[CLUE-Talk] 9 News Spam ...

Jed S. Baer thag at frii.com
Thu Apr 25 18:53:36 MDT 2002 

On Thu, 25 Apr 2002 17:24:12 -0700 (PDT)
bill ehlert <bill_ehlert_lists at yahoo.com> wrote:

'Ello Bill

> **  i seem to recall something about
>     it being possible to sue a spammer in
>     small claims court.  can't recall if
>     the law was colorado or federal or
>     what.

http://slashdot.org/article.pl?sid=02/03/21/1836223&mode=nested

>     big problem: finding the spammer to
>     collect.

Not completely. Using the actual mail headers, and an ARIN lookup, you can
find out, at least, who owns the equipment. The records, logs, customer
info, etc. could be subpoenaed.

Fer example:

>Return-Path: <newsletter at mailer6.megahardcoresex.com>
>Received: from a-01.mailarmory.com (root at a-01.mailarmory.com
[216.17.128.11])>	by deimos.frii.net (8.12.3/8.12.3) with ESMTP id
g3PNeUKr026390>	for <thag at frii.com>; Thu, 25 Apr 2002 17:40:30 -0600 (MDT)
>Received: from mailer6.megahardcoresex.com (mailer6.megahardcoresex.com
[4.19.93.157])>	by a-01.mailarmory.com (8.12.3/8.12.3) with SMTP id
g3PNeNOa057375>	for <thag at frii.com>; Thu, 25 Apr 2002 17:40:27 -0600 (MDT)
>To: thag at frii.com
>From: "Dark Secrets"<newsletter at mailer6.megahardcoresex.com>
>X-Mailer: frii.com!thag#dsfe22amhcs04242002*
>Date: Thu, 25 Apr 2002 16:39:25 -0800
>Subject: 5 Perfectly Sinful Sites (ADV:ADLT)
>Content-Type: text/html;
>	 charset="us-ascii"
>Content-Transfer-Encoding: 7BIT
>Message-Id: <q0bc2ftlqn4.30x04sdw1s at mailer6.megahardcoresex.com>
>Reply-To: <remove at megahardcoresex.com>
>Received: from mailer6.megahardcoresex.com [4.19.93.157] by
4y26.mailer6.megahardcoresex.com with SMTP; Thu, 25 Apr 2002 16:39:25
-0800>X-UIDL: /gg!!hJE!!EN;"!G at o"!


$ host megahardcoresex.com
megahardcoresex.com. has address 4.19.93.150

(Note, the address was actually reported in the header, but I stuck this
in for completeness anyway.)

$ whois 4.19.93.150 at whois.arin.net
[whois.arin.net]
GENUITY (NET-GNTY-4-0)          GNTY-4-0               4.0.0.0 -
4.255.255.255 ION Entertainment, LLC (NETBLK-IONENT-93-29) IONENT-93-29
                                                     4.19.93.128 -
4.19.93.255

To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.

$ whois \!NETBLK-IONENT-93-29 at whois.arin.net
[whois.arin.net]
ION Entertainment, LLC (NETBLK-IONENT-93-29)
   4804 Laurel Canyon, #119
   Valley Village, CA 91607
   US

   Netname: IONENT-93-29
   Netblock: 4.19.93.128 - 4.19.93.255

   Coordinator:
      Bravo, Edward  (EB394-ARIN)  ed at sexrave.com
      818-906-1052

   Record last updated on 29-Dec-2000.
   Database last updated on  24-Apr-2002 19:59:37 EDT.

There you go! You can always find out who is supplying IP address for the
mail host. Sometime that's a co-lo operation, sometimes it's an ISP.

Later,
jed
-- 
Fight the CBDTPA: http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html

"Those who expect to reap the blessings of freedom must, like men,
 undergo the fatigue of supporting it." - Thomas Paine

More information about the clue-talk mailing list