LISTSERV - MUSEUM-L Archives - HOME.EASE.LSOFT.COM

MUSEUM-L Archives

Museum discussion list

MUSEUM-L@HOME.EASE.LSOFT.COM

	LISTSERV Archives
	MUSEUM-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Dealing with SPAMS
From:	John Chadwick <[log in to unmask]>
Reply To:	Museum discussion list <[log in to unmask]>
Date:	Fri, 3 Jan 1997 07:45:57 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (68 lines)

The following was on the SPAM-L list, a group that deals with trying to stop
people from sending unwanted and unsolicited e-mail to a large number of lists.
As Helen Glazer said so well, responding to the list only compounds the
problem.

If you are using a terminal session on a Unix system the commands here will
work,  then express your displeasure with the owners of the systems that allow
people to continue to send out SPAMs. Most Internet Service Providers are very
responsive, but those who send SPAMs have learned how to stay one step ahead in
the game. As long as people make money sending out SPAMs, they will continue.

The following is a way to verify that the person who posted the SPAM is a
legitimate user on the originating system.

--john chadwick
[log in to unmask]

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

First, use nslookup to find an authoritative name server for the
domain in question. The syntax is "nslookup -q=ns domain.in.question"

$ nslookup -q=ns bvoice.com
Server:  merlin.datawave.net
Address:  0.0.0.0

Non-authoritative answer:
bvoice.com      nameserver = NS.HOOSIER.NET
bvoice.com      nameserver = NS.LSI.NET

Authoritative answers can be found from:
NS.HOOSIER.NET  internet address = 206.106.64.10
NS.LSI.NET      internet address = 206.106.127.10

========

OK, now ask an authoritative nameserver for the mx record
for he domain in question. This tells us where mail to that
site really goes. The syntax is
"nslookup -q=mx domain.in.question nameserver"

$ nslookup -q=mx bvoice.com ns.lsi.net
Server:  user.lsi.net
Address:  206.106.127.25

bvoice.com      preference = 5, mail exchanger = mail.lsi.net
bvoice.com      nameserver = ns.lsi.net
bvoice.com      nameserver = ns2.lsi.net
mail.lsi.net    internet address = 206.106.127.25
ns.lsi.net      internet address = 206.106.127.25
ns2.lsi.net     internet address = 206.106.127.10

========

From the above, it appears that mail to "[log in to unmask]" is actually
handled by mail.lsi.net. So telnet to port 25 at mail.lsi.net and
ask about the account you're wondering about.

$ telnet mail.lsi.net 25
220-user.lsi.net Sendmail 8.6.9/8.6.9 ready at Wed, 1 Jan 1997 02:55:53 -0500
220 ESMTP spoken here
vrfy mredman
250 <[log in to unmask]>
expn mredman
250 <[log in to unmask]>

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

ATOM RSS1 RSS2

HOME.EASE.LSOFT.COM