Oops!

Mon Jun 5 17:58:39 UTC 2000

J. Katherine Rossner wrote:
>At 10:10 AM 6/5/00 -0700, Peter McGraw wrote:
>>Darn!  Excuse me, everybody--I thought I was replying to the spammer.
>>Foiled again!
>
>Peter,
>
>You're excused, for my part, but you might want to note for the future that
>replying directly to a spammer is NOT a good idea in any case:  it only
>tells him/her that your email address is a valid one!
>
>Better is to use whatever command your mailer has for showing full headers
>(in Eudora, that means clicking on the "blah blah blah" button next to the
>.sigs one), then forward the full-header copy to the administration or
>"root" at the originating Internet connection, with a note that this is
>spam and requesting that they deal with the sender.
>
>Our spammer, for example, seems to have forged an AOL return address; "full
>headers" appears to indicate that he was a UGA student.  It's not quite
>clear to me whether that's the real originating address or one related to
>the listserv, but I did send a copy to root at uga.edu, with apologies if I'm
>misreading.

Nope...All of the UGA stuff has to do with the listserve that
processes ADS-L mail. These two header lines indicate where the mail
reached UGA from:

At 11:40 AM -0500 6/5/00, Jeff Rothlisberger wrote:
>Received: from kx2.lh.net (kx2.lh.net [216.81.128.204]) by crockett.cc.uga.edu
>          (8.9.3/8.9.3) with ESMTP id MAA31238 for
><ADS-L at UGA.CC.UGA.EDU>; Mon,
>          5 Jun 2000 12:42:22 -0400
>Received: from reznor ([216.81.208.189]) by kx2.lh.net (InterMail
>vK.4.02.00.10
>          201-232-116-110 license fa447d7e5453d7b15649594624cecde5) with SMTP
>          id <20000605164052.PPWL336.kx2 at reznor> for <ADS-L at UGA.CC.UGA.EDU>;

Whois gives the following information, for both IP numbers in these headers:

Whois user[@<whois.server>]: 216.81.208.189

[whois.arin.net]
Lighthouse Communications, Inc. (NETBLK-LHNET-BLK-01)
    1707 Financial Center
    Des Moines, IA 50309
    US

    Netname: LHNET-BLK-01
    Netblock: 216.81.128.0 - 216.81.223.255
    Maintainer: LH

    Coordinator:
       Manske, Bryan  (BM2003-ARIN)  manske at LH.NET
       515-244-1115 (FAX) 515-244-0972

    Domain System inverse mapping provided by:

    NS1.LH.NET                  207.48.52.200
    NS2.LH.NET                  207.48.52.201

    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

    Record last updated on 16-Jun-1999.
    Database last updated on 5-Jun-2000 05:44:17 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

* Whois complete 6/5/00     1:53:32 PM  *

This is who to complain to, if you think they'd pay any attention (I don't).

 =============================================================================
Alice Faber                    new, improved email: faber at pop.haskins.yale.edu
Haskins Laboratories            old email, if you must: faber at haskins.yale.edu
New Haven, CT 06511 USA           tel: (203) 865-6163 x258; fax (203) 865-8963