List-Managers: Re: A heads-up on a potential spammer

List-Managers
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: A heads-up on a potential spammer
From:	Alexander Verbraeck <A . Verbraeck @ IS . TWI . TUDelft . NL>
Date:	Sun, 28 Apr 1996 02:39:50 +0200 (MET DST)
To:	list-managers @ greatcircle . com
Cc:	winfave @ duticai . twi . tudelft . nl
In-reply-to:	<m0uDKF4-00055tC@ilinx.ilinx.com> from "Brian J. Murrell" at Apr 27, 96 05:21:33 pm

> from the quill of Chris Siebenmann <cks@hawkwind.utcs.toronto.edu> on
> scroll <96Apr27.195913edt.23976@hawkwind.utcs.utoronto.ca>
> >  I have just received a series of three subscription requests, in
> > alphabetical order, for my three mailing lists here. Although this
> > claims to be from the domain tnc.com (a domain, by the way, that doesn't
> > have a working 'postmaster' account/alias/etc), it appears to have been
> > generated on pluto.cs.uah.edu. The X-Mail-Agent is also disturbing.
> 
> I just got one of these to my personal account.  Obviously the user is not
> too good at being stealthly and subscribing quietly.

Same here.

NSlookup yields:

tnc.com preference = 520, mail exchanger = mail.istar.net       
tnc.com preference = 5, mail exchanger = nisku.blackgold.ab.ca  
tnc.com preference = 510, mail exchanger = mail.ottawa.istar.net
tnc.com nameserver = nic.fonorola.net                           
tnc.com nameserver = fonsrv00.fonorola.com                      
mail.istar.net  internet address = 204.191.213.2                
nisku.blackgold.ab.ca   internet address = 198.53.152.12        
mail.ottawa.istar.net   internet address = 204.191.213.2        
nic.fonorola.net        internet address = 198.53.64.7          
fonsrv00.fonorola.com   internet address = 149.99.1.3           

A telnet session with nisku.blackgold.ab.ca :

% telnet nisku.blackgold.ab.ca 25
Trying 198.53.152.12 ...
Connected to nisku.blackgold.ab.ca.
Escape character is '^]'.
220 nisku.blackgold.ab.ca ESMTP Sendmail 8.7.5 raring to go at Sat, 27 Apr 1996
8:37:53 -0600 (MDT)
HELO duticai.twi.tudelft.nl
250 nisku.blackgold.ab.ca hi there [130.161.159.1], wouldn't want to be in your
hoes.
VRFY postmaster
550 postmaster... User unknown
VRFY 22ndcm
250 22nd Century Marketing <22ndcm@nisku.blackgold.ab.ca>
VRFY root
250 Operator <root@nisku.blackgold.ab.ca>
QUIT
221 nisku.blackgold.ab.ca Hanging up. Good-bye and good riddance.
Connection closed by foreign host.


At least we know what "22ndcm" stands for. Doesn't look positive...

Alexander Verbraeck
List Manager BPR-L

-----------------------------------------------------------------
Dr. Alexander Verbraeck            Delft University of Technology
Department of Systems Engineering, Policy Analysis and Management
Jaffalaan 5        P.O. Box 5015, 2600 GA  Delft  The Netherlands
Tel: +31 15 2783805    Secr: +31 15 2788380   Fax: +31 15 2783429
e-mail: A.Verbraeck@sepa.tudelft.nl  List manager BPR-L, DYNMOD-L
http://www.sepa.tudelft.nl/~alexandv/    See also ..../bpr-l.html
-----------------------------------------------------------------

Follow-Ups:

Re: A heads-up on a potential spammer
From: "James B. Byrne" <peglars@harte-lyne.ca>

References:

Re: A heads-up on a potential spammer
From: brian@ilinx.ilinx.com (Brian J. Murrell)

Indexed By Date	Previous:	Re: A heads-up on a potential spammer From: brian@ilinx.ilinx.com (Brian J. Murrell)
Indexed By Date	Next:	Re: An odd message I received From: brian@ilinx.ilinx.com (Brian J. Murrell)
Indexed By Thread	Previous:	Re: A heads-up on a potential spammer From: brian@ilinx.ilinx.com (Brian J. Murrell)
Indexed By Thread	Next:	Re: A heads-up on a potential spammer From: "James B. Byrne" <peglars@harte-lyne.ca>