[lug] OT: Is this credible? FW: Notice of impending black hole listingof 134.6.76.0/27
D. Stimits
stimits at idcomm.com
Wed May 22 12:44:19 MDT 2002
"Harris, James" wrote:
>
> Has anyone seen this before? We regularly monitor our systems and have put
> an incredible effort into ensuring that they are secure and un-abused.
> Additionally, Maxtor utilizes other servers to do their spamming through
> (I'm not happy about the fact that they spam, but what can you do?) The
> below message sounds technically credible, but I have trouble believing that
> any credible blacklist service would require us to send an email back to
> them just to get more information. That seems awfully fishy and smells like
> their searching for addresses. Has anyone seen this before? I've thrown
> some searches at Google and don't turn any direct hits up for this. The
> message appears to have come from the gacracker.org domain legitimately and
> I can't find any signs of spoofing.
A number of people have stated that auto-responders to email lists, if
checked by a blackhole service, can trigger this, along with unsolicited
offers to join lists (which spoofing ends up triggering). Does your
domain have auto-responders? Then there is the possibility that someone
spoofed your IP.
Unfortunately, I can resolve redneck.gacracker.org, but the USA whois
database does not list them (perhaps they are registered somewhere else
in the world). Checking for web services under that domain (or
variations) does not show any web sites. Via a google search, you might
find this interesting:
http://www.greatcircle.com/lists/list-managers/digest/list-managers.200107
http://webdragon.dotorg.org/~mec/openlist/ol03.txt
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list