serveit21.com/readyserve21.com/your24dns.com - spam flood attempts against the non-existant addresses of mine, that actually are Message-IDs of my rogue cancelled Usenet posts (body harvest). serveit21.com, readyserve21.com, your24dns.com, [64.25.34.0 - 64.25.34.255]: Access denied! === My complaint === Content-Type: text/plain; charset="us-ascii" From: Admin Reply-To: abuse@2002.dolphinwave.org Organization: Private person To: , uce@ftc.gov, nanas-sub@cybernothing.org, postmaster@worldnic.net, privacy@networksolutions.com, abuse@networksolutions.com, abuse@gblx.net, gordon.johanson@infracnct.net, abuse@infracnct.net Subject: [email] Spam flood attempts (Message-IDs spamming: 64.25.34.0/24 - readyserve21.com/serveit21.com)! Date: Sat, 14 Sep 2002 21:10:17 +0300 User-Agent: KMail/1.4.1 X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200209142110.17661@2002.dolphinwave.org> Status: RO X-Status: S My mailserver rejects spamming attempts to the non-existant addresses, that look like Message-IDs! All attacks come from the same @mx0#.readyserve21.com addresses (different names), and from the same 64.25.34.0/24 IP range (mx##.serveit21.com). Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! Spammer: ======== mx10.serveit21.com [64.25.34.211] mx09.serveit21.com [64.25.34.210] mx03.serveit21.com [64.25.34.205] Mails from: =========== joelackey@mx02.readyserve21.com john.carter@mx05.readyserve21.com jmrubin@mx03.readyserve21.com alex@mx09.readyserve21.com www.serveit21.com [64.25.34.20] mx03.serveit21.com [64.25.34.205] mx09.serveit21.com [64.25.34.210] mx10.serveit21.com [64.25.34.211] ================== Registrant: Winters, Mark (VAZFXOACOD) 10904 W Pico Blvd los Angeles, CA 90010 US Domain Name: SERVEIT21.COM Administrative Contact, Technical Contact: Winters, Mark (RACMCTENQI) mark@smtp.port5.com Winters,Mark 10904 W Pico Blvd los Angeles, CA 90010 US 18886941480 123 123 1234 Record expires on 08-Mar-2003. Record created on 08-Mar-2002. Database last updated on 14-Sep-2002 14:03:53 EDT. Domain servers in listed order: NS2.SERVEIT21.COM 64.25.34.18 NS4.SERVEIT21.COM 64.25.34.19 INFRACNCT IP block [64.25.32.0 - 64.25.47.255]. Upstream: Global Crossing (pos2-0-622M.ar4.DEN2.gblx.net). www.readyserve21.com [64.25.34.155] mx02.readyserve21.com [64.25.34.155] mx03.readyserve21.com [64.25.34.156] mx05.readyserve21.com [64.25.34.158] mx09.readyserve21.com [64.25.35.155] ===================== Registrant: Winters, Mark (LSXCPBFGXD) 10904 W Pico Blvd los Angeles, CA 90010 US Domain Name: READYSERVE21.COM Administrative Contact, Technical Contact: Winters, Mark (RACMCTENQI) mark@smtp.port5.com Winters,Mark 10904 W Pico Blvd los Angeles, CA 90010 US 18886941480 123 123 1234 Record expires on 08-Mar-2003. Record created on 08-Mar-2002. Database last updated on 14-Sep-2002 14:04:57 EDT. Domain servers in listed order: NS08.YOUR24DNS.COM 64.25.35.10 NS09.YOUR24DNS.COM 64.25.35.11 INFRACNCT IP block [64.25.32.0 - 64.25.47.255]. Upstream: Global Crossing (pos2-0-622M.ar4.DEN2.gblx.net). www.your24dns.com [64.25.35.10] ================== Registrant: Winters, Mark (IWNIFHEKRD) 10904 W Pico Blvd los Angeles, CA 90010 US Domain Name: YOUR24DNS.COM Administrative Contact: Winters, Mark (RACMCTENQI) mark@smtp.port5.com Winters,Mark 10904 W Pico Blvd los Angeles, CA 90010 US 18886941480 123 123 1234 Technical Contact: VeriSign, Inc. (HOST-ORG) namehost@WORLDNIC.NET VeriSign, Inc. 21355 Ridgetop Circle Dulles, VA 20166 US 1-888-642-9675 Record expires on 20-Mar-2003. Record created on 20-Mar-2002. Database last updated on 14-Sep-2002 14:06:44 EDT. Domain servers in listed order: NS08.YOUR24DNS.COM 64.25.35.10 NS09.YOUR24DNS.COM 64.25.35.11 INFRACNCT IP block [64.25.32.0 - 64.25.47.255]. Upstream: Global Crossing (pos2-0-622M.ar4.DEN2.gblx.net). ======= Sendmail logs (GMT+0300) ======= Sep 14 08:18:25 orca sendmail[5694]: g8E5IIW05694: <5994093.qspkdtlgxa@dolphinwave.###>... User unknown Sep 14 08:18:25 orca sendmail[5694]: g8E5IIW05694: from=, size=1326, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx10.serveit21.com [64.25.34.211] -- Sep 14 09:30:50 orca sendmail[6094]: g8E6UiW06094: <1635164.xcbep46vat@dolphinwave.###>... User unknown Sep 14 09:30:50 orca sendmail[6094]: g8E6UiW06094: from=, size=1328, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx09.serveit21.com [64.25.34.210] -- Sep 14 11:14:05 orca sendmail[6597]: g8E8E5W06597: <3064853.sadlmngbsa@dolphinwave.###>... User unknown Sep 14 11:14:06 orca sendmail[6597]: g8E8E5W06597: from=, size=1319, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx03.serveit21.com [64.25.34.205] -- Sep 14 11:23:40 orca sendmail[6626]: g8E8NdW06626: <2f22beb2.17d54e72@dolphinwave.###>... User unknown Sep 14 11:23:41 orca sendmail[6626]: g8E8NdW06626: from=, size=1349, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx03.serveit21.com [64.25.34.205] -- Sep 14 11:46:40 orca sendmail[6699]: g8E8kdW06699: <2333039.poejjdzkt8@dolphinwave.###>... User unknown Sep 14 11:46:40 orca sendmail[6699]: g8E8kdW06699: from=, size=1321, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx09.serveit21.com [64.25.34.210] -- Sep 14 12:33:25 orca sendmail[6877]: g8E9XOW06877: <1588015.qidcc6gmic@dolphinwave.###>... User unknown Sep 14 12:33:25 orca sendmail[6877]: g8E9XOW06877: from=, size=1321, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx10.serveit21.com [64.25.34.211] Sep 14 12:34:59 orca sendmail[6882]: g8E9YwW06882: <19449364.lohgujkiob@dolphinwave.###>... User unknown Sep 14 12:34:59 orca sendmail[6882]: g8E9YwW06882: from=, size=1332, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx10.serveit21.com [64.25.34.211] -- Sep 14 12:48:46 orca sendmail[6926]: g8E9mjW06926: <1305075.h7gnmwurcn@dolphinwave.###>... User unknown Sep 14 12:48:46 orca sendmail[6926]: g8E9mjW06926: from=, size=1307, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx09.serveit21.com [64.25.34.210] -- Sep 14 17:44:49 orca sendmail[8732]: g8EEimW08732: <5994093.qspkdtlgxa@dolphinwave.###>... User unknown Sep 14 17:44:50 orca sendmail[8732]: g8EEimW08732: from=, size=1084, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx10.serveit21.com [64.25.34.211] -- Sep 14 18:59:01 orca sendmail[8989]: g8EFx1W08989: <1635164.xcbep46vat@dolphinwave.###>... User unknown Sep 14 18:59:01 orca sendmail[8989]: g8EFx1W08989: from=, size=1086, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx09.serveit21.com [64.25.34.210] === news.admin.net-abuse.email headsup === Path: uni-berlin.de!cust-62-219-88-93.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Message-ID spamming attacks: readyserve21.com/serveit21.com [64.25.34.0/24] Date: 14 Sep 2002 18:36:53 GMT Organization: Private person Lines: 36 Sender: Alexander Sheremet Message-ID: NNTP-Posting-Host: cust-62-219-88-93.cust.bezeqint.net (62.219.88.93) X-Trace: fu-berlin.de 1032028613 1626249 62.219.88.93 (16 [104765]) X-SPEWS: I am not X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1803404 Today I've caught multiple spamming attempts against the non-existant addresses here, that look like Message-IDs. All came from several IPs of the same serveit21.com (mx03.serveit21.com, mx09. and mx10.), and using From: some-names@mx02.readyserve21.com (also mx03, mx05 and mx09). NS for readyserve21.com are your24dns.com, that is also owned by the same owner, Mark Winters (mark@smtp.port5.com), who owns those spamming domains. All the domains are situated across the 64.25.34.0/24 IP range of INFRACNCT, who got my complaint on this abuse: Adjust your blocklists accordingly. === Sample (GMT+0300) === Sep 14 11:14:05 orca sendmail[6597]: g8E8E5W06597: <3064853.sadlmngbsa@dolphinwave.org>... User unknown Sep 14 11:14:06 orca sendmail[6597]: g8E8E5W06597: from=, size=1319, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx03.serveit21.com [64.25.34.205] P.S. All the Message-IDs it seems were harvested from Dippy's cancels (body harvest). For example, this one can be found in Google: Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === And more spamming attempts were made by the same abuser (GMT+0300) === Sep 14 20:12:16 orca sendmail[9353]: g8EHBxW09353: <3064853.sadlmngbsa@dolphinwave.org>... User unknown Sep 14 20:12:19 orca sendmail[9353]: g8EHBxW09353: from=, size=1063, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx12.serveit21.com [64.25.34.213] -- Sep 14 20:52:13 orca sendmail[9634]: g8EHqCW09634: <2f22beb2.17d54e72@dolphinwave.org>... User unknown Sep 14 20:52:13 orca sendmail[9634]: g8EHqCW09634: from=, size=1090, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx12.serveit21.com [64.25.34.213] -- Sep 14 21:14:58 orca sendmail[9869]: g8EIEvW09869: <2333039.poejjdzkt8@dolphinwave.org>... User unknown Sep 14 21:14:58 orca sendmail[9869]: g8EIEvW09869: from=, size=1079, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=mx09.serveit21.com [64.25.34.210] -- Sep 14 21:59:19 orca sendmail[10064]: g8EIxIW10064: ruleset=check_relay, arg1=mx10.serveit21.com, arg2=64.25.34.211, relay=mx10.serveit21.com [64.25.34.211], reject=550 5.0.0 Access denied - spammers trying to spam flood my Message-IDs - http://www.DolphinWave.org/spam/64.25.34.0-64.25.34.255_readyserve21.com_serveit21.com_your24dns.com.txt Sep 14 22:01:53 orca sendmail[10064]: NOQUEUE: mx10.serveit21.com [64.25.34.211] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 Sep 14 22:03:35 orca sendmail[10110]: g8EJ3ZW10110: ruleset=check_relay, arg1=mx11.serveit21.com, arg2=64.25.34.212, relay=mx11.serveit21.com [64.25.34.212], reject=550 5.0.0 Access denied - spammers trying to spam flood my Message-IDs - http://www.DolphinWave.org/spam/64.25.34.0-64.25.34.255_readyserve21.com_serveit21.com_your24dns.com.txt Sep 14 22:03:36 orca sendmail[10110]: NOQUEUE: mx11.serveit21.com [64.25.34.212] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 Sep 14 22:10:20 orca sendmail[10166]: g8EJAJW10166: ruleset=check_relay, arg1=mx09.serveit21.com, arg2=64.25.34.210, relay=mx09.serveit21.com [64.25.34.210], reject=550 5.0.0 Access denied - spammers trying to spam flood my Message-IDs - http://www.DolphinWave.org/spam/64.25.34.0-64.25.34.255_readyserve21.com_serveit21.com_your24dns.com.txt Sep 14 22:11:34 orca sendmail[10166]: NOQUEUE: mx09.serveit21.com [64.25.34.210] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0