Igor Zaitsev / mail15.com: Long-time persistent spammers of Usenet, Web, and Yahoo Groups harvested e-mail addresses, safely hosted by SIANT/SOVAM/TeleRoss Russian spamhaus! Update: 16-Sep-2003: Sovintel has finally booted them (their lawers did it?!), and they've moved to ZAO MTU-Intel. mail15.com, [62.118.249.0 - 62.118.249.255], [194.186.131.64 - 194.186.131.127]: Access denied! === My 1st complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Spam (web harvest: mail15.com)! [Fwd: new mail ######] Date: Mon, 14 Jul 2003 17:41:58 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1707137 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, noc@sovam.com, abuse@sovam.com, 5673.g23@g23.relcom.ru, postmaster@gldn.net, abuse@verizon.net, postmaster@verizon.net, christian.andersen@verizon.com, postmaster@oan.es X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200307141741.58063@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: Spam on my webmaster@ role account, used on my web pages only, and harvested from there! Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! Spammer: crtntx1-ar10-4-46-228-054.crtntx1.dsl-verizon.net [4.46.228.54] Mail from: dowler@oan.es Remove box: unsubscribe@mail15.com Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 14-Jul-2003 10:39:28 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 Perviy Gorodskoy Bank IP block [194.186.131.0 - 194.186.131.255]. Upstream: Teleross Ltd (cat01.Moscow.gldn.net). Nameservers: imap.mail15.com <== SPAMMERS. ---------- Forwarded Message ---------- Received: from aol.com (crtntx1-ar10-4-46-228-054.crtntx1.dsl-verizon.net [4.46.228.54]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h6EAVJW3017447 for ; Mon, 14 Jul 2003 13:31:45 +0300 Date: Mon, 14 Jul 2003 10:27:45 +0000 From: dowler@oan.es Subject: new mail ####### To: Webmaster References: <5D54EHF4DK8D324K@dolphinwave.org> In-Reply-To: <5D54EHF4DK8D324K@dolphinwave.org> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. Если вы не хотите получать более данную рассылку, пишите mailto:unsubscribe@mail15.com?subject=unsubscribe ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; If you wish to be removed: mailto:unsubscribe@mail15.com?subject=unsubscrib ######### ------------------------------------------------------- === My 2nd complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Repeating spammers (Usenet harvest: mail15.com)! [Fwd: new mail #########] Date: Tue, 29 Jul 2003 00:34:24 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1707863 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, noc@sovam.com, abuse@sovam.com, 5673.g23@g23.relcom.ru, postmaster@gldn.net, abuse@centurytel.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200307290034.24550@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the second, the SAME spam from these abusers, who harvest e-mail addresses from web pages and Usenet newsgroups! This one was targeting my e-mail address, used for spam complaints in this year only, and harvested from the news.admin.net-abuse.sightings Usenet newsgroup! Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Внимание: Первый Городской Банк! Если mail15.com все еще будет на Вашем сервере после 1-ого августа, весь Ваш [194.186.131.0 - 194.186.131.255] будет заблокирован на моем сервере, и этой информацией я поделюсь с другими админами. Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! Spammer: vi-p1-3.rb3.laj.centurytel.net [69.29.28.3] Mail from: Hans_Boehm@vi-p1-3.rb3.laj.centurytel.net Remove box: unsubscribe@mail15.com Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 28-Jul-2003 17:24:21 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 Perviy Gorodskoy Bank IP block [194.186.131.0 - 194.186.131.255]. Upstream: Teleross Ltd (cat01.Moscow.gldn.net). Nameservers: imap.mail15.com <== SPAMMERS. ---------- Forwarded Message ---------- Received: from vi-p1-3.rb3.laj.centurytel.net (vi-p1-3.rb3.laj.centurytel.net [69.29.28.3]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h6SKfd5r002932 for ; Mon, 28 Jul 2003 23:41:48 +0300 Date: Mon, 28 Jul 2003 20:36:55 +0000 From: Hans_Boehm@vi-p1-3.rb3.laj.centurytel.net Subject: new mail ######### To: Abuse References: <== FAKE In-Reply-To: <== FAKE Message-ID: <551D109I0H6G084H@vi-p1-3.rb3.laj.centurytel.net> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.20.0.1; VDF 6.20.0.49 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. Если вы не хотите получать более данную рассылку, пишите mailto:unsubscribe@mail15.com?subject=unsubscribe ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; If you wish to be removed: mailto:unsubscribe@mail15.com?subject=unsubscrib ########## ------------------------------------------------------- ======= PREVIOUS SPAM WAS ======= === My 3rd complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Persistent spammers (Yahoo Groups harvest: mail15.com)! [Fwd: new mail ######] Date: Wed, 30 Jul 2003 02:16:51 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1707907 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, noc@sovam.com, abuse@sovam.com, iga@sovam.com, iptech@sovam.com, postmaster@gldn.net, abuse@verizon.net, postmaster@verizon.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200307300216.51943@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the THIRD the SAME spam from these abusers, who harvest e-mail addresses from web pages, Usenet newsgroups, and Yahoo Groups! This one was targeting my e-mail address, used for signing up with the Yahoo Groups services (yahoo-reg@... - tagged)! Previous spams from these abusers were complained by me, and are archived on Google: http://groups.google.com/groups?selm=200307141741.58063%402003.dolphinwave.org http://groups.google.com/groups?selm=200307290034.24550%402003.dolphinwave.org Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! Spammer: pool-151-199-133-13.norf.east.verizon.net [151.199.133.13] Mail from: Standish@post.tele.dk Remove box: unsubscribe@mail15.com Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 28-Jul-2003 17:24:21 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 SIANT IP block [194.186.131.64 - 194.186.131.127] which is in the SOVAM IP range [194.186.0.0 - 194.186.255.255]. Upstream: Teleross Ltd (cat01.Moscow.gldn.net). Nameservers: imap.mail15.com <== SPAMMERS. ---------- Forwarded Message ---------- Received: from mail.ru (pool-151-199-133-13.norf.east.verizon.net [151.199.133.13]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h6TDGq5r003914 for ; Tue, 29 Jul 2003 16:18:08 +0300 Date: Tue, 29 Jul 2003 13:13:24 +0000 From: Standish@post.tele.dk Subject: new mail ####### To: Yahoo-reg References: <== FAKE In-Reply-To: <== FAKE Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.20.0.1; VDF 6.20.0.49 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. Если вы не хотите получать более данную рассылку, пишите mailto:unsubscribe@mail15.com?subject=unsubscribe ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; If you wish to be removed: mailto:unsubscribe@mail15.com?subject=unsubscrib ########### ------------------------------------------------------- ======= PREVIOUS SPAMS WERE ======= === My 4th complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Persistent spammers (Yahoo Groups harvest: mail15.com)! [Fwd: new mail ######] Date: Thu, 31 Jul 2003 02:16:44 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1707979 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, noc@sovam.com, abuse@sovam.com, iga@sovam.com, konor@sovam.com, iptech@sovam.com, domaintech@SOVAM.COM, postmaster@gldn.net, abuse@verizon.net, postmaster@verizon.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200307310216.44979@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the FOURTH the SAME spam from these abusers, who harvest e-mail addresses from web pages, Usenet newsgroups, and Yahoo Groups! This one was targeting my e-mail address, used for signing up with the Yahoo Groups services (yahoo-reg@... - tagged)! Previous spams from these abusers were complained by me, and are archived on Google: http://groups.google.com/groups?selm=200307141741.58063%402003.dolphinwave.org http://groups.google.com/groups?selm=200307290034.24550%402003.dolphinwave.org http://groups.google.com/groups?selm=200307300216.51943%402003.dolphinwave.org Please, terminate the spammer's accounts as soon as possible! Thanks! ======= ATTN: SIANT/SOVAM! If these persistent abusers will still be your customers during their next spam run, I will drop into deny tables your whole 194.186.0.0/16 IP range for the blatant spam support and ignoring complaints. And I will make sure to do the post to the news.admin.net-abuse.email Usenet newsgroup, with the appropriate "BLOCK" advice. Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! Spammer: pool-151-203-185-242.wma.east.verizon.net [151.203.185.242] Mail from: bwelling@linux.org.pl Remove box: unsubscribe@mail15.com Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 28-Jul-2003 17:24:21 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 SIANT IP block [194.186.131.64 - 194.186.131.127] which is in the SOVAM IP range [194.186.0.0 - 194.186.255.255]. Upstream: Teleross Ltd (cat01.Moscow.gldn.net). Nameservers: imap.mail15.com <== SPAMMERS. ---------- Forwarded Message ---------- Received: from yandex.ru (pool-151-203-185-242.wma.east.verizon.net [151.203.185.242]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h6UM4D5r021526 for ; Thu, 31 Jul 2003 01:04:34 +0300 Date: Wed, 30 Jul 2003 21:59:47 +0000 From: bwelling@linux.org.pl Subject: new mail ####### To: Yahoo-reg References: <6F8E1E0C4II4BL77@dolphinwave.org> <== FAKE In-Reply-To: <6F8E1E0C4II4BL77@dolphinwave.org> <== FAKE Message-ID: <17I7CHFL6561E5LK@linux.org.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.20.0.1; VDF 6.20.0.51 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. Если вы не хотите получать более данную рассылку, пишите mailto:unsubscribe@mail15.com?subject=unsubscribe ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; If you wish to be removed: mailto:unsubscribe@mail15.com?subject=unsubscrib ########## ------------------------------------------------------- ======= PREVIOUS SPAMS WERE ======= === My 5th complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Persistent spammers (WHOIS harvest: mail15.com)! [Fwd: new mail #######] Date: Wed, 6 Aug 2003 17:45:02 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1708373 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, noc@sovam.com, abuse@sovam.com, iga@sovam.com, konor@sovam.com, iptech@sovam.com, domaintech@SOVAM.COM, postmaster@gldn.net, abuse@net-yan.com, abuse@hutchcity.com X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200308061745.02189@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the FIFTH the SAME spam from these abusers, who harvest e-mail addresses from web pages, Usenet newsgroups, and Yahoo Groups! Previous spams from these abusers were complained by me, and are archived on Google: http://groups.google.com/groups?selm=200307141741.58063%402003.dolphinwave.org http://groups.google.com/groups?selm=200307290034.24550%402003.dolphinwave.org http://groups.google.com/groups?selm=200307300216.51943%402003.dolphinwave.org http://groups.google.com/groups?selm=200307310216.44979%402003.dolphinwave.org Please, terminate the spammer's accounts as soon as possible! Thanks! ======= ATTN: SIANT/SOVAM! For your blatant spam support and ignoring complaints, your whole 194.186.0.0/16 IP range will be permanently blocked here, and this information will be shared on news.admin.net-abuse.email. Spammer: [210.3.71.131] Hutchison Global Crossing IP block [210.3.0.0 - 210.3.127.255]. Mail from (forgery): mdem@alfarrabio.di.uminho.pt Remove box: unsubscribe@mail15.com Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 28-Jul-2003 17:24:21 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 SIANT IP block [194.186.131.64 - 194.186.131.127] which is in the SOVAM IP range [194.186.0.0 - 194.186.255.255]. Upstream: Teleross Ltd (cat01.Moscow.gldn.net). Nameservers: imap.mail15.com <== SPAMMERS. ---------- Forwarded Message ---------- Received: from mail.ru ([210.3.71.131]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h76E0c8H001106 for ; Wed, 6 Aug 2003 17:00:44 +0300 Date: Wed, 06 Aug 2003 13:55:32 +0000 From: mdem@alfarrabio.di.uminho.pt Subject: new mail ####### To: Abuse References: <5EE1D0C3HH637D9G@dolphinwave.org> <== FAKE In-Reply-To: <5EE1D0C3HH637D9G@dolphinwave.org> <== FAKE Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.21.0.0; VDF 6.21.0.5 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. Если вы не хотите получать более данную рассылку, пишите mailto:unsubscribe@mail15.com?subject=unsubscribe ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; If you wish to be removed: mailto:unsubscribe@mail15.com?subject=unsubscrib ############ ------------------------------------------------------- ======= PREVIOUS SPAMS WERE ======= === My 6th complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Long-time persistent spammers: mail15.com [Fwd: Re: new mail ########] Date: Fri, 5 Sep 2003 01:49:39 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1709927 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, danielle.zhou@bj.datadragon.net, bill.pang@bj.datadragon.net, ipas@cnnic.net.cn, noc@sovam.com, abuse@sovam.com, iga@sovam.com, konor@sovam.com, iptech@sovam.com, domaintech@SOVAM.COM, postmaster@gldn.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200309050149.39216@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the SIXTH the SAME spam from these abusers, who harvest e-mail addresses from web pages, Usenet newsgroups, and Yahoo Groups! Previous spams from these abusers were complained by me, and are archived on Google: http://groups.google.com/groups?selm=200307141741.58063%402003.dolphinwave.org http://groups.google.com/groups?selm=200307290034.24550%402003.dolphinwave.org http://groups.google.com/groups?selm=200307300216.51943%402003.dolphinwave.org http://groups.google.com/groups?selm=200307310216.44979%402003.dolphinwave.org http://groups.google.com/groups?selm=200308061745.02189%402003.dolphinwave.org But the spammers are STILL being hosted on the SAME SIANT/SOVAM IPs, despite on numerous complaints! Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Spammer: [218.247.228.188] BEIJING SHI-SHANG-JIA-YUAN IP block [218.247.228.160 - 218.247.228.255]. Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 4-Sep-2003 18:43:53 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 SIANT IP block [194.186.131.64 - 194.186.131.127] which is in the SOVAM IP range [194.186.0.0/16] (note the spammer's address in the ARIN record). Upstream: Teleross (cat01.Moscow.gldn.NET). Nameservers: MAIL15.COM. $ jwhois 194.186.131.96 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 194.186.131.64 - 194.186.131.127 netname: SIANT descr: SIANT Ltd. country: RU admin-c: ZI21-RIPE tech-c: ZI21-RIPE status: ASSIGNED PA mnt-by: AS3216-MNT changed: iga@sovam.com 20030717 source: RIPE route: 194.186.0.0/16 descr: SOVAM DELEGATED BLOCK-2 origin: AS3216 notify: iptech@sovam.com mnt-by: AS3216-MNT changed: iga@sovam.com 19960708 source: RIPE person: Zaitsev Igor address: Profsousnaya str., 84/32, k.602t address: Moscow, RUSSIA phone: + 7 095 333-41-24 e-mail: zaitsev@mail15.com notify: zaitsev@mail15.com nic-hdl: ZI21-RIPE changed: zaitsev@mail15.com 20030807 source: RIPE ---------- Forwarded Message ---------- Received: from compuserve.com ([218.247.228.188]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h84Jdjoj021035 for ; Thu, 4 Sep 2003 22:39:52 +0300 Date: Thu, 04 Sep 2003 19:39:52 +0000 From: fiji@veus.hr Subject: Re: new mail ########## To: Abuse References: <7I9194HJ6B6B1I6C@dolphinwave.org> In-Reply-To: <7I9194HJ6B6B1I6C@dolphinwave.org> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.21.0.1; VDF 6.21.0.34 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: 7Hag8aamTiTXeU1QeL6T3GY2ePxGx7iFNtV English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; XE5kxo3vDYxudiBVltUnwJWdt3wXR0 ROEYacneH1cewox7kToftW0e9ihFgaG9Zj8awwnd ------------------------------------------------------- ======= PREVIOUS SPAMS WERE ======= === My 7th complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Long-time persistent spammers: mail15.com [Fwd: Re: new mail #########] Date: Fri, 5 Sep 2003 01:51:25 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1709928 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, abuse@t-online.de, abuse@t-dialin.net, noc@sovam.com, abuse@sovam.com, iga@sovam.com, konor@sovam.com, iptech@sovam.com, domaintech@SOVAM.COM, postmaster@gldn.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200309050151.25783@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the SEVENTH the SAME spam from these abusers, who harvest e-mail addresses from web pages, Usenet newsgroups, and Yahoo Groups! Previous spams from these abusers were complained by me, and are archived on Google: http://groups.google.com/groups?selm=200307141741.58063%402003.dolphinwave.org http://groups.google.com/groups?selm=200307290034.24550%402003.dolphinwave.org http://groups.google.com/groups?selm=200307300216.51943%402003.dolphinwave.org http://groups.google.com/groups?selm=200307310216.44979%402003.dolphinwave.org http://groups.google.com/groups?selm=200308061745.02189%402003.dolphinwave.org http://groups.google.com/groups?selm=200309050149.39216%402003.dolphinwave.org But the spammers are STILL being hosted on the SAME SIANT/SOVAM IPs, despite on numerous complaints! Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Spammer: pD9E67567.dip.t-dialin.net [217.230.117.103] Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 4-Sep-2003 18:43:53 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 SIANT IP block [194.186.131.64 - 194.186.131.127] which is in the SOVAM IP range [194.186.0.0/16] (note the spammer's address in the ARIN record). Upstream: Teleross (cat01.Moscow.gldn.NET). Nameservers: MAIL15.COM. $ jwhois 194.186.131.96 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 194.186.131.64 - 194.186.131.127 netname: SIANT descr: SIANT Ltd. country: RU admin-c: ZI21-RIPE tech-c: ZI21-RIPE status: ASSIGNED PA mnt-by: AS3216-MNT changed: iga@sovam.com 20030717 source: RIPE route: 194.186.0.0/16 descr: SOVAM DELEGATED BLOCK-2 origin: AS3216 notify: iptech@sovam.com mnt-by: AS3216-MNT changed: iga@sovam.com 19960708 source: RIPE person: Zaitsev Igor address: Profsousnaya str., 84/32, k.602t address: Moscow, RUSSIA phone: + 7 095 333-41-24 e-mail: zaitsev@mail15.com notify: zaitsev@mail15.com nic-hdl: ZI21-RIPE changed: zaitsev@mail15.com 20030807 source: RIPE ---------- Forwarded Message ---------- Received: from compuserve.com (pD9E67567.dip.t-dialin.net [217.230.117.103]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h84Jggoj021391 for ; Thu, 4 Sep 2003 22:43:12 +0300 Date: Thu, 04 Sep 2003 19:43:20 +0000 From: chaffee@kobayashimaru.org Subject: Re: new mail ########### To: Abuse References: <6EC3HC1968DELEH5@2003.dolphinwave.org> In-Reply-To: <6EC3HC1968DELEH5@2003.dolphinwave.org> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.21.0.1; VDF 6.21.0.34 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: VZZvEJ3jA7KxtG3gnMvX95kTxdIqOnOJmNf English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; 2yil9p7GTNIacxFaGKvAtTiIxTzt5m y8WQu5hCLbqwkE30NJLij42DNAlmRrKpAHh4MzHz ------------------------------------------------------- ======= PREVIOUS SPAMS WERE ======= === My 8th complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Long-time persistent spammers: mail15.com/SIANT/SOVAM/Teleross [Fwd: Re: new mail ########] Date: Mon, 8 Sep 2003 14:56:08 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1710091 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, noc@sovam.com, abuse@sovam.com, iga@sovam.com, konor@sovam.com, iptech@sovam.com, domaintech@SOVAM.COM, postmaster@gldn.net, abuse@sovintel.ru, postmaster@sovintel.net, abuse@sprint.net, abuse@chartertn.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200309081456.08911@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the EIGHTS the SAME spam from these abusers, who harvest e-mail addresses from web pages, Usenet newsgroups, and Yahoo Groups! Previous spams from these abusers were complained by me, and are archived on Google: http://groups.google.com/groups?selm=200307141741.58063%402003.dolphinwave.org http://groups.google.com/groups?selm=200307290034.24550%402003.dolphinwave.org http://groups.google.com/groups?selm=200307300216.51943%402003.dolphinwave.org http://groups.google.com/groups?selm=200307310216.44979%402003.dolphinwave.org http://groups.google.com/groups?selm=200308061745.02189%402003.dolphinwave.org http://groups.google.com/groups?selm=200309050149.39216%402003.dolphinwave.org http://groups.google.com/groups?selm=200309050151.25783%402003.dolphinwave.org But the spammers are STILL being hosted on the SAME SIANT/SOVAM IPs, despite on numerous complaints (just note the SIANT IP range whois, they ARE the spammers!). Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Spammer: clarksville-24-159-52-156.midtn.chartertn.net [24.159.52.156] Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 8-Sep-2003 07:42:58 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 SIANT IP block [194.186.131.64 - 194.186.131.127] <== SPAMMERS which is in the SOVAM IP range [194.186.0.0/16] (note the spammer's address in the ARIN record). Upstream: Teleross (cat01.Moscow.gldn.NET). Their upstream: Sprint (sle-golde6-2-0.sprintlink.net). Nameservers: MAIL15.COM. $ jwhois 194.186.131.96 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 194.186.131.64 - 194.186.131.127 netname: SIANT descr: SIANT Ltd. country: RU admin-c: ZI21-RIPE tech-c: ZI21-RIPE status: ASSIGNED PA mnt-by: AS3216-MNT changed: iga@sovam.com 20030717 source: RIPE route: 194.186.0.0/16 descr: SOVAM DELEGATED BLOCK-2 origin: AS3216 notify: iptech@sovam.com mnt-by: AS3216-MNT changed: iga@sovam.com 19960708 source: RIPE person: Zaitsev Igor address: Profsousnaya str., 84/32, k.602t address: Moscow, RUSSIA phone: + 7 095 333-41-24 e-mail: zaitsev@mail15.com notify: zaitsev@mail15.com nic-hdl: ZI21-RIPE changed: zaitsev@mail15.com 20030807 source: RIPE ---------- Forwarded Message ---------- Received: from compuserve.com (clarksville-24-159-52-156.midtn.chartertn.net [24.159.52.156]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h889OB7b023429 for ; Mon, 8 Sep 2003 12:24:21 +0300 Date: Mon, 08 Sep 2003 09:24:05 +0000 From: seanius@k64.dk Subject: Re: new mail ########## To: Yahoo-reg References: In-Reply-To: Message-ID: <44C0L47676GI1L1F@k64.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.21.0.1; VDF 6.21.0.37 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: ######################### English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; ####################### ########################### ------------------------------------------------------- === Posting about it to the news.admin.net-abuse.email === Path: uni-berlin.de!217.22.112.151!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: [BLOCK] SIANT/SOVAM/TeleRoss: Russian spamhaus (mail15.com) Date: 6 Aug 2003 15:06:32 GMT Organization: Private person Lines: 43 Sender: Alexander Sheremet Message-ID: NNTP-Posting-Host: 217.22.112.151 X-Trace: news.uni-berlin.de 1060182392 29108807 217.22.112.151 (16 [104765]) X-SPEWS: I am not X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:2042390 Their spammers, mail15.com, have already spammed my various e-mail addresses, harvested from Usenet, Yahoo Groups, and WHOIS, for the 5th time today during these 3 weeks. The 5th complaint just went to SIANT/SOVAM, but the spammers' site is still on the same IPs that it was 3 weeks ago: [194.186.131.96-97]. The last spam headers (hashbusters/tags were removed): Received: from mail.ru ([210.3.71.131]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h76E0c8H001106 for ; Wed, 6 Aug 2003 17:00:44 +0300 Date: Wed, 06 Aug 2003 13:55:32 +0000 From: mdem@alfarrabio.di.uminho.pt Subject: new mail ####### To: Abuse References: <5EE1D0C3HH637D9G@dolphinwave.org> <== FAKE In-Reply-To: <5EE1D0C3HH637D9G@dolphinwave.org> <== FAKE Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.21.0.0; VDF 6.21.0.5 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: <...> We are glad to invite you at new free mail service http://www.mail15.com. <...> If you wish to be removed: mailto:unsubscribe@mail15.com?subject=unsubscrib ############ Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Other people have the same problem with this spamhaus. Reply 1 === Path: uni-berlin.de!212.50.17.121!not-for-mail From: Anri Erinin Newsgroups: news.admin.net-abuse.email Subject: Re: [BLOCK] SIANT/SOVAM/TeleRoss: Russian spamhaus (mail15.com) Date: Thu, 07 Aug 2003 01:07:54 +0400 Lines: 23 Message-ID: References: NNTP-Posting-Host: 212.50.17.121 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Trace: news.uni-berlin.de 1060204097 29217566 212.50.17.121 (16 [115151]) User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en, ru In-Reply-To: Xref: uni-berlin.de news.admin.net-abuse.email:2042738 Dolphin wrote: > Their spammers, mail15.com, have already spammed my various e-mail addresses, > harvested from Usenet, Yahoo Groups, and WHOIS, for the 5th time today during > these 3 weeks. The 5th complaint just went to SIANT/SOVAM, but the spammers' > site is still on the same IPs that it was 3 weeks ago: [194.186.131.96-97]. Seconded. http://www.google.com/groups?selm=3ECFC88C.6040605%40rambler.ru http://www.google.com/groups?selm=3EF4BE1A.9000309%40rambler.ru They have been booted by RTCOMM? Unbelievable.... for the record: Canonical name: www.mail15.com Addresses: 194.186.131.96 -- RFC1505: A usenet news posting program should generate an encoding showing which is the text and which is the signature area of the posted message. === Reply 2 === Path: uni-berlin.de!fu-berlin.de!in.100proofnews.com!in.100proofnews.com!pd2nf1so.cg.shawcable.net!residential.shaw.ca!sn-xit-03!sn-xit-01!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: Stephen White Newsgroups: news.admin.net-abuse.email Subject: Re: [BLOCK] SIANT/SOVAM/TeleRoss: Russian spamhaus (mail15.com) Date: Wed, 06 Aug 2003 17:42:40 +0100 Organization: Posted via Supernews, http://www.supernews.com Message-ID: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030508 X-Accept-Language: en, en-us MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 15 Xref: uni-berlin.de news.admin.net-abuse.email:2042460 Dolphin wrote: > We are glad to invite you at new free mail service http://www.mail15.com. If they're spamming themselves that probably explains why the 419ers are keen to use them for drop boxes, like Mr id_mohamed03@mail15.com who has hit several of my mailing list addresses already. *checks spam folder* I note I've actually got copies of the spam inviting me to use their new free mail service too. Among the list of points they're selling it on is: 6) antivirus and antispam control; I wonder if that means they whitelist their own addresses :) === Reply 3 === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net!border3.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.speakeasy.net!news.speakeasy.net.POSTED!not-for-mail NNTP-Posting-Date: Wed, 06 Aug 2003 10:39:14 -0500 References: Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Sam X-PGP-KEY: http://www.courier-mta.org/KEYS.bin Newsgroups: news.admin.net-abuse.email Subject: Re: SIANT/SOVAM/TeleRoss: Russian spamhaus (mail15.com) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=_mimegpg-ny.email-scan.com-27742-1060184353-0002"; micalg=pgp-sha1; protocol="application/pgp-signature" Date: Wed, 06 Aug 2003 10:39:14 -0500 Lines: 40 NNTP-Posting-Host: 66.92.103.29 X-Trace: sv3-XRSvHIouhpK9izuUU4dttlMYrf7DymmhglPMBmSSMqsG3m873SWPbtBCoIibaEuCq7fJYChR4vlaGpL!Kiz1pMpXl+AXlNaw45WDOEEQGQsfkIJMNhDa8v9CuGnLWvSf+pdzZWpgZaS09e+kZ79alX/Gjz1f!kDrVA8vJetO8m+S6jKIg5AA6FgPN17gz4Q== X-Complaints-To: abuse@speakeasy.net X-DMCA-Complaints-To: abuse@speakeasy.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:2042421 This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet software does not support MIME signed messages. --=_mimegpg-ny.email-scan.com-27742-1060184353-0002 Content-Type: text/plain; format=flowed; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit Dolphin writes: > Their spammers, mail15.com, have already spammed my various e-mail addresses, > harvested from Usenet, Yahoo Groups, and WHOIS, for the 5th time today during > these 3 weeks. The 5th complaint just went to SIANT/SOVAM, but the spammers' > site is still on the same IPs that it was 3 weeks ago: [194.186.131.96-97]. Try the following bitch list: To: abuse@sovam.com To: iptech@sovam.com To: iga@sovam.com To: andrei@sovam.com To: noc@sovam.com mail15.com spew stopped coming after I nastygrammed this list. abuse@sovam.com has an autoresponder. --=_mimegpg-ny.email-scan.com-27742-1060184353-0002 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/MSEhx9p3GYHlUOIRAkefAJ9aenyWXlOSGcmCAbbSAVCp/z6d/QCeIX7J C4MUqUIDQg49pBNTnYgO558= =3VV4 -----END PGP SIGNATURE----- --=_mimegpg-ny.email-scan.com-27742-1060184353-0002-- === Reply 4 === Path: uni-berlin.de!217.22.112.151!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SIANT/SOVAM/TeleRoss: Russian spamhaus (mail15.com) Date: 7 Aug 2003 00:00:11 GMT Organization: Private person Lines: 30 Sender: Alexander Sheremet Message-ID: References: NNTP-Posting-Host: 217.22.112.151 X-Trace: news.uni-berlin.de 1060214411 28659423 217.22.112.151 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:2042844 #begin sam@email-scan.com.exe (or was it Sam.com) message reply: > Try the following bitch list: > > To: abuse@sovam.com > To: iptech@sovam.com > To: iga@sovam.com > To: andrei@sovam.com > To: noc@sovam.com Add to it konor@sovam.com, domaintech@SOVAM.COM, postmaster@gldn.net and it will be the list where I send my complaints for the last 2-3 times. Although, it had no andrei@sovam.com yet. I will add that one to my next complaint. > mail15.com spew stopped coming after I nastygrammed this list. > abuse@sovam.com has an autoresponder. Mine still flows. Can it be that they've listwashed you? I munge my e-mail boxes when send complaints. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Reply 5 === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net!small1.nntp.aus1.giganews.com!border1.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.speakeasy.net!news.speakeasy.net.POSTED!not-for-mail NNTP-Posting-Date: Wed, 06 Aug 2003 20:13:01 -0500 References: Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Sam X-PGP-KEY: http://www.courier-mta.org/KEYS.bin Newsgroups: news.admin.net-abuse.email Subject: Re: SIANT/SOVAM/TeleRoss: Russian spamhaus (mail15.com) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=_mimegpg-ny.email-scan.com-30647-1060218739-0015"; micalg=pgp-sha1; protocol="application/pgp-signature" Date: Wed, 06 Aug 2003 20:13:01 -0500 Lines: 39 NNTP-Posting-Host: 66.92.103.29 X-Trace: sv3-A29GmhOXbuqo239qHkCFYBvLGX0+d5TqLmOHRQMCS0XADxIbL2Xkqr4nS3mPa2SAbftndwVfNiz54IA!fN22U6Wk1W2LY/+XcBiK0QuxGz/oy8AVmChR/8nnqaTw4uonviwJHibbyJpp2nN37giqwTVjy98l!txSruZwyKxZEZxTjnDokBDsGdGuRmSORjg== X-Complaints-To: abuse@speakeasy.net X-DMCA-Complaints-To: abuse@speakeasy.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:2042866 This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet software does not support MIME signed messages. --=_mimegpg-ny.email-scan.com-30647-1060218739-0015 Content-Type: text/plain; format=flowed; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit Dolphin writes: > >> mail15.com spew stopped coming after I nastygrammed this list. >> abuse@sovam.com has an autoresponder. > > Mine still flows. Can it be that they've listwashed you? I munge my > e-mail boxes when send complaints. I do munge, but they could've searched their spam list looking for anything with the same domain as the last mail server's name in the headers, and found it that way. It's possible that my nastygrammed carried a slightly bigger punch, as I was wearing my blacklist administrator hat, and I informed sovam.com that I intended to also list their own MXes, if they don't cut this shit out. --=_mimegpg-ny.email-scan.com-30647-1060218739-0015 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/Madzx9p3GYHlUOIRAt4ZAJ9rfS1I8W6NTcu1/otI4ZgIoIU6GgCeLs6x +VdlUqoPz4Iv+zNBpMdhs4k= =zSmQ -----END PGP SIGNATURE----- --=_mimegpg-ny.email-scan.com-30647-1060218739-0015-- === Reply 6 === Path: uni-berlin.de!217.22.112.151!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SIANT/SOVAM/TeleRoss: Russian spamhaus (mail15.com) Date: 7 Aug 2003 02:00:04 GMT Organization: Private person Lines: 28 Sender: Alexander Sheremet Message-ID: References: NNTP-Posting-Host: 217.22.112.151 X-Trace: news.uni-berlin.de 1060221604 28911814 217.22.112.151 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:2042895 #begin sam@email-scan.com.exe (or was it Sam.com) message reply: >> Mine still flows. Can it be that they've listwashed you? I munge my >> e-mail boxes when send complaints. > > I do munge, but they could've searched their spam list looking for anything > with the same domain as the last mail server's name in the headers, and > found it that way. Which would mean that they actively help their spammers to spam and listwash the "troublesome" victims. > It's possible that my nastygrammed carried a slightly bigger punch, as I was > wearing my blacklist administrator hat, and I informed sovam.com that I > intended to also list their own MXes, if they don't cut this shit out. There are too many of "burstnets" around lately... Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === More mail15.com spams talks === Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!panix!gmcgath From: Gary McGath Newsgroups: news.admin.net-abuse.email Subject: Is mail15.com using worms to snarf address books? Date: Mon, 08 Sep 2003 21:37:06 -0400 Organization: Society for the Preservation of Minor Chords Lines: 87 Message-ID: NNTP-Posting-Host: 05-103.158.popsite.net X-Trace: reader2.panix.com 1063071542 15801 66.19.203.103 (9 Sep 2003 01:39:02 GMT) X-Complaints-To: abuse@panix.com NNTP-Posting-Date: Tue, 9 Sep 2003 01:39:02 +0000 (UTC) User-Agent: MT-NewsWatcher/3.2 (PPC Mac OS X) Xref: uni-berlin.de news.admin.net-abuse.email:2064744 Today, on an account at Harvard where I'm doing a software contract, I received the bounce shown below. I learned that several other people in the same office have received similar bounces. My Harvard address and several other people's addresses were forged as return addresses to spam promoting mail15.com. What makes this interesting is that I have received no other spam at that address. Except for a couple of people whom I completely trust, no one outside that office has this address. However, a little over a week ago we had a worm attack on all the Windows machines in our office. (Sorry, I don't precisely recall the name of the worm. It wasn't Sobig, or at least wasn't identified by that name. It was "Nachi" or something like that.) Whatever the means, mail15.com -- or someone claiming to spam on its behalf -- somehow got hold of an address book within that office, and used it for defamatory forgery as part of a spam campaign. If it weren't for the little detail that mail15.com is in China, I suspect there would be a very strong criminal case against the people operating it. The claim that mail15.com offers "antivirus and antispam control" is just feces on the cake. >Date: 8 Sep 2003 09:17:47 -0000 >From: MAILER-DAEMON@yahoo.com >To: SNIPharvard.edu >Subject: failure delivery > >Message from yahoo.com. >Unable to deliver message to the following address(es). > >: >This user doesn't have a yahoo.com account (yaclpgnhyqfiqtv@yahoo.com) [0] > >--- Original message follows. > >Return-Path: >X-Rocket-Spam: 80.140.228.32 >X-YahooFilteredBulk: 80.140.228.32 >X-Rocket-Track: 10: 20 ; SFLAG=OPENRELAY ; IPCR=g-w0,n0,g100 ; >SERVER=66.163.174.36 >Return-Path: >Received: from 80.140.228.32 (HELO compuserve.com) (80.140.228.32) > by mta122.mail.sc5.yahoo.com with SMTP; Mon, 08 Sep 2003 02:17:27 -0700 >Date: Mon, 08 Sep 2003 09:17:09 +0000 >From: SNIPharvard.edu >Subject: Re: new mail W2h9jA1tit >To: Yaclpgnhyqfiqtv >References: >In-Reply-To: >Message-ID: >MIME-Version: 1.0 >Content-Type: text/plain; charset=Windows-1251 >Content-Transfer-Encoding: 8bit > >dVjFrhniTOh2AxywwqaffJLytr8UgmMtt89 > >English version | > [Non-ASCII junk snipped] > >************* > > We are glad to invite you at new free mail service > http://www.mail15.com. The advantages of this service are: > 1) mailbox, up to 15 Mb; > 2) absolute privacy and high reliability; > 3) ability to use mail clients (POP3, IMAP4, SMTP); > 4) access from anywhere, anytime; > 5) flexible light-weight web interface without advertising banners; > 6) antivirus and antispam control; > 7) fast mail transfer; > 8) high speed network channel; > 9) flexible light-weight web interface; > 10) wide spread ability of mail filtering and forwarding mail; > 11) clock around support; > >Koy47mkaXTTupaEGootYRV6MbtBFLI >Ox8mCgKYpIQ9dtiQYIgqH9mMXygye2t3AqqcHda8 -- Gary McGath http://www.mcgath.com Be patriotic -- work to repeal the "Patriot" Act === Reply 1 === Path: uni-berlin.de!217.22.112.140!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: Is mail15.com using worms to snarf address books? Date: 9 Sep 2003 06:15:08 GMT Organization: Private person Lines: 50 Sender: Alexander Sheremet Message-ID: References: NNTP-Posting-Host: 217.22.112.140 X-Trace: news.uni-berlin.de 1063088108 21088257 217.22.112.140 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:2064841 #begin gmcgath@mcgathREMOVETHIS.com.exe (or was it Gary McGath.com) message reply: > What makes this interesting is that I have received no other spam at > that address. Except for a couple of people whom I completely trust, no > one outside that office has this address. However, a little over a week > ago we had a worm attack on all the Windows machines in our office. I have the mail15.com turds coming to my WHOIS, webmaster, NANAS-posted in this year, and Yahoo Groups registration e-mail addresses, not the same time. So these spammers do some major e-mail addresses harvesting. Just note that SIANT IP range has the mail15.com owner's e-mail address as the owner: $ jwhois 194.186.131.96 [Querying whois.ripe.net] <...> inetnum: 194.186.131.64 - 194.186.131.127 netname: SIANT descr: SIANT Ltd. country: RU <...> person: Zaitsev Igor address: Profsousnaya str., 84/32, k.602t address: Moscow, RUSSIA phone: + 7 095 333-41-24 e-mail: zaitsev@mail15.com notify: zaitsev@mail15.com nic-hdl: ZI21-RIPE changed: zaitsev@mail15.com 20030807 source: RIPE Those spammers have already spammed me 8 times since July, and SIANT/SOVAM/ TeleRoss do squat to stop the abuse. mail15.com is still up on the same IPs where it was all the time. I keep their spams archived: http://www.DolphinWave.org/spam/mail15.com.txt And I block SIANT/SOVAM/TeleRoss' IPs that I've found so far: [194.67.0.0 - 194.67.63.255], [194.186.0.0 - 194.186.255.255]. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Reply 2 === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net !border3.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com !nntp.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Tue, 09 Sep 2003 07:40:53 -0500 From: "McWebber" Newsgroups: news.admin.net-abuse.email References: Subject: Re: Is mail15.com using worms to snarf address books? Date: Tue, 9 Sep 2003 08:41:16 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: Lines: 21 NNTP-Posting-Host: 68.56.248.3 X-Trace: sv3-JxrOG2HiB2tOpX98GxIkSHNqFMnCWACzfLxLVoYguulJIULxbWXVaK6r/5ug40OVfRu/7ZBA3q X24Ms!LtPzrqsLzdBpei3JXNFy6F937sINitwEU/Z8cHDLWWlMLL+7Rg+NIo7r0R8= X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:2064922 "Dolphin" wrote in message news:slrnblqrnk.bbj.usenet-Sep+nanae@orca.dolphinwave.org... > > Those spammers have already spammed me 8 times since July, and SIANT/SOVAM/ > TeleRoss do squat to stop the abuse. mail15.com is still up on the same IPs > where it was all the time. I keep their spams archived: > http://www.DolphinWave.org/spam/mail15.com.txt I did a VRFY on a couple of the mail15 addresses that were the reply addys in 419 spam and they are now unknown users. So they do kill some accounts. -- McWebber No email replies read If someone tells you to forward an email to all your friends please forget that I'm your friend. === Reply 3 === Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!nycmny1-snh1.gtei.net !nycmny1-snf1.gtei.net!news.gtei.net!news.ntplx.net!not-for-mail From: John Dutka Subject: Re: Is mail15.com using worms to snarf address books? Newsgroups: news.admin.net-abuse.email References: X-No-Archive: yes User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u)) Lines: 6 Message-ID: Date: Tue, 09 Sep 2003 08:18:42 GMT NNTP-Posting-Host: 204.213.232.6 X-Trace: news.ntplx.net 1063095522 204.213.232.6 (Tue, 09 Sep 2003 04:18:42 EDT) NNTP-Posting-Date: Tue, 09 Sep 2003 04:18:42 EDT Organization: NETPLEX Internet Services - http://www.ntplx.net/ Xref: uni-berlin.de news.admin.net-abuse.email:2064868 Gary McGath wrote: : the same office have received similar bounces. My Harvard address and : several other people's addresses were forged as return addresses to spam : promoting mail15.com. They've hit me...a number of times over the past few months. === Reply 4 === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net!cyclone1.gnilink.net !spamkiller2.gnilink.net!nwrdny01.gnilink.net.POSTED!53ab2750!not-for-mail From: Woodpulp Newsgroups: news.admin.net-abuse.email Subject: Re: Is mail15.com using worms to snarf address books? Organization: The Lumber Cartel, St Kilda Office References: User-Agent: MT-NewsWatcher/3.3b1 (PPC Mac OS X) Message-ID: Lines: 51 Date: Tue, 09 Sep 2003 02:24:19 GMT NNTP-Posting-Host: 162.84.208.153 X-Complaints-To: abuse@verizon.net X-Trace: nwrdny01.gnilink.net 1063074259 162.84.208.153 (Mon, 08 Sep 2003 22:24:19 EDT) NNTP-Posting-Date: Mon, 08 Sep 2003 22:24:19 EDT Xref: uni-berlin.de news.admin.net-abuse.email:2064776 In article , Gary McGath wrote: > Today, on an account at Harvard where I'm doing a software contract, I > received the bounce shown below ... My Harvard address and > several other people's addresses were forged as return addresses to spam > promoting mail15.com. What makes this interesting is that I have received > no other spam at that address. www.mail15.com have spammed me at: - my most heavily-spammed address (one used on my website, and for Usenet posts) - an address that I used for Usenet posts several years ago - the address that appears, heavily munged, in the signatures of messages that I post to this group, and which I also use for some spam reporting - a very obscure mailing list whose address may not be publicly displayed anywhere, and at which I have never received any other spam Whatever the method they use for address collection, it's clear that mail15.com has the power to reach the addresses other spammers cannot reach. Incidentally, while checking my archives, I note that 'mail15.com' return addresses feature in a number of Nigerian spams. Like attracts like, I guess. > ... a little over a week ago we had a worm attack on all the Windows > machines in our office. (Sorry, I don't precisely recall the name > of the worm. It wasn't Sobig, or at least wasn't identified by > that name. It was "Nachi" or something like that.) Nachi is the "nice" variant of Blaster: it's a clone of Blaster that attempts to forcibly install the patch that prevents Blaster from infecting machines. Of course in so doing it makes a considerable nuisance of itself. > ... If it weren't for the little detail that mail15.com is in China Russia. The mail15.com spams I get are bilingual English-Russian, and a lot of their early users send Russian spam. Their site is hosted on a Russian network. Woody -- 'woodpulp' gets its mail from 'myrealbox', which is a commercial site Danger - this animal LARTs === Reply 5 === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net !small1.nntp.aus1.giganews.com!border3.nntp.aus1.giganews.com !intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.comcast.com !news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Mon, 08 Sep 2003 21:03:24 -0500 From: "McWebber" Newsgroups: news.admin.net-abuse.email References: Subject: Re: Is mail15.com using worms to snarf address books? Date: Mon, 8 Sep 2003 22:03:41 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <4GudnZu7G6BxqcCiXTWJiQ@comcast.com> Lines: 45 NNTP-Posting-Host: 68.56.248.3 X-Trace: sv3-FL7Ep+tV/6MJO7GIjX15nFivpqxKzC07Yxp7tbcMgYweN+tslxmDqlYnU857n7pja9fKwB2Tog y6juG!PN6S76ltGUB85xvxhFtvUJ3xr61l+ap/+6O7a3J7gUpmT/cwV1EouNvBlmI= X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:2064761 "Gary McGath" wrote in message news:gmcgath-95C3F9.21370608092003@reader2.panix.com... > Today, on an account at Harvard where I'm doing a software contract, I > received the bounce shown below. I learned that several other people in > the same office have received similar bounces. My Harvard address and > several other people's addresses were forged as return addresses to spam > promoting mail15.com. > Not sure when I added them but they've been blocked here. I have spam with the drop box of deleter@mail15.com and it's still a valid address. I have a 419 spam with the drop box bashermobutu@mail15.com which appears to have been killed. I'm wondering if the Spam you got is a joe job. I got the identical spam a while ago sent to 4 different spamtraps Return-Path: Received: from aol.com (HSE-Sudbury-ppp330202.sympatico.ca [64.231.157.51]) by redacted(8.10.2/8.10.2) with SMTP id h7JA4Zp17726 for ; Tue, 19 Aug 2003 05:04:39 -0500 Date: Tue, 19 Aug 2003 09:59:12 +0000 From: mattam@dkp.com Subject: Re: mail tlpGO0fb To: spamtrap References: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit X-UIDL: =dR"!F:c"!!A=!!!,l"! -- McWebber No email replies read If someone tells you to forward an email to all your friends please forget that I'm your friend. === And the 9th spam. My complaint === From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Long-time persistent spammers: mail15.com/SIANT/SOVAM/Teleross [Fwd: Re: new mail ########] Date: Tue, 9 Sep 2003 19:06:18 +0300 User-Agent: KMail/1.5 X-KMail-Link-Message: 1710151 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, noc@sovam.com, abuse@sovam.com, iga@sovam.com, konor@sovam.com, andrei@sovam.com, iptech@sovam.com, domaintech@SOVAM.COM, postmaster@gldn.net, abuse@sovintel.ru, postmaster@sovintel.net, abuse@sprint.net, abuse@ntlworld.com X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200309091906.18638@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: This is already the NINTH the SAME spam from these abusers, who harvest e-mail addresses from web pages, Usenet newsgroups, and Yahoo Groups! Previous spams from these abusers were complained by me, and are archived on Google: http://groups.google.com/groups?selm=200307141741.58063%402003.dolphinwave.org http://groups.google.com/groups?selm=200307290034.24550%402003.dolphinwave.org http://groups.google.com/groups?selm=200307300216.51943%402003.dolphinwave.org http://groups.google.com/groups?selm=200307310216.44979%402003.dolphinwave.org http://groups.google.com/groups?selm=200308061745.02189%402003.dolphinwave.org http://groups.google.com/groups?selm=200309050149.39216%402003.dolphinwave.org http://groups.google.com/groups?selm=200309050151.25783%402003.dolphinwave.org http://groups.google.com/groups?selm=200309081456.08911%402003.dolphinwave.org The spamming history of these abusers is archived: But the spammers are STILL being hosted on the SAME SIANT/SOVAM IPs, despite on numerous complaints (just note the SIANT IP range whois, they ARE the spammers!). Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Spammer: m109-mp1.cvx5-b.pop.dial.ntli.net [80.1.192.109] Spamvertised web page: http://www.mail15.com www.mail15.com [194.186.131.96] imap.mail15.com [194.186.131.97] =============== Registrant: Zaitsev, Igor (TDRJYLSASD) ul. Rimskogo Korsakova Moscow RU Domain Name: MAIL15.COM Administrative Contact, Technical Contact: Zaitsev, Igor (35559859P) zaitsev@mail15.com ul. Rimskogo Korsakova Moscow RU +7 095 Record expires on 29-Nov-2003. Record created on 29-Nov-2002. Database last updated on 8-Sep-2003 07:42:58 EDT. Domain servers in listed order: IMAP.MAIL15.COM 194.186.131.97 WWW.MAIL15.COM 194.186.131.96 SIANT IP block [194.186.131.64 - 194.186.131.127] <== SPAMMERS which is in the SOVAM IP range [194.186.0.0/16] (note the spammer's address in the ARIN record). Upstream: Teleross (cat01.Moscow.gldn.NET). Their upstream: Sprint (sle-golde6-2-0.sprintlink.net). Nameservers: MAIL15.COM. $ jwhois 194.186.131.96 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 194.186.131.64 - 194.186.131.127 netname: SIANT descr: SIANT Ltd. country: RU admin-c: ZI21-RIPE tech-c: ZI21-RIPE status: ASSIGNED PA mnt-by: AS3216-MNT changed: iga@sovam.com 20030717 source: RIPE route: 194.186.0.0/16 descr: SOVAM DELEGATED BLOCK-2 origin: AS3216 notify: iptech@sovam.com mnt-by: AS3216-MNT changed: iga@sovam.com 19960708 source: RIPE person: Zaitsev Igor address: Profsousnaya str., 84/32, k.602t address: Moscow, RUSSIA phone: + 7 095 333-41-24 e-mail: zaitsev@mail15.com notify: zaitsev@mail15.com nic-hdl: ZI21-RIPE changed: zaitsev@mail15.com 20030807 source: RIPE ---------- Forwarded Message ---------- Received: from compuserve.com (m109-mp1.cvx5-b.pop.dial.ntli.net [80.1.192.109]) by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h89DoSII019893 for <###>; Tue, 9 Sep 2003 16:51:03 +0300 Date: Tue, 09 Sep 2003 13:50:54 +0000 From: alottem@talisman.kaleida.com Subject: Re: new mail ######## To: Dolphin <###> References: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.21.0.1; VDF 6.21.0.37 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: ############################ English version | Русский вариант Мы рады предложить вам новый бесплатный почтовый сервис http://www.mail15.com. Его отличительные особенности: 1) размер ящика 15 мб; 2) защищенность и надежность; 3) возможность использования любых почтовых программ(POP,IMAP,SMTP); 4) доступ из любого места в любое время; 5) простой и доступный вебинтерфейс с ПОЛНЫМ ОТСУТСТВИЕМ РЕКЛАМЫ; 6) антивирусный и антиспамовый контроль; 7) мгновенная пересылка почты. ************* We are glad to invite you at new free mail service http://www.mail15.com. The advantages of this service are: 1) mailbox, up to 15 Mb; 2) absolute privacy and high reliability; 3) ability to use mail clients (POP3, IMAP4, SMTP); 4) access from anywhere, anytime; 5) flexible light-weight web interface without advertising banners; 6) antivirus and antispam control; 7) fast mail transfer; 8) high speed network channel; 9) flexible light-weight web interface; 10) wide spread ability of mail filtering and forwarding mail; 11) clock around support; ################## ########################### ------------------------------------------------------- ======== PREVIOUS SPAMS WERE ======== === They also spam, using innocent people's e-mail addresses as "From" === Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!panix!gmcgath From: Gary McGath Newsgroups: news.admin.net-abuse.email Subject: Re: Is mail15.com using worms to snarf address books? Date: Tue, 09 Sep 2003 13:45:04 -0400 Organization: Society for the Preservation of Minor Chords Lines: 19 Message-ID: References: NNTP-Posting-Host: 01-094.158.popsite.net X-Trace: reader2.panix.com 1063129619 2574 66.19.201.94 (9 Sep 2003 17:46:59 GMT) X-Complaints-To: abuse@panix.com NNTP-Posting-Date: Tue, 9 Sep 2003 17:46:59 +0000 (UTC) User-Agent: MT-NewsWatcher/3.2 (PPC Mac OS X) X-No-Archive: yes Xref: uni-berlin.de news.admin.net-abuse.email:2065076 In article , "McWebber" wrote: > I received the identical spam as the OP and it had no attachment and was not > sent to an address in someone's address book, unless someone put a spammer > millions CD in their address book. They were just sent to harvested > spamtraps. What about the "From" address, though? mail15.com stole my address for forgery, not to spam it (though the spam may come later). The "To" address looked as if it was harvested from a garbage address-generator page. I got a second bounce today; this time they were trying to spam a Majordomo server joeing my address. Silly spammer... -- Gary McGath http://www.mcgath.com Be patriotic -- work to repeal the "Patriot" Act === Sovintel has finally booted them === Path: uni-berlin.de!fu-berlin.de!newsfeed.vmunix.org!newsfeed.rt.ru!slim !not-for-mail From: "Mike Smirnov" Newsgroups: news.admin.net-abuse.email Subject: Re: mail15.com is down now. Date: Tue, 16 Sep 2003 18:49:15 +0400 Organization: Sovintel Lines: 65 Message-ID: References: NNTP-Posting-Host: fw-nat.sovintel.net X-Trace: slim.sovintel.ru 1063723769 12977 212.44.130.15 (16 Sep 2003 14:49:29 GMT) X-Complaints-To: usenet@slim.sovintel.ru NNTP-Posting-Date: Tue, 16 Sep 2003 14:49:29 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Xref: uni-berlin.de news.admin.net-abuse.email:2068615 Glad to inform that mail15.com finally was down. Our lawers forced owners of that site to cancel their activity. Of cause, SPAM is intolerable kind of bussines and we always block spam-senders in our networks. So I would ask you to remove SOVAM/Teleros/Sovintel block of IP from your blacklists. Sincerely, Mike Smirnov Head of Internet Customer Service. Golden Telecom. "Dolphin" wrote in message news:slrnbj26bd.ljl.usenet-Aug+nanae@orca.dolphinwave.org... > Their spammers, mail15.com, have already spammed my various e-mail addresses, > harvested from Usenet, Yahoo Groups, and WHOIS, for the 5th time today during > these 3 weeks. The 5th complaint just went to SIANT/SOVAM, but the spammers' > site is still on the same IPs that it was 3 weeks ago: [194.186.131.96-97]. > > The last spam headers (hashbusters/tags were removed): > > Received: from mail.ru ([210.3.71.131]) > by mail.dolphinwave.org (8.12.8/8.12.8) with SMTP id h76E0c8H001106 > for ; Wed, 6 Aug 2003 17:00:44 +0300 > Date: Wed, 06 Aug 2003 13:55:32 +0000 > From: mdem@alfarrabio.di.uminho.pt > Subject: new mail ####### > To: Abuse > References: <5EE1D0C3HH637D9G@dolphinwave.org> <== FAKE > In-Reply-To: <5EE1D0C3HH637D9G@dolphinwave.org> <== FAKE > Message-ID: > MIME-Version: 1.0 > Content-Type: text/plain; > charset=Windows-1251 > Content-Transfer-Encoding: 8bit > X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.21.0.0; VDF 6.21.0.5 > Status: R > X-Status: N > X-KMail-EncryptionState: > X-KMail-SignatureState: > > <...> > We are glad to invite you at new free mail service http://www.mail15.com. > <...> > If you wish to be removed: > mailto:unsubscribe@mail15.com?subject=unsubscrib > > ############ > > > Dolphin. > > -- > URL: http://www.DolphinWave.org > Mail: on the web page (no spam) > ICQ: 6615461 > === ZAO MTU-Intel will be notified === Path: uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!newsfeed.rt.ru!slim !not-for-mail From: "Mike Smirnov" Newsgroups: news.admin.net-abuse.email Subject: Re: mail15.com is down now. Date: Wed, 17 Sep 2003 09:29:21 +0400 Organization: Sovintel Lines: 26 Message-ID: References: <346cf19c.0309161958.607b7eb4@posting.google.com> NNTP-Posting-Host: fw-nat.sovintel.net X-Trace: slim.sovintel.ru 1063777419 3784 212.44.130.15 (17 Sep 2003 05:43:39 GMT) X-Complaints-To: usenet@slim.sovintel.ru NNTP-Posting-Date: Wed, 17 Sep 2003 05:43:39 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Xref: uni-berlin.de news.admin.net-abuse.email:2069086 "Snowman" wrote in message news:346cf19c.0309161958.607b7eb4@posting.google.com... > "Mike Smirnov" wrote in message news:... > > Glad to inform that mail15.com finally was down. Our lawers forced owners of > > that site to cancel their activity. > > Of cause, SPAM is intolerable kind of bussines and we always block > > spam-senders in our networks. > > So I would ask you to remove SOVAM/Teleros/Sovintel block of IP from your > > blacklists. > > > > Sincerely, > > Mike Smirnov > > > > I wish. They may have moved, but they're not down. I get mail15.com > resolving to IP 62.118.249.44 > OK, I know some people in this ISP and will let 'em know what a problem they have gotten in their Network. Hope they will remove mail15.com faster:) Mike. === But obviously, that notification did not work, the spammers still there === === 28-Sep-2003 === $ host mail15.com mail15.com has address 62.118.249.44 $ host imap.mail15.com imap.mail15.com has address 62.118.249.46