Bumpkin Posted August 10, 2004 Share Posted August 10, 2004 If the IP is actually 66.118.156.121 I found the MX record for sagonetworks.com to be 66.118.148.16 and ran it on DNSStuff. Domain Type Class TTL Answer sagonetworks.com. MX IN 3600 mx.sagonet.com. [Preference = 10] mx.sagonet.com. A IN 600 66.118.148.16 When running a rev. DNS on sagonetworks.com: 66.118.148.123 PTR record: sagonet.com. [TTL 3600s] [A=66.118.128.5] *ERROR* A record does not point back to original IP. When checking the spam database: FIVETENIGNORE LISTED (127.0.0.7) Reports CNAME of sagonet.com.spam-support.blackholes.five-ten-sg.com. TXT= "added 2003-10-10; spam support - dns server on 66.118.187.32 for rbcoffers.biz" (and also got the same SPEWS listing you found, Merlyn.) And last, but not least, for some interesting reading: http://groups.google.com/groups?as_q=sagon...use.*&scoring=d Link to comment Share on other sites More sharing options...
spiralocean Posted August 13, 2004 Share Posted August 13, 2004 I spend more time trying to remove people off of spamcop and others like it, than actually blocking spam. Don't get me wrong, spam sucks,but blocking an IP is not the way to do it. As an example, I can easily write a program to use thousands of proxies used by millions of people to access the internet, to send some spam, randomly changing between my list of proxies. So, now some idiot is going to go and report each IP address and none of them will be able to send email or use the net any longer because every ISP that subscribes to Spamcop will now be blocking requests to those IPs. 14661[/snapback] Think about it like this... SpamCop is a great way to tell what machines have been compromised to allow a spammer to send from that email account. Here is what an ISP learns: 1. They have their outgoing mail server configured incorrectly. Either by not forcing a username/password for their users to send email, or some other hole in their server. 2. An individual was not carefull with their password. 3. An individuals machine has a virus, worm, trogan or other malicious software on their machine. In any of these cases, reporting the IP address to the ISP for blocking is a terrific thing! Granted, it's a lot of work for administrators that are already overworked. But if there is something wrong with your computer, wouldn't you want to know about it? Especially if some [at]#$#$[at][at]# is using it to send out spam? Granted, it's a bit like a dam with millions of tiny holes in it, leaking water out, but for every hole plugged there is a good chance that it won't be used again. Because: 1. The administrator of the mail server has learned how to correctly configure their server, or fixed a virus that was on the server. 2. An individual has changed their password and now knows to be more careful with it. 3. An individuals machine has been cleared of the virus of their machine and is now taking the appropriate steps to protect it. Is it more work? Yes. But I only see it as a good thing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.