Spam question
Heinz Diehl
htd at fritha.org
Mon Aug 27 15:20:52 UTC 2012
On 27.08.2012, Aaron Konstam wrote:
> Received: from 127.0.0.1 (EHLO pos81n-nds-36.positionstrends.com)
> (184.172.130.36) by mta1050.sbc.mail.ne1.yahoo.com with SMTP; Sat, 25
> Aug 2012 15:51:30 +0000
Somebody claiming to be "pos81n-nds-36.positionstrends.com" with the
IP adress 184.172.130.36 posted this mail to one of the Yahoo
mailservers.
[root at wildsau ~]# whois 184.172.130.36
[Querying whois.arin.net]
[Redirected to rwhois.theplanet.com:4321]
[Querying rwhois.theplanet.com]
[rwhois.theplanet.com]
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions,
Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.184.172.128.0/18
network:Auth-Area:184.172.128.0/18
network:Network-Name:SOFTLAYER-184.172.128.0
network:IP-Network:184.172.130.32/29
network:IP-Network-Block:184.172.130.32-184.172.130.39
network:Organization;I:Brick Run Media
network:Street-Address:209 West 20th 3A
network:City:New York
network:State:NY
network:Postal-Code:10011
network:Country-Code:US
network:Tech-Contact;I:sysadmins at softlayer.com
network:Abuse-Contact;I:abuse at fulltimedo.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20120125
network:Updated:20120125
network:Updated-By:ipadmin at softlayer.com
So the spammer is in the netblock of "softlayer.com", most probably a
customer of them. Write a complaint to "abuse at fulltimedo.com" with a
copy to "sysadmins at softlayer.com", including one of the spam emails
incl. the full header.
More information about the users
mailing list