PDA

View Full Version : Robo's Spam post...



07-02-2002, 08:58 PM
Greetings all,

Just continuing the post Robo started regarding spamming...

Here are the trac results for the domain cais.com.

A quick trip to www.cais.com routes you to ardent communications, a company providing web hosting, net access etc... I don't believe they are anything to do with this spam, but that cais.com (Capital Area Internet Service) is sending it to him...

The Cais domain returned the following information, my guess is they serve the same role that BBN was doing, re-distributing the spam to all who (didn't) ask for it...

Registrant:
Capital Area Internet Service (CAIS-DOM)
1255 22nd Street
Washington, DC 20037
US

Domain Name: CAIS.COM

Administrative Contact:
Network Operations Center (CAIS-NOC) domains@CAIS.COM
CAIS Internet
1255 22nd Street
Washington, DC 20037 US
(202) 715-1300 -- NOC (703) 448-2091 Fax- (703) 790-8805
Technical Contact:
System, Admin (SA7288-ORG) systems@CAIS.NET
6861 Elm Street
McLean , VA 22101
US
(703) 448-2091 Fax- (703) 790-8805
Billing Contact:
Billing Office (BO-ORG) billing@CAIS.COM
CAIS Internet
6861 Elm Street, Third Floor
McLean, VA 22101
US
(703) 448-4470 Fax: (703) 790-8805

Record last updated on 31-Jul-2000.
Record expires on 18-Aug-2009.
Record created on 17-Aug-1993.
Database last updated on 17-Jan-2001 07:33:57 EST.

Domain servers in listed order:

NS-CORP.CAIS.NET 205.252.14.23
NS-CORP2.CAIS.NET 205.252.14.24
NS-CORP3.CAIS.NET 205.252.14.25


hmmm... the only suspicious thing about these cais chaps is that they are using an ip number that is not location registered... I couldn't get a name of it's location, nor a map, thus I think the info on location above may be an absolute load of horse...

As shown in Robo's last post, Cais are the source of the email, and the return path.

The return email was brittany532600@cais.com, obviously a generated email address, and as one might suspect, it was porn advertising... Me thinks PeterB should be tracked down, he's been looking at some naughty stuff...tsk tsk tsk...

Another slightly confusing aspect of this trace is that it appears to have two recipients... Or rather, one recipient, and that's not Robo's addy. It seems that the email was intended to reach 'pornlover@yahoo.com', but instead was routed to peterb@email.co.nz. Why? I think that's where cais comes into it, they are distributing it, and probably the Author of the message is the possesor of the yahoo address, which he uses for anonymous forwarding.

In other words, we have not found out what site the message is promoting, though doubtless Robo has a link to it somewhere in his mail... What we have found out is how this spamming system works.

It does as follows:

1.) Porn site send email to pornlover@yahoo.com

2.) Author of original message goes to his yahoo account, and then sends it through some fancy software to as many addresses as he can find, but his software has disguised it as coming form the brittany address.

3.) It is recieved by PeterB@email.co.nz

If anyone can elaborate on my theory, or if Robo can find the link, we can find out the rest of the information in this puzzle...

Good luck all!

:)

the FAT man

07-02-2002, 09:30 PM
>>Me thinks PeterB should be tracked down, he's been looking at some naughty stuff...tsk tsk tsk...<<

I think someone's already been there and done that. Remember the whole thing about the pirates on the Amazon river. They tracked him down and dealt to him real good ;-D

JM

08-02-2002, 07:33 AM
Sorry, Erin, message long gone.

Am beginning to wonder if it will ever be possible to throw a virtual brick through the window of spammers.

robo.

08-02-2002, 04:20 PM
I think that informing the webmasters of the offending servers, and/or getting yahoo to delete the 'pornlover' address would solve a fair bit of the problems...

Make it known that spam is of no advantage to the originator...

:)

the FAT man

12-02-2002, 04:26 PM
Erin, sorry about hijacking this post for a totally different topic but I wanted to grab your attention without bothering other people with email notifications.

Just wanted to ask you which one of the OS do you recommend avoiding, is it WinMe or Win2000? I remember you saying one or the other but I can't find the post/s. I'm considering buying a notebook and some of the older/cheaper models have WinMe on them. I don't want a dud!

Thanks!!

12-02-2002, 05:08 PM
Hi,

Not a problem, ME is the one to avoid, Win 2000 is actually quite good, go for that, or XP (home is a bargain, but not very powerful)...

the FAT man