Spammers/Usenet harvesters! 3web45.com, redmoss.com, [66.185.166.0 - 66.185.166.255], [216.133.82.160-216.133.82.191]: Access denied! === Spamming/harvest verification attempt (Sendmail logs, GMT+0300) === Apr 17 12:23:58 orca sendmail[16962]: g3H9NvP16962: ... User unknown Apr 17 12:23:58 orca sendmail[16962]: g3H9NvP16962: from=, size=0, class=0, nrcpts=0, proto=SMTP, daemon=Daemon0, relay=l1.3web45.com [66.185.166.25] === My complaint === Content-Type: text/plain; charset="iso-8859-15" From: Admin Reply-To: abuse@2002.dolphinwave.org Organization: Private person Message-Id: <200204172048.53345@2002.dolphinwave.org> To: Abuse reports , nanas-sub@cybernothing.org, uce@ftc.gov, abuse@hotmail.com, abuse@nextlevelinternet.com, Spamtool@level3.com, abuse@level3.com, abuse@register.com, abuse@exodus.net, postmaster@nameresolve.com, postmaster@funnymoney.com, abuse@epoch.net Subject: [email] Spamming attempts/harvest verification from 3web45.com/permissionmarketing.redmoss.com! Date: Wed, 17 Apr 2002 21:22:23 +0300 X-Mailer: KMail [version 1.3.2] X-Sender: dolphin@localhost X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Status: R X-Status: N Today my mailserver has logged a delivery attempt on my e-mail, used on the Usenet newsgroup news.admin.net-abuse.email, and harvested from there! Their harvesting program made a mistake, trimming my address after the "+" symbol, so instead of usenet-apr+nanae@dolphinwave they've tried to spam the nanae@ one, collecting the bounces to their tagged e-mail box: bounce-nanae=dolphinwave.org=11=marketrefinery@bounce.3web45.com The web page at http://bounce.3web45.com replies with "403 Forbidden" and claims the server to be permissionmarketing.redmoss.com. Please, terminate spammer's accounts as soon as possible! Thanks! ======= Refusing to deal with your spammers will lead your whole IP range to be blocked from accessing my mailservers ever again, and this info will be shared with other admins and shared blocklists. Spammer: l1.3web45.com [66.185.166.25] Collects bounces to: bounce-nanae=dolphinwave.org=11=marketrefinery@bounce.3web45.com Uses the Hotmail account against their TOS: pemily@hotmail.com www.3web45.com [66.185.166.56] ============== Organization: Emily Peterson Emily Peterson 315 South Coast Highway Ste. U-162 Encinitas, CA 92024 US Phone: 760-845-2746 Email: pemily@hotmail.com Registrar Name....: Register.com Registrar Whois...: whois.register.com Registrar Homepage: http://www.register.com Domain Name: 3WEB45.COM Created on..............: Fri, Mar 22, 2002 Expires on..............: Sat, Mar 22, 2003 Record last updated on..: Mon, Apr 15, 2002 Administrative Contact: Emily Peterson Emily Peterson 315 South Coast Highway Ste. U-162 Encinitas, CA 92024 US Phone: 760-845-2746 Email: pemily@hotmail.com Technical Contact, Zone Contact: Register.Com Domain Registrar 575 8th Avenue - 11th Floor New York, NY 10018 US Phone: 902-749-2701 Fax..: 902-749-5429 Email: domain-registrar@register.com Domain servers in listed order: DNS15.REGISTER.COM 216.21.234.78 DNS16.REGISTER.COM 209.67.50.246 NextLevel Internet IP block [66.185.160.0 - 66.185.175.255]. Upstream: Level 3 (so-3-0-0.mp2.SanDiego1.Level3.net). Nameservers: register.com Mail is handled by: bounce.3web45.com [66.185.166.58] permissionmarketing.redmoss.com [66.185.166.12] =============================== Registrant: Hart Cunningham 4522 Woodman Ave. STE C211 Sherman Oaks, CA 91423 US Registrar: Dotster (http://www.dotster.com) Domain Name: REDMOSS.COM Created on: 30-OCT-01 Expires on: 02-FEB-03 Last Updated on: 17-JAN-02 Administrative Contact: Cunningham, Hart hc1231@yahoo.com 4522 Woodman Ave. STE C211 Sherman Oaks, CA 91423 US 818-817-7602 Technical Contact: Losser, Tim timlosser@funnymoney.com 433 G Street 402 San Diego, CA 92101 US 858-335-7837 858-335-7837 Domain servers in listed order: NS1.NAMERESOLVE.COM NS2.NAMERESOLVE.COM NS3.NAMERESOLVE.COM NS4.NAMERESOLVE.COM NextLevel Internet IP block [66.185.160.0 - 66.185.175.255]. Upstream: Level 3 (so-3-0-0.mp2.SanDiego1.Level3.net). www.redmoss.com [216.133.82.171] =============== Funnymoney.Com IP block [216.133.82.160 - 216.133.82.191] which is in the Epoch Networks IP range [216.132.0.0 - 216.133.255.255]. Upstream: Epoch Networks (sna-ed501.gw.epoch.net). Nameservers: nameresolve.com Mail is handled by: MAIL.redmoss.com [216.133.82.171] === Web page source === GET / HTTP/1.1 Host: bounce.3web45.com Connection: close Read 493 bytes from host bounce.3web45.com, path / HTTP/1.1 403 Forbidden Date: Wed, 17 Apr 2002 18:05:39 GMT Server: Apache/1.3.23 (Unix) PHP/4.1.2 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 11e 403 Forbidden

Forbidden

You don't have permission to access / on this server.

Apache/1.3.23 Server at permissionmarketing.redmoss.com Port 80
0 ======= Sendmail logs (GMT+0300) ======= Apr 17 12:23:58 orca sendmail[16962]: g3H9NvP16962: ... User unknown Apr 17 12:23:58 orca sendmail[16962]: g3H9NvP16962: from=, size=0, class=0, nrcpts=0, proto=SMTP, daemon=Daemon0, relay=l1.3web45.com [66.185.166.25] === More spamming attempts (GMT+0300) === Apr 18 13:04:59 orca sendmail[23700]: g3IA4wP23700: ruleset=check_relay, arg1=l2.3web45.com, arg2=66.185.166.26, relay=l2.3web45.com [66.185.166.26], reject=550 5.0.0 Access denied - spammers/harvesters - http://www.DolphinWave.org/spam/66.185.166.0-66.185.166.255_216.133.82.160-216.133.82.191_3web45.com_redmoss.com.txt Apr 18 13:05:00 orca sendmail[23700]: NOQUEUE: l2.3web45.com [66.185.166.26] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 -- Apr 18 16:08:39 orca sendmail[24579]: g3ID8cP24579: ruleset=check_relay, arg1=l6.3web45.com, arg2=66.185.166.30, relay=l6.3web45.com [66.185.166.30], reject=550 5.0.0 Access denied - spammers/harvesters - http://www.DolphinWave.org/spam/66.185.166.0-66.185.166.255_216.133.82.160-216.133.82.191_3web45.com_redmoss.com.txt Apr 18 16:08:40 orca sendmail[24579]: NOQUEUE: l6.3web45.com [66.185.166.30] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 -- Apr 18 16:08:44 orca sendmail[24580]: g3ID8cP24580: ruleset=check_relay, arg1=l6.3web45.com, arg2=66.185.166.30, relay=l6.3web45.com [66.185.166.30], reject=550 5.0.0 Access denied - spammers/harvesters - http://www.DolphinWave.org/spam/66.185.166.0-66.185.166.255_216.133.82.160-216.133.82.191_3web45.com_redmoss.com.txt Apr 18 16:08:45 orca sendmail[24580]: NOQUEUE: l6.3web45.com [66.185.166.30] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 === My second complaint === Content-Type: text/plain; charset="iso-8859-15" From: Admin Reply-To: abuse@2002.dolphinwave.org Organization: Private person Message-Id: <200204182150.02941@2002.dolphinwave.org> To: Abuse reports , nanas-sub@cybernothing.org, uce@ftc.gov, abuse@hotmail.com, abuse@nextlevelinternet.com, Spamtool@level3.com, abuse@level3.com, abuse@register.com, abuse@exodus.net, abuse@dotster.com, postmaster@funnymoney.com, abuse@epoch.net Subject: [email] More spamming attempts from 3web45.com / redmoss.com spammers and Usenet harvesters! Date: Thu, 18 Apr 2002 22:11:16 +0300 X-Mailer: KMail [version 1.3.2] X-Sender: dolphin@localhost X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Status: R X-Status: N My mailserver keeps rejecting the spam from those 3web45.com/redmoss.com spammers and Usenet harvesters, every several hours! More info and proof of them harvesting e-mail addresses from the Usenet newsgroups, and then spamming/validating them, is in my previous complaint that was archived on the news.admin.net-abuse.sightings Usenet forum: http://groups.google.com/groups?as_umsgid=200204172048.53345@2002.dolphinwave.org Please, terminate the spammer's accounts as soon as possible! Thanks! ======= ======= Sendmail logs (GMT+0300) ======= Apr 18 13:04:59 orca sendmail[23700]: g3IA4wP23700: ruleset=check_relay, arg1=l2.3web45.com, arg2=66.185.166.26, relay=l2.3web45.com [66.185.166.26], reject=550 5.0.0 Access denied - spammers/harvesters - http://www.DolphinWave.org/spam/66.185.166.0-66.185.166.255_216.133.82.160-216.133.82.191_3web45.com_redmoss.com.txt Apr 18 13:05:00 orca sendmail[23700]: NOQUEUE: l2.3web45.com [66.185.166.26] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 -- Apr 18 16:08:39 orca sendmail[24579]: g3ID8cP24579: ruleset=check_relay, arg1=l6.3web45.com, arg2=66.185.166.30, relay=l6.3web45.com [66.185.166.30], reject=550 5.0.0 Access denied - spammers/harvesters - http://www.DolphinWave.org/spam/66.185.166.0-66.185.166.255_216.133.82.160-216.133.82.191_3web45.com_redmoss.com.txt Apr 18 16:08:40 orca sendmail[24579]: NOQUEUE: l6.3web45.com [66.185.166.30] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 -- Apr 18 16:08:44 orca sendmail[24580]: g3ID8cP24580: ruleset=check_relay, arg1=l6.3web45.com, arg2=66.185.166.30, relay=l6.3web45.com [66.185.166.30], reject=550 5.0.0 Access denied - spammers/harvesters - http://www.DolphinWave.org/spam/66.185.166.0-66.185.166.255_216.133.82.160-216.133.82.191_3web45.com_redmoss.com.txt Apr 18 16:08:45 orca sendmail[24580]: NOQUEUE: l6.3web45.com [66.185.166.30] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 l2.3web45.com [66.185.166.26] ============= Organization: Emily Peterson Emily Peterson 315 South Coast Highway Ste. U-162 Encinitas, CA 92024 US Phone: 760-845-2746 Email: pemily@hotmail.com Registrar Name....: Register.com Registrar Whois...: whois.register.com Registrar Homepage: http://www.register.com Domain Name: 3WEB45.COM Created on..............: Fri, Mar 22, 2002 Expires on..............: Sat, Mar 22, 2003 Record last updated on..: Mon, Apr 15, 2002 Administrative Contact: Emily Peterson Emily Peterson 315 South Coast Highway Ste. U-162 Encinitas, CA 92024 US Phone: 760-845-2746 Email: pemily@hotmail.com Technical Contact, Zone Contact: Register.Com Domain Registrar 575 8th Avenue - 11th Floor New York, NY 10018 US Phone: 902-749-2701 Fax..: 902-749-5429 Email: domain-registrar@register.com Domain servers in listed order: DNS15.REGISTER.COM 216.21.234.78 DNS16.REGISTER.COM 209.67.50.246 NextLevel Internet IP block [66.185.160.0 - 66.185.175.255]. Upstream: Level 3 (so-3-0-0.mp2.SanDiego1.Level3.net). Nameservers: register.com Mail is handled by: bounce.3web45.com [66.185.166.58] === Web page source === GET / HTTP/1.1 Host: bounce.3web45.com Connection: close Read 493 bytes from host bounce.3web45.com, path / HTTP/1.1 403 Forbidden Date: Wed, 17 Apr 2002 18:05:39 GMT Server: Apache/1.3.23 (Unix) PHP/4.1.2 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 11e 403 Forbidden

Forbidden

You don't have permission to access / on this server.

Apache/1.3.23 Server at permissionmarketing.redmoss.com Port 80
0 www.redmoss.com [216.133.82.171] =============== Registrant: Hart Cunningham 4522 Woodman Ave. STE C211 Sherman Oaks, CA 91423 US Registrar: Dotster (http://www.dotster.com) Domain Name: REDMOSS.COM Created on: 30-OCT-01 Expires on: 02-FEB-03 Last Updated on: 17-JAN-02 Administrative Contact: Cunningham, Hart hc1231@yahoo.com 4522 Woodman Ave. STE C211 Sherman Oaks, CA 91423 US 818-817-7602 Technical Contact: Losser, Tim timlosser@funnymoney.com 433 G Street 402 San Diego, CA 92101 US 858-335-7837 858-335-7837 Domain servers in listed order: NS1.NAMERESOLVE.COM NS2.NAMERESOLVE.COM NS3.NAMERESOLVE.COM NS4.NAMERESOLVE.COM Funnymoney.Com IP block [216.133.82.160 - 216.133.82.191] which is in the Epoch Networks IP range [216.132.0.0 - 216.133.255.255]. Upstream: Epoch Networks (sna-ed501.gw.epoch.net). Nameservers: nameresolve.com Mail is handled by: MAIL.redmoss.com [216.133.82.171]