Re: Christmas spam from RESERVED IANA adressblock ?

[Zaid Ali <zaid () zaidali com>]

If you want to file a spam complaint I suggest you do a whois for 76.74.250.247. This is the external facing mail 
server that sent you the email. Most applications these days are built in layers so a web layer forwards the email to 
an email server, if the application is not designed to suppress the HELO from the web layer then you will see internal 
email routing information. As for the network side most networks filter out BOGONS so you would not get RFC1918 into 
your network. 

Zaid


-----Original Message-----
From: macbroadcast [mailto:marc () let de] 
Sent: Wednesday, December 24, 2008 6:48 AM
To: NANOG list
Subject: Christmas spam from RESERVED IANA adressblock ?

hello ladys and getlepersons


just out of curiosity  i looked a bit closer  into this  spammail header,
because this company is  really annoying and  abusing a lot of internet
citizens.


Anfang der weitergeleiteten E-Mail:
> Von: mailling () ualadys com
> Datum: 24. Dezember 2008 12:30:18 MEZ
> An: marc () let de
> Betreff: E-Mail For You @ ualadys.com
> Return-Path: <www-data () web1 iispp com>
> Received: from mx2.mail.vrmd.de ([10.0.1.21]) by vm42.mail.vrmd.de 
> (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA; Wed, 24 Dec
> 2008 12:30:25 +0100
> Received: from mx2.iispp.com ([76.74.250.247]) by mx2.mail.vrmd.de 
> with esmtp (Exim 4.69) (envelope-from <www-data () web1 iispp com>) id 
> 1LFRwW-00011o-DY for marc () let de; Wed, 24 Dec 2008 12:30:25 +0100
> Received: from web1.iispp.com (w1 [172.16.21.244]) by mx2.iispp.com
> (Postfix) with ESMTP id B71CF3504DB for <marc () let de>; Wed, 24 Dec
> 2008 11:30:18 +0000 (UTC)
> Received: by web1.iispp.com (Postfix, from userid 33) id A5C7917A405C; 
> Wed, 24 Dec 2008 06:30:18 -0500 (EST)


"Whois" wurde gestartet .


OrgName:    Internet Assigned Numbers Authority
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   172.16.0.0 - 172.31.255.255
CIDR:       172.16.0.0/12
NetName:    IANA-BBLK-RESERVED
NetHandle:  NET-172-16-0-0-1
Parent:     NET-172-0-0-0-0
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information.
Comment:    http://www.arin.net/reference/rfc/rfc1918.txt
RegDate:    1994-03-15
Updated:    2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse () iana org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse () iana org

# ARIN WHOIS database, last updated 2008-12-23 19:10 # Enter ? for
additional hints on searching ARIN's WHOIS database.


so how is this possible ?

merry christmas anyway


Marc

> X-Sieve: CMU Sieve 2.2
> Envelope-To: marc () let de
> Delivery-Date: Wed, 24 Dec 2008 12:30:25 +0100
> X-Id-From: 1000
> X-Id-To: 238141
> X-Mail-Id: 203714382
> Mime-Version: 1.0
> Content-Type: text/html
> Message-Id: <20081224113018.A5C7917A405C () web1 iispp com>
> X-Spam-Suspicion: No
> X-Purgate: Clean X-purgate-ID:  
> 150741::081224123024-0FFB86C0-283E8BDE/0-0/0-1 X-purgate-Ad: For more 
> information about eXpurgate please visit http://www.expurgate.net/
>
>
>
>
> marc, You have new mail
> This is to notify you that you have received an E-Mail from
>
> View Photos
> DetailsIrina O #1000
> Subject: Destiny has linked us...
>
> Date: 24 December 2008
>
> To read the message go here:
>
> PLEASE, DO NOT REPLY TO THIS E-MAIL - FOLLOW THE LINK
>
> http://www.ualadys.com/view_mail.rpx?hash=a71d2600f032ece232a391296f5f
> 071e&mid=203714382&uid=238141
>
> Thank you,
> ualadys.com Support Team
>
> Favorites      ualadys.com
>
> 24x7 Call center
>
> United States
> +1 (315) 849-5814
>
> United Kigdom
> +44 (315) 849-5814
>
> Skype support : ualadys
>
>
>
> For any question in english
> about this site please call:
> +1 (212) 226-8900
> Mon-Fri 9:00-16:00 (EST)