![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Can I block this IP?
Dar
nobody at spamcop.net
Sat Jul 10 23:13:42 EDT 2004
"N. Miller" <tdy at blackhole.aosake.net> wrote in message
news:MPG.1b5a68df3e51fb9f989725 at news.spamcop.net...
> In article <ccnb5b$a4q$1 at news.spamcop.net>, Dar says...
>
> > From ALBINO-RHINO at worldnet.att.net Fri Jul 9 03:01:51 2004
> > Received: from manoj.com ([203.145.168.60])
>
> > It's not worldnet.att.net I would block; it's manoj.com
>
> Any particular reason for blocking manoj.com instead of 203.145.168.60?
Even
> I can forge "HELO manoj.com" in an SMTP transaction.
>
> > Received: from spooler by aosake.net (Mercury/32 v4.01a); 10 Jul 2004
21:51:47 -0700
> > X-Envelope-To: x
> > Return-path: x
> > Received: from manoj.com (66.125.89.99) by aosake.net (Mercury/32
v4.01a) ID MG000036;
> > 10 Jul 2004 21:50:26 -0700
> > Date: July 10, 2004
> > Subject: Test
> > From: <anybody at nogody.ina.invalid>
> > To: <nobocy at anybody.invalid>
>
> As you can see, the IP address is reliably recorded, but not the FQDN of
the
> SMTP HELO.
As I said, these may have been bad examples, but only what I had
handy at the time. In many cases, I would block the IP AND the domain.
I research all domains/IPs before I block them and in this case,
manoj.com shows up as *page not found* and the server IP is:
203.200.144.18 = Asia Pacific. So it wouldn't be any loss to list
both the IP and the domain in that 203.145.168.60 also = Asia
Pacific.
Dar
More information about the SpamCop-List
mailing list