjjtqcmil@microsoft.com Reply-To: webmaster@studio42.com Subject: Great Info About Internet Companies on Internet qnvli Content-Length: 204 Status: Hope this helps to stop them. Thanks, Butch Weber p.s. I was getting over 300 emails a day so decided to remove all my emails from all lists and that is why I tried to remove from yours. -----Original Message----- From: Studio42 Webmaster [mailto:webmaster@studio42.com] Sent: Saturday, August 18, 2001 3:07 AM To: bweber@soback.kornet.net Subject: Re: remove I can't. Studio42 does not maintain any mailing lists and Studio42 did NOT send this. If you need more information, http://www.studio42.com/kill-the-spam/mastercd2001 Sorry for a spammer's inconsideration, but rest assured Studio42 will not tolerate this behavior. Please send the FULL spam with FULL headers. I'm hoping for an address so I can start legal proceedings against them. Thank you for your message. I do appreciate the time you took. Every little bit builds the case against them. On 8/17/2001 11:00, Butch Weber sent the following ASCII stream: >remove > > >-----Original Message----- >From: izorumpshy@google.com [mailto:izorumpshy@google.com] >Sent: Friday, August 17, 2001 15:12 PM >To: psjjtqcmil@microsoft.com >Subject: Great Info About Internet Companies on Internet qnvli > > >MasterCD aka MasterCD 2000 aka Mastercd2001 has released the new Autum 2001 >edition. Find out about our products and convenient ordering options in >major search engines like Yahoo and Google. Order now! >
Header Breakdown
Received: from adgrafix.com (adgrafix.com [216.248.194.2]) by soback.kornet.net (8.11.2/8.11.2) with ESMTP id f7H6EKJ11946 for <bweber@soback.kornet21.net>; Fri, 17 Aug 2001 15:14:20 +0900 (KST) Received: from relay27.jaring.my (relay27.jaring.my [192.228.128.138]) by adgrafix.com (8.9.3/8.9.3) with ESMTP id CAA05501 for <bweber@adgrafix.com>; Fri, 17 Aug 2001 02:14:48 -0400 (EDT) From: izorumpshy@google.com Received: from fzcmy.bellatlantic.com (j139.jhb36.jaring.my [161.142.134.153]) by relay27.jaring.my (8.9.3/8.9.3) with SMTP id OAA14556; Fri, 17 Aug 2001 14:12:24 +0800 (MYT) Date: Fri, 17 Aug 2001 14:12:24 +0800 (MYT) Message-Id: <200108170612.OAA14556@relay27.jaring.my> To: psjjtqcmil@microsoft.com Reply-To: webmaster@studio42.com Subject: Great Info About Internet Companies on Internet qnvli Content-Length: 204 Status: $ nslookup 216.248.194.2 Server: studio42.com Address: 10.1.1.2 Name: adgrafix.com Address: 216.248.194.2 This is the server sending the spewage out. Seems to me a I have only ever gotten spam from that server or their servers. $ nslookup 192.228.128.138 Server: studio42.com Address: 10.1.1.2 Name: relay27.jaring.my Address: 192.228.128.138 Here is the hijacked server. $ nslookup 161.142.134.153 Server: studio42.com Address: 10.1.1.2 Name: j139.jhb36.jaring.my Address: 161.142.134.153 The formatting is correct and it appears that this is the spammer, but I think this might be outsourced spamming. It appears that jaring.my has a seriously misconfigure open relay that not only relays, but also redirects their traffic to another server for delivery.
| Return to Master CD 2001 Joe Job/Attack 5 Page |
| Reload site | Return to main page | Add to Guestbook | View Guestbook |
| Add to the anti-spam links | View and Visit other anti-spam sites |Visit the Anti-Spam Web Board |
| Interesting Pages | Special Editions | Anti-Spam Assistance Center | Site News | Interactive Pages |