Return-path: <mizunk006553n46@earthlink.net>
Envelope-to: customerservice@coolbeansdesigns.com
Delivery-date: Mon, 04 Nov 2002 22:08:25 -0500
Received: from 200-206-142-147.hoteloasis.com.br ([200.206.142.147] helo=earthlink.net)
by www.electricbluerhino.net with smtp (Exim 3.36 #1)
id 188u4W-0001z0-00
for customerservice@coolbeansdesigns.com; Mon, 04 Nov 2002 22:08:18 -0500
Received: from 149.30.206.30 ([149.30.206.30]) by mta85.snfc21.pibi.net with esmtp; 05 Nov 2002 07:07:01 -0000
Received: from unknown (HELO sparc.zubilam.net) (116.199.241.169)
by hd.ressort.net with smtp; Tue, 05 Nov 2002 07:02:03 +0100
Received: from 158.2.228.101 ([158.2.228.101]) by smtp4.cyberecschange.com with local; Tue, 05 Nov 2002 07:57:05 -0500
Reply-To: <mizunk006553n46@earthlink.net>
Message-ID: <020b18d71b7c$1335a7e6$4cb50be6@cfuqjk>
From: <mizunk006553n46@earthlink.net>
To: AOL Users
Subject: Do you remember me ? 0612rbMI5-937n-13
Date: Mon, 04 Nov 2002 20:56:23 +0600
MiME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Importance: Normal



Hi guys! I keep getting this message from this guy. I noticed his server is electricbluerhino.net and wondered if that's how he got my email addy. I"ve been getting spammed like crazy at a few of my coolbeans addys.

Thanks!

DJ

Hi DJ,
"Do you remember me?" I guess that's what you get for hanging out at the Hotel Oasis! :roll: (j/k)

Sorta like the Hotel California? I think it is probably old spam that you deleted and the rejection keeps bouncing back like a ping pong ball. I get those all the time and the delete key works like a charm. :shocked:

You could block the sender?

:cry: I delete... and block.... and delete... and block... and delete... and block... and well, you get the point. I'm just really sick of all of this spam I'm getting at my cool beans addys. The sender was using electricbluerhino.net and that makes me wonder if somehow he "got me" through the hosting or something.

Thanks!

DJ

Hmm... The way I read that - It was received by electricbluerhino from blah blah...

Hi DJ,

Richards quite right, the email was received by electric......etc.

Using the header info I traced the senders isp, here's the details. Contant the admin to complain. (this bit has the admin: (don't always expect them tio rush to help though)
Comment:
This IP address range has been transferred to LACNIC for administrative
oversight. Please see http://www.lacnic.net/ for further details,
or check the WHOIS server located at whois.lacnic.net


OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LNIC

NetRange: 200.0.0.0 - 200.255.255.255
CIDR: 200.0.0.0/8
NetName: LACNIC-200
NetHandle: NET-200-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: ARROWROOT.ARIN.NET
NameServer: BUCHU.ARIN.NET
NameServer: CHIA.ARIN.NET
NameServer: DILL.ARIN.NET
NameServer: NS.LACNIC.ORG
NameServer: NS.DNS.BR
NameServer: NS2.DNS.BR
Comment:
This IP address range has been transferred to LACNIC for administrative
oversight. Please see http://www.lacnic.net/ for further details,
or check the WHOIS server located at whois.lacnic.net
RegDate: 2002-07-27
Updated: 2002-08-16

TechHandle: LACNIC-ARIN
TechName: Latin American and Caribbean IP address Regional R
TechPhone: (+55) 11 5509-3525
TechEmail: hostmaster@lacnic.net

OrgTechHandle: LACNIC-ARIN
OrgTechName: Latin American and Caribbean IP address Regional R
OrgTechPhone: (+55) 11 5509-3525
OrgTechEmail: hostmaster@lacnic.net

You can track most spammers from a site like:

http://combat.uxn.com/

There's other sites out there too, a Google search will throw up 10 or 12 good ones

Hi guys! DUH! I had a brainfart, and that was the wrong header I meant to quote, but one of the messages I got. Duh! duh! DUH!

Thank you for all of your help! If I ever get a free minute, I'm gonna start digging into this a little further. Thank you for your helpful links, Shane.

DJ