On Wed, 7 Nov 2007, Bob Johnson wrote:
> On Tuesday 06 November 2007 20:21, Jon Lewis wrote:
>> The best way to avoid looking like a spammer is to not spam. Anything
> I take it, then, that Atlantic.net is not trying to avoid looking like a
> spammer? Isn't the ISP that hosts a spammer tainted by the spam as well?
Every ISP will have customers spam on occasion. Believe it or not, I'm
dealing with another customer right now who is providing VPN service to
Nigeria. Guess what the Nigerians are doing with it? I haven't figured
out yet if the customer is evil or just amazingly gullible/naive.
> Everyone in my office gets spam from the Hippodrome. None of us have ever
> signed up for it. None of us want it. It originates from an Atlantic.net
> address. My complaints to the Hippodrome _and_ to Atlantic.net were
> completely ignored. I finally (supposedly) got off the list by telephoning
> the Hipp, and I blocked them at our server for the rest of our office (so for
> all I know, I'm still on the list).
My responsibilities at Atlantic.net don't normally include reading abuse@,
but I do look into issues when they're brought directly to my attention.
In this case, I see we have gotten a few spamcop complaints about the
Hippodrome's mailings...but on the order of 2-3 per month, and none since
the first week of October. Still, I've sent an email to the contact
address we have on file for their T1, asking to be put in touch with
whoever's responsible for their direct mailings, so I can talk to them
about what's acceptable, what's not, and mention that they're probably
> By the way, the address they were spamming me at is one that is only published
> on one web page. I never provide it to anyone, so they clearly obtained it by
> harvesting addresses from that (UF department) web site, although when I
> called them they denied that they do this.
If you can send me some samples I can share with them, that would be
helpful. X-out the recipient address if you like.
> 2007-11-04 14:38:30 -0500 H=(server2.Hippodrome) [188.8.131.52]
> F=<[log in to unmask]> rejected RCPT <[log in to unmask]>: Previous (cached)
> callout verification failure
> (these are all getting 550 responses from us - yet they keep re-trying)
At what phase of the SMTP dialog are you giving them a 550? I suspect
their MTA is some buggy app on Windows and isn't understanding the 550 for
some reason. I've seen that sort of thing before (with Atlantic.net on
the receiving end) and the easiest solution is to simply accept the
message so they'll stop retrying. In our case, they were sending to an
address that didn't exist, and retrying many times/minute.
> And like all good spammers, they use a fake server name:
> 2007-11-02 15:58:30 -0400 no IP address found for host
> hippodrome-gsvl-gw-1.atlantic.net (during SMTP connection from
> (server2.Hippodrome) [184.108.40.206])
That's more a sign of lack of clue than spamming. Lots of non-spamming
mail servers issue bogus helo's. It's probably causing them added
difficulty in getting mail delivered...which if it's spam would be a good
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________