[lug] OT: Is this credible? FW: Notice of impending black hole listing of 134.6.76.0/27

Harris, James James_Harris at maxtor.com
Wed May 22 09:10:47 MDT 2002 

Has anyone seen this before?  We regularly monitor our systems and have put
an incredible effort into ensuring that they are secure and un-abused.
Additionally, Maxtor utilizes other servers to do their spamming through
(I'm not happy about the fact that they spam, but what can you do?)  The
below message sounds technically credible, but I have trouble believing that
any credible blacklist service would require us to send an email back to
them just to get more information.  That seems awfully fishy and smells like
their searching for addresses.  Has anyone seen this before?  I've thrown
some searches at Google and don't turn any direct hits up for this.  The
message appears to have come from the gacracker.org domain legitimately and
I can't find any signs of spoofing.

Jim

-----Original Message-----
From: Nobody [mailto:mlnobody at redneck.gacracker.org] 
Sent: Wednesday, May 22, 2002 08:34
To: postmaster at mcomail01.maxtor.com; postmaster at mcomail01.maxtor.com
Cc: mlnotice+<removed code...>@redneck.gacracker.org
Subject: Notice of impending black hole listing of 134.6.76.0/27


Unless mail is sent to:
 
    mlinquire+<removed code...>@redneck.gacracker.org

and is received within 24 hours, the IP address and/or network 134.6.76.0/27
will be added to the DNS blackhole list of IPs that are improperly operating
mailing lists.  You should receive a reply to that message.

THIS LISTING MAY BE EXPANDED TO INCLUDE AN ENTIRE CIDR BLOCK WITHOUT FURTHER
NOTICE, upon receipt of additional UCE/UBE from within that net-block.

To get information describing what this is about, please respond to the
above address, and pointers to the available information will be provided in
the reply.  If you're uncomfortable sending mail from your own account, we'd
suggest using one of the free services (hotmail or yahoo) to send the reply
instead.

An attempt has been made to send this message to the <postmaster at RDNS> and
<postmaster@[IP]> addresses.  c.f. RFC 1173

RDNS is the domain name associated with the IP address/net.

Be sure to write down this code:

  <I've removed it...>

You will need it if you want to be conditionally removed from the list.  If
you lose it, there is no way to recover it.  The token is unique and will
allow manipulation of this issue only by somebody that knows or has access
to the token.

Regards,
mlinquire+<removed code...>@redneck.gacracker.org

More information about the LUG mailing list