[SpamCop-List] Re: Can I block this IP?
nobody at spamcop.net
Sat Jul 10 23:13:42 EDT 2004
"N. Miller" <tdy at blackhole.aosake.net> wrote in message
news:MPG.1b5a68df3e51fb9f989725 at news.spamcop.net...
> In article <ccnb5b$a4q$1 at news.spamcop.net>, Dar says...
> > From ALBINO-RHINO at worldnet.att.net Fri Jul 9 03:01:51 2004
> > Received: from manoj.com ([184.108.40.206])
> > It's not worldnet.att.net I would block; it's manoj.com
> Any particular reason for blocking manoj.com instead of 220.127.116.11?
> I can forge "HELO manoj.com" in an SMTP transaction.
> > Received: from spooler by aosake.net (Mercury/32 v4.01a); 10 Jul 2004
> > X-Envelope-To: x
> > Return-path: x
> > Received: from manoj.com (18.104.22.168) by aosake.net (Mercury/32
v4.01a) ID MG000036;
> > 10 Jul 2004 21:50:26 -0700
> > Date: July 10, 2004
> > Subject: Test
> > From: <anybody at nogody.ina.invalid>
> > To: <nobocy at anybody.invalid>
> As you can see, the IP address is reliably recorded, but not the FQDN of
> SMTP HELO.
As I said, these may have been bad examples, but only what I had
handy at the time. In many cases, I would block the IP AND the domain.
I research all domains/IPs before I block them and in this case,
manoj.com shows up as *page not found* and the server IP is:
22.214.171.124 = Asia Pacific. So it wouldn't be any loss to list
both the IP and the domain in that 126.96.36.199 also = Asia
More information about the SpamCop-List