From owner-freebsd-hackers Sun Dec 14 23:47:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id XAA01335 for hackers-outgoing; Sun, 14 Dec 1997 23:47:12 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id XAA01329 for ; Sun, 14 Dec 1997 23:47:08 -0800 (PST) (envelope-from tlambert@usr09.primenet.com) Received: (from daemon@localhost) by smtp04.primenet.com (8.8.8/8.8.8) id AAA18389; Mon, 15 Dec 1997 00:50:23 -0700 (MST) Received: from usr09.primenet.com(206.165.6.209) via SMTP by smtp04.primenet.com, id smtpd018376; Mon Dec 15 00:50:17 1997 Received: (from tlambert@localhost) by usr09.primenet.com (8.8.5/8.8.5) id AAA28454; Mon, 15 Dec 1997 00:46:28 -0700 (MST) From: Terry Lambert Message-Id: <199712150746.AAA28454@usr09.primenet.com> Subject: Re: weird IP address To: sthaug@nethelp.no Date: Mon, 15 Dec 1997 07:46:28 +0000 (GMT) Cc: jgrosch@superior.mooseriver.com, hackers@FreeBSD.ORG In-Reply-To: <26132.882093169@verdi.nethelp.no> from "sthaug@nethelp.no" at Dec 14, 97 10:52:49 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > While sending out hate mail to the latest round of spammers I got an answer > > back from nslookup that I just do not understand. I got spam from > > MoneyMakers.com. When I did an nslookup I got the following: > > > > superior% nslookup moneymakers.com > > Server: superior.mooseriver.com > > Address: 205.166.121.5 > > > > Non-authoritative answer: > > Name: moneymakers.com > > Address: 1.1.1.1 > > My guess is that they're doing that precisely to keep you from responding. > You'll find: > > moneymakers.com. 288800 MX 10 mail.moneymakers.com. > ftp.moneymakers.com. 288800 A 1.1.1.1 > mail.moneymakers.com. 288800 A 1.1.1.1 > www.moneymakers.com. 288800 A 1.1.1.1 > > So they're doing everything they can to prevent you from responding to > their spam. Try looking at the Received: lines for some (possibly) more > relevant info. This is good. Contact InterNIC. They will revoke the domain pending pointing to real IP addresses for the A records. I have had luck with this tack before. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.