- Nov 27 * new_account@turtle (1047) Your mail password
- Nov 27 * email@example.com (1047) Faulty_mail delivery
- Nov 27 * webmaster@hotmail. (1059) invalid mail <SMTP:8650>
- Nov 27 * Error_Mail@wimborn (1051) Mail delivery_failed <6580>
- Nov 27 * smooth_criminal_00 (1039) Details
- Nov 27 * hostmaster@hotmail (1043) Confirmation
- Nov 27 * shaikin_fati@hotma (1041) Oh God it's
- Nov 27 * Auto-Mailer@valves (1053) Re: Faulty_mail delivery <Esmtp:5394>
- Nov 27 * nasimaqsa@hotmail. (1030) Details
- Nov 27 * Error_Mail@winzyra (1052) Re: Mail delivery_failed
- Nov 27 * firstname.lastname@example.org (1043) Mail Error <SMTP:3234>
- Nov 27 * new_account@talk21 (1045) Re: Registration confirmation
- Nov 27 * Error_Mail@barking (1049) FwD: illegal signs in your mail
- Nov 27 * notifications@grou (1034) Oh God it's
- Nov 27 * email@example.com (1051) Re: Mail delivery_failed <7339>
- Nov 27 * firstname.lastname@example.org (1046) Your Password <KEY:4924>
- Nov 27 * email@example.com (1053) Faulty_mail delivery
- Nov 27 * firstname.lastname@example.org (1034) FwD: Details
Well, more like viral spam, as it's the same box, over and over, trying
to deliver a virus. The IP
address it's coming from is
184.108.40.206, which belongs to blueyonder, an
ISP based out of Surrey,
While I could ban the IP that would only stop perhaps 40% of it, as most of it is coming in via the backup email host for my domain and I don't have the access to block IP addresses there. I did a look up on the IP address (which is how I found out who owns it) and got this:
|inetnum:||220.127.116.11 - 18.104.22.168|
|descr:||Telewest HSD Platform|
|remarks:||report abuse to email@example.com|
|remarks:||All reports via other channels will be ignored.|
As you can see, all abuse issues need to be mailed to firstname.lastname@example.org, which I did:
From: Sean Conner <email@example.com>
Subject: Infected machine trying to infect my machine
Date: Thu, 25 Nov 2004 14:52:55 -0500 (EST)
To whom it may concern:
A machine with the IP address of
22.214.171.124is continuously sending me infected files, 12 alone today, and about 20 yesterday (when I first noticed). I'm not concerned terribly much about getting infected (since I run Linux, not Windows) but it is clogging up my email, and no telling how many other systems it's trying to infect. Please deal with this as soon as possible.
[email sent to me attached]
And as you can see, that was two days ago.
And they're still coming in.
So much for reporting abuse issues.
Today, I went to their broadband support page, and put in a trouble ticket. Maybe then they'll take a look into this.