MAPS - Support - Nominating an IP address to the RSS




		Definition of Spam

		End User Information

		Remove Request

		Nominations
	RBL
	DUL
	RSS
	OPS
	NML

		Library

		Contact

Nominating an IP address to the RSS

Examples of various types of headers

Is it actually "open relay spam"? Let's check some headers and see.

This is the header from a spam sent through an open relay.

>Received: from smtp04.primenet.com (daemon@smtp01.primenet.com [206.165.6.134])
> by primenet.com (8.8.8/8.8.5) with ESMTP id CAA00896
> for ; Tue, 18 May 1999 02:35:49 -0700 (MST)
>Received: (from daemon@localhost)
> by smtp04.primenet.com (8.8.8/8.8.8) id CAA00246
> for ; Tue, 18 May 1999 02:35:48 -0700 (MST)

(Internal handoffs; ignore).

>Received: from mail.ace.net.tw(203.70.86.8), claiming to be "ace.net.tw"
> via SMTP by smtp04.example.com, id smtpd000179; Tue May 18 02:35:34 1999

The reverse DNS checks out, and the server will happily relay mail for you, if you ask it to. This is the open server.

>Received: from hhDw67moH (d162-sc101h1-stct-pdi.attcanada.net 
>[142.194.155.162]) by ace.net.tw (8.8.8/8.7.3) with SMTP id RAA14108; Tue, 
>18 May 1999 17:42:26 +0800

142.194.155.162 is the real sender; the IP belongs to a attcanada.net dialup. The attcanada.net user abused the open server at 203.70.86.8 to send spam.

This is classic relayed spam, and this is the *only* kind of spam that should be submitted to the MAPS RSS^SM.

This is the header from a direct-to-MX spam:

>Received: from smtp02.primenet.com (daemon@smtp02.primenet.com [206.165.6.132])
> by primenet.com (8.8.8/8.8.5) with ESMTP id PAA17783;
> Sun, 28 Mar 1999 15:28:55 -0700 (MST)
>From: ooooo6521@eastmail.com
>Received: (from daemon@localhost)
> by smtp02.primenet.com (8.8.8/8.8.8) id PAA28461;
> Sun, 28 Mar 1999 15:28:53 -0700 (MST)

Internal handoffs.

>Message-Id: <199903282228.PAA28461@smtp02.primenet.com>
>Received: from ppp1011.on.bellglobal.com(206.172.224.51), claiming to be 
>"mail.mia.machine"
> via SMTP by smtp02.primenet.com, id smtpd028334; Sun Mar 28 15:28:46 1999

206.172.224.51 connected to the smtp server and sent the email directly to me; there is no relay. This is direct-to-MX spam, and this IP is in the MAPS DUL^SM. If you had been using the DUL, this mail would have been blocked.

Do *not* submit this kind of spam to the MAPS RSS^SM.

This is a header for a dialup-to-secure-mailserver spam:

>Return-Path: freetrial@flashmail.com
>Received: from smtp2.mindspring.com ([207.69.200.32] verified) by
>hercules.ultradesign.net (Stalker SMTP Server 1.8b3) with ESMTP id
>S.0000047129 for ; Sun, 16 May 1999 08:23:40 +0100

The spam was sent through Mindspring's mailserver. Mindspring's server is not open to relay, so the sender must be a Mindspring user.

>Received: from TStoerzbach (pool-207-205-235-130.dlls.grid.net
>[207.205.235.130])
> by smtp2.mindspring.com (8.8.5/8.8.5) with SMTP id DAA29517
> for ; Sun, 16 May 1999 03:21:21 -0400 (EDT)

This spammer was connected through a grid.net dialup; Mindspring leases POPs from grid.net.

This kind of spam should not be reported to the MAPS RSS^SM.