[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Monday 02 October 2006 12:55, Tony Sumner wrote: >The IP address 67-10-105-73 really is elp.res.rr.com. > > Is there anything you can deduce from all this? It looks as if the > originator is already known to the authorities? > > Tony Sumner Looks like the Roadrunner IP address is a zombie box to me. As you say, the spam originated from the Roadrunner domain, but I suspect the person sending it is totally unaware of the fact that they have been compromised and are sending spam. You could email the abuse department at Roadrunner and send them the mail - making sure the headers are included, but I honestly doubt much would be done. Yes, they *may* contact the person who was allocated that IP and explain that they have been sending spam - probably unintentionally - but I suspect they get thousands of complaints about this sort of thing and only react if a particular IP address is cropping up regularly. The whole issue of compromised systems sending out spam is a major pain. I get a fair number from Verizon IPs and used to fire off complaints about each one, but I gave up some time ago. The spams continue - different addresses, but still Verizon accounts. I even asked Verizon if they could perhaps send a generic letter to their customers, explaining how to avoid becoming a spam box - but as far as I am aware, they did not bother - certainly, the spams keep turning up from Verizon. Not that Verizon are the only culprits - I personally feel ALL ISPs should issue a similar letter to their customers. If the backbone of compromised PCs is removed, the spammers would presumably become less active. As this spam is a Roadrunner account (i.e USA), they would be worth emailing as mentioned. If it was a spam from one of the "less helpful" countries, I would not bother - USA and European countries at least seem to pay lip service to dealing with spammers, which is a lot more than many countries do (e.g China, Korea etc) Mark -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html