Spammers, that also look for open relays to abuse. Also in the ROKSO database of The Spamhaus Project: http://www.spamhaus.org/rokso/search.lasso?evidencefile=1588 directhitonline.com, surfnetsales.com, globalcardservice.com, EndlessPhone.com, UnsubscribeList.com, [216.141.172.0 - 216.141.173.255], [208.179.99.0 - 208.179.99.255], [65.213.41.0 - 65.213.41.255]: Access denied! ======= My complaint ======= Content-Type: text/plain; charset="iso-8859-1" From: Admin Organization: Private person To: Abuse reports , nanas-sub@cybernothing.org, uce@ftc.gov, abuse@broadwing.com, abuse@broadwing.net, mail-abuse@yahoo-inc.com Subject: [email] directhitonline.com spammers look for open relays! Date: Tue, 11 Sep 2001 16:50:39 +0300 X-Mailer: KMail [version 1.2] Cc: rafal4@yahoo.com, smtp4@directhitonline.com, rnigro@globalcardservice.com MIME-Version: 1.0 Message-Id: <01091116503900.01949@dolphin.dolphinwave.org> Content-Transfer-Encoding: 8bit Status: RO X-Status: S Today my e-mail server was tested by directhitonline.com on a matter of the third party relaying (unauthorised access). Looking at their web page shows their true spammer's face: http://www.directhitonline.com/about.htm "We use the most up-to-date marketing technology and have access to e-mail addresses from brokers within the United States and around the world. Our database contains over 350 million e-mail addresses." Please, terminate this spammer's nest as soon as possible! Thanks! ======= Relay test from: 216.141.172.107 Date: 11 Sep 2001; 05:07:30 (GMT+0300) Relay from: rafal4@yahoo.com Relay to: smtp4@directhitonline.com directhitonline.com [216.141.172.187] =================== GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Domain Name: DIRECTHITONLINE.COM Administrative Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Technical Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Record updated on 2001-01-15 00:00:00. Record created on 2001-01-15. Record expires on 2002-01-15. Database last updated on 2001-09-11 04:35:56 EST. Domain servers in listed order: NS3.BROADWING.NET 216.140.16.252 NS4.BROADWING.NET 216.140.17.252 Surf Net Sales IP block [216.141.172.0 - 216.141.173.255]. Upstream: Broadwing (e01HYWRCA80-a01HYWRCA80-1.broadwing.net). ======= SENDMAIL LOG (GMT+0300) ======= Sep 11 05:07:30 orca sendmail[13483]: f8B27T713483: ruleset=check_rcpt, arg1=, relay=[216.141.172.107], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [216.141.172.107] Sep 11 05:07:32 orca sendmail[13483]: f8B27T713483: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=[216.141.172.107] -- Alexander Sheremet, dolphinwave.org Admin. === Reply from Rafal Mazur, Global Card Service Admin === Received: from smtp001pub.verizon.net (smtp001pub.verizon.net [206.46.170.180]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id f8BKKFA15581 for ; Tue, 11 Sep 2001 23:20:16 +0300 Received: from MIS1 ([216.142.197.185]) by smtp001pub.verizon.net with ESMTP for ; id f8BKK8B20479 Tue, 11 Sep 2001 15:20:09 -0500 (CDT) Reply-To: From: "R. Mazur - Global Card Service" To: Subject: RE: [email] directhitonline.com spammers look for open relays! Date: Tue, 11 Sep 2001 13:19:03 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Status: R X-Status: N Dear Alexander, Thank you for bringing this issue to our attention. It appears that one of our collocation clients was in fact using some SMTP scanning utility from our network. We have since then shut down his machine and are in the process of shipping it back to him as this sort of network abuse will not be tolerated. We appologize for any inconvenience this may have caused and are always appreciative of things like this being brought to our attention so we can act on them quickly. Should you have any further questions or comments please send them my way. Best Regards, Rafal Mazur Global Card Service; Admin -----Original Message----- From: Admin [mailto:abuse-2001@dolphinwave.org] Sent: Tuesday, September 11, 2001 6:51 AM To: Abuse reports; nanas-sub@cybernothing.org; uce@ftc.gov; abuse@broadwing.com; abuse@broadwing.net; mail-abuse@yahoo-inc.com Cc: rafal4@yahoo.com; smtp4@directhitonline.com; rnigro@globalcardservice.com Subject: [email] directhitonline.com spammers look for open relays! Today my e-mail server was tested by directhitonline.com on a matter of the third party relaying (unauthorised access). Looking at their web page shows their true spammer's face: http://www.directhitonline.com/about.htm "We use the most up-to-date marketing technology and have access to e-mail addresses from brokers within the United States and around the world. Our database contains over 350 million e-mail addresses." Please, terminate this spammer's nest as soon as possible! Thanks! ======= Relay test from: 216.141.172.107 Date: 11 Sep 2001; 05:07:30 (GMT+0300) Relay from: rafal4@yahoo.com Relay to: smtp4@directhitonline.com directhitonline.com [216.141.172.187] =================== GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Domain Name: DIRECTHITONLINE.COM Administrative Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Technical Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Record updated on 2001-01-15 00:00:00. Record created on 2001-01-15. Record expires on 2002-01-15. Database last updated on 2001-09-11 04:35:56 EST. Domain servers in listed order: NS3.BROADWING.NET 216.140.16.252 NS4.BROADWING.NET 216.140.17.252 Surf Net Sales IP block [216.141.172.0 - 216.141.173.255]. Upstream: Broadwing (e01HYWRCA80-a01HYWRCA80-1.broadwing.net). ======= SENDMAIL LOG (GMT+0300) ======= Sep 11 05:07:30 orca sendmail[13483]: f8B27T713483: ruleset=check_rcpt, arg1=, relay=[216.141.172.107], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [216.141.172.107] Sep 11 05:07:32 orca sendmail[13483]: f8B27T713483: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=[216.141.172.107] -- Alexander Sheremet, dolphinwave.org Admin. === My notes === Surprisingly, the relay test was meant to be delivered to rafal4@yahoo.com, which fits pretty nice to the name "Rafal Mazur". Coincidence? Doubt it. === And more the same scanning attempts! Sendmail logs (GMT+0200) === Dec 3 05:42:48 orca sendmail[11847]: fB33ggf11847: ruleset=check_rcpt, arg1=, relay=[65.213.41.50], reject=550 5.0.0 ... Access denied - spammers/open relays harvesters - http://www.DolphinWave.org/spam/216.141.172.0-216.141.173.255_surfnetsales.com.txt Dec 3 05:42:58 orca sendmail[11847]: fB33ggf11847: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=[65.213.41.50] Dec 6 09:29:34 orca sendmail[4076]: fB67TY804076: ruleset=check_relay, arg1=[65.213.41.50], arg2=65.213.41.50, relay=[65.213.41.50], reject=550 5.0.0 Access denied - spammers/open relays harvesters - http://www.DolphinWave.org/spam/globalcardservice.com.txt Dec 6 09:29:45 orca sendmail[4076]: NOQUEUE: [65.213.41.50] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 Dec 7 10:15:03 orca sendmail[9290]: fB78F3809290: ruleset=check_relay, arg1=[65.213.41.50], arg2=65.213.41.50, relay=[65.213.41.50], reject=550 5.0.0 Access denied - spammers/open relays harvesters - http://www.DolphinWave.org/spam/globalcardservice.com.txt Dec 7 10:15:07 orca sendmail[9290]: NOQUEUE: [65.213.41.50] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 UUNET Technologies, Inc. (NETBLK-UUNET65) UUNET65 65.192.0.0 - 65.221.255.255 EndlessPhone.com (NETBLK-UU-65-213-41) UU-65-213-4165.213.41.0 - 65.213.41.255 EndlessPhone.com [208.179.99.100] ================ GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Domain Name: ENDLESSPHONE.COM Administrative Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Technical Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Record updated on 2001-05-29 15:40:46. Record created on 2001-05-29. Record expires on 2002-05-29. Database last updated on 2001-12-04 15:03:43 EST. Domain servers in listed order: NS1.PAJO.COM 216.116.96.2 NS2.PAJO.COM 216.116.96.3 The Pajo Group IP block [208.179.0.0 - 208.179.255.255] Upstream: Pajo (surfnetsales-gw.dcap2.lgb.us.pajo.net). Now directhitonline.com is on the Pajo IPs, too: directhitonline.com [208.179.99.103] =================== GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Domain Name: DIRECTHITONLINE.COM Administrative Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Technical Contact: E. Robert Nigro rnigro@globalcardservice.com GlobalCardService 5200 Warner Ave., Suite 107 Huntington Beach,, CA 92649 US Phone- 714-846-1588 Fax- 714-846-2688 Record updated on 2001-01-15 00:00:00. Record created on 2001-01-15. Record expires on 2002-01-15. Database last updated on 2001-12-04 15:03:43 EST. Domain servers in listed order: NS1.PAJO.COM 216.116.96.2 NS2.PAJO.COM 216.116.96.3 The Pajo Group IP block [208.179.0.0 - 208.179.255.255] Upstream: Pajo (surfnetsales-gw.dcap2.lgb.us.pajo.net). But globalcardservice.com is still on Broadwing: globalcardservice.com [216.141.172.187] ===================== Registrant: SurfNetSales (GLOBALCARDSERVICE2-DOM) 1140 E. Ocean Boulevard, Suite 321 Long Beach, CA 90802-5665 US Domain Name: GLOBALCARDSERVICE.COM Administrative Contact, Technical Contact, Billing Contact: Billes, Mark (MBW167) mbilles@DIRECTHITONLINE.COM SurfNetSales 528 8th St. Huntington Beach, CA 92648 US 714-846-1588 714-846-2688 Record last updated on 11-Apr-2001. Record expires on 27-Nov-2001. Record created on 27-Nov-1999. Database last updated on 4-Dec-2001 05:06:00 EST. Domain servers in listed order: NS3.BROADWING.NET 216.140.16.252 NS4.BROADWING.NET 216.140.17.252 Surf Net Sales IP block [216.141.172.0 - 216.141.173.255] which is in the Broadwing IP range [216.140.0.0 - 216.143.255.255]. Upstream: Broadwing (P2-0.c0.hywr.broadwing.net).