[ 14253 ] 迷惑メール(spam)撲滅私的調査会 HTML化ログ |
---|
ID-code:no_id
4JO2ELY.COM と ZOANMAIL.COMは海外でもブラックリストに掲載されるSPAMドメインです。ネームサーバーまで、自前で用意するしたたかものですが、registをたどるとISPがGoDaddy.comのようですが、間違いないでしょうか?ISPがspam-and-abuse.comとzen1ado.comに契約を切れば、zoanmail.comを抹殺することができるのでしょうか?
SPAM-AND-ABUSE.COM <= ZEN1ADO.COM <= 4JO2ELY.COM <= ZOANMAIL.COM
Registrant:
Zoanmail
953 Mission St.
Suite 201
San Francisco, California 94103
United States
Registered through: GoDaddy.com
Domain Name: ZEN1ADO.COM
Created on: 08-Jan-03
Expires on: 08-Jan-04
Last Updated on: 11-Jul-03
Administrative Contact:
Administrator, System support@zoanmail.com
Zoanmail
953 Mission St.
Suite 201
San Francisco, California 94103
United States
415-442-4690 Fax -- 415-442-4691
Technical Contact:
Administrator, System support@zoanmail.com
Zoanmail
953 Mission St.
Suite 201
San Francisco, California 94103
United States
415-442-4690 Fax -- 415-442-4691
Domain servers in listed order:
NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
Registrant:
Parsons Advanced
14455 North Hayden Road
Suite 226
Scottsdale, Arizona 85260
United States
Registered through: GoDaddy.com
Domain Name: SPAM-AND-ABUSE.COM
Created on: 20-May-03
Expires on: 20-May-04
Last Updated on: 20-May-03
Administrative Contact:
Holdings, Inc., Parsons Advanced dns@jomax.net
Parsons Advanced
14455 North Hayden Road
Suite 226
Scottsdale, Arizona 85260
United States
(480) 505-8877 Fax -- (480) 505-8844
Technical Contact:
Holdings, Inc., Parsons Advanced dns@jomax.net
Parsons Advanced
14455 North Hayden Road
Suite 226
Scottsdale, Arizona 85260
United States
(480) 505-8877 Fax -- (480) 505-8844
Domain servers in listed order:
WSC1.JOMAX.NET
WSC2.JOMAX.NET
ID-code:NrppobISv22
GoDaddyはレジストラであり、登録を取り消す事は多分しないでしょう。
レジストラは代行業のようなもので、実際にドメインの管理は
各国の「nic」がやっているからです
通常スパマーに対して、処置を行えるのがISPですね
そして最上流のISPがスパマーである可能性は殆どありません。
但し苦情を出しても処置をするかしないかはISP次第ですが。
一度、ヘッダを貼って貰えますか。
ID-code:no_id
お返事ありがとうございます。
メールとID関係は?に変更しました。
いかがでしょうか?
Return-Path: <bounceto-402-190311504@bounceto.4jo2ely.com>
Received: from 4jo2ely.com ([157.151.50.86])
by ???????.??????.??? (8.11.1/8.11.1) with SMTP id h7BCKwJ04048
for <??????@??????.???>; Mon, 11 Aug 2003 07:20:58 -0500 (CDT)
Content-Type: multipart/alternative; boundary="----------=_1060575756-6748-0"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
To: <??????@??????.???>
Received: from img.4jo2ely.com by 4jo2ely.com id <402.54758.190311504@4jo2ely.com> for ??????@??????.???; Mon, 11 Aug 2003 12:21:12 GMT
From: "The Gaming Club" <TheGamingClub-replyto-402-190311504@lists.4jo2ely.com>
Subject: The odds are better here
Date: Mon, 11 Aug 2003 12:21:12 GMT
Message-Id: <402.54758.190311504@4jo2ely.com>
Errors-To: <bounceto-402-190311504@bounceto.4jo2ely.com>
Reply-To: TheGamingClub-replyto-54758-190311504@lists.4jo2ely.com
List-Unsubscribe: <http://www.4jo2ely.com/unsub.php?id=idnoidnoidnoidnoidnoid>,
<mailto:TheGamingClub-unsubscribe-402@lists.4jo2ely.com?subject=unsubscribe>
X-UIDL: p_J!!iAW!!]+E"!aQ*!!
This is a multi-part message in MIME format...
------------=_1060575756-6748-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Confidential Confidential Confidential
FOR IMMEDIATE PROCESSING
Official Disbursement Immediate Disbursement C 4-02395
Attention ??????@??????.???
I am contacting you at this time regarding the $860.00 in FREE
cash that remains unclaimed.
http://216.200.240.12/m/P.aspx?C=1298&q=??????@??????.???
This money is real Casino Play cash, $860.00 total, and may be
claimed simply by clicking below and following the simple instructions.
http://216.200.240.12/m/P.aspx?C=1298&q=??????@??????.???
Download all the casinos below and play all of your favorite games with
up to $860.00 of our money. This is real money, so don稚 wait another minute.
Click below to have the money transferred to your online account.
7Sultans
http://216.200.240.12/m/P.aspx?C=1298&q=??????@??????.???
Vegas Villa
http://216.200.240.12/m/P.aspx?C=1303&q=??????@??????.???
Vegas Palms
http://216.200.240.12/m/P.aspx?C=1302&q=??????@??????.???
Fortune Room
http://216.200.240.12/m/P.aspx?C=1300&q=??????@??????.???
Royal Vegas
http://216.200.240.12/m/P.aspx?C=1301&q=??????@??????.???
Minimum Cash Deposit Required
http://216.200.240.12/m/P.aspx?C=1298&q=??????@??????.???
Click below for terms and conditions
http://216.200.240.12/m/P.aspx?C=1299&q=??????@??????.???
--------------------------------------------------------------------------
You are receiving this e-mail because ??????@??????.??? registered
with EnthusiasmOnline or one of our marketing partners.
If you received this message in error or if you wish to be removed from
our mailing list, follow this link to unsubscribe.
http://www.4jo2ely.com/unsub.php?id=BJADBBFAE7EAC000
During the removal period, you may receive some offers that were already
in process when your request was received.
EnthusiasmOnline does not sponsor or otherwise endorse the goods and/or
services advertised herein.
Monday 08/11/03 05:26:21-54758
--------------------------------------------------------------------------
------------=_1060575756-6748-0
Content-Type: text/html
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
<html>
<body>
<img src=3D
"http://img.4jo2ely.com:8080/images/01/402.190311504.54758.27.1060604472.gif"
>
</body>
</html>
<html>=0D
<body>=0D
<center>=0D
<table width=3D"606" border=3D"0" cellpadding=3D"0" cellspacing=3D"0" heigh=
t=3D"528">=0D
<tr> =0D
<td width=3D"1" valign=3D"top" rowspan=3D"4">=A0</td>=0D
<td valign=3D"top" colspan=3D"4" height=3D"165"> =0D
<p>=0D
<a href=3D"http://216.200.240.12/m/P.aspx?C=3D1298&q=3D??????@??????.???" ta=
rget=3D"_blank"><img src=3D"http://mirror.imagesserver.com/images/newslick/=
JCN1eHead.gif" width=3D"619" height=3D"165" border=3D"0"></a></p>=0D
</td>=0D
</tr>=0D
<tr> =0D
<td width=3D"24" height=3D"398"></td>=0D
<td valign=3D"top" width=3D"342"> =0D
<div align=3D"center"> =0D
<p align=3D"left"><font size=3D"2" face=3D"Verdana, Arial, Helvetic=
a, sans-serif">=0D
Attention: ??????@??????.???</font></p>=0D
<p align=3D"left"><font size=3D"2" face=3D"Verdana, Arial, Helvetic=
a, sans-serif">I =0D
am contacting you at this time regarding the $<a href=3D"http://2=
16.200.240.12/m/P.aspx?C=3D1298&q=3D??????@??????.???">860.00 =0D
in FREE cash that remains unclaimed.</a></font></p>=0D
<p align=3D"left"><font size=3D"2" face=3D"Verdana, Arial, Helvetic=
a, sans-serif"> =0D
This money is real Casino Play cash, $860.00 total, and may be=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D129=
8&q=3D??????@??????.???">claimed =0D
simply by clicking below</a> and following the simple instruction=
s.</font></p>=0D
<p align=3D"left"><font size=3D"2" face=3D"Verdana, Arial, Helvetic=
a, sans-serif">Download =0D
all the casinos below and=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D129=
8&q=3D??????@??????.???">play =0D
all of your favorite games</a> with up to $860.00 of our money. T=
his =0D
is=0D
<a href=3D"http://216.200.240.12/m/P.aspx?C=3D1298&q=3D??????@??????.???">=
real =0D
money</a>, so don=92t wait another minute.=0D
<a href=3D"http://216.200.240.12/m/P.aspx?C=3D1298&q=3D??????@??????.???">=
Click =0D
below</a> to have the=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D129=
8&q=3D??????@??????.???">money =0D
transferred to your online account</a>.</font></p>=0D
<p align=3D"center"><font size=3D"3" face=3D"Verdana, Arial, Helvet=
ica, sans-serif"><br>=0D
<br>=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D1=
300&q=3D??????@??????.???"><img src=3D"http://mirror.imagesserver.com/images/newsl=
ick/JCX1dFortunechip.gif" width=3D"83" height=3D"82" border=3D"0"></a><a ta=
rget=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D1301&q=3DZOAN_EM=
AIL"><img src=3D"http://mirror.imagesserver.com/images/newslick/JCX1dRoyalV=
egas.gif" width=3D"83" height=3D"82" border=3D"0"></a><a target=3D"_blank" =
href=3D"http://216.200.240.12/m/P.aspx?C=3D1298&q=3D??????@??????.???"><img src=3D=
"http://mirror.imagesserver.com/images/newslick/JCX1dSultan.gif" width=3D"8=
3" height=3D"82" border=3D"0"></a></font></p>=0D
<p align=3D"center"><font size=3D"3" face=3D"Verdana, Arial, Helvet=
ica, sans-serif">=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D130=
2&q=3D??????@??????.???">=0D
<img src=3D"http://mirror.imagesserver.com/images/newslick/JCX1dVeg=
asPalms.gif" border=3D"0" width=3D"85" height=3D"94"></a><a target=3D"_blan=
k" href=3D"http://216.200.240.12/m/P.aspx?C=3D1303&q=3D??????@??????.???"><img src=
=3D"http://mirror.imagesserver.com/images/newslick/JCX1dVegasVilla2.gif" wi=
dth=3D"83" height=3D"82" border=3D"0"></a></font></p>=0D
</div>=0D
</td>=0D
<td width=3D"14"></td>=0D
<td width=3D"239" rowspan=3D"2" valign=3D"top"> =0D
<div align=3D"center"><font size=3D"2" face=3D"Arial, Helvetica, sans=
-serif"><b>=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D129=
8&q=3D??????@??????.???"><img src=3D"http://mirror.imagesserver.com/images/newslic=
k/JCN1eRightside.gif" width=3D"239" height=3D"455" border=3D"0"></a></b></f=
ont></div>=0D
</td>=0D
</tr>=0D
<tr> =0D
<td height=3D"155"></td>=0D
<td valign=3D"top"> =0D
<div align=3D"center"> =0D
<p align=3D"left">=A0</p>=0D
<p align=3D"left"><font size=3D"2" face=3D"Verdana, Arial, Helvetic=
a, sans-serif">=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D129=
8&q=3D??????@??????.???">Play =0D
with $860.00 of OUR MONEY</a></font></p>=0D
<p align=3D"center">=0D
<a target=3D"_blank" href=3D"http://216.200.240.12/m/P.aspx?C=3D129=
8&q=3D??????@??????.???"><img src=3D"http://mirror.imagesserver.com/images/newslic=
k/JCN1eButOAN.gif" width=3D"197" height=3D"53" border=3D"0"></a></p>=0D
<p><font size=3D"1" face=3D"Verdana, Arial, Helvetica, sans-serif">=
For Terms =0D
& Conditions<a target=3D"_blank" href=3D"http://216.200.240.12/m/=
P.aspx?C=3D1299&q=3D??????@??????.???"> =0D
CLICK HERE</a><br>=0D
Minimum Deposit Required</font></p>=0D
</div>=0D
</td>=0D
<td></td>=0D
</tr>=0D
<tr> =0D
<td height=3D"2"></td>=0D
<td height=3D"2"></td>=0D
<td height=3D"2"></td>=0D
<td height=3D"2"></td>=0D
</tr>=0D
<tr> =0D
<td valign=3D"top" height=3D"12">=A0</td>=0D
<td></td>=0D
<td></td>=0D
<td></td>=0D
<td></td>=0D
</tr>=0D
<tr> =0D
<td valign=3D"top" height=3D"12">=A0</td>=0D
<td></td>=0D
<td></td>=0D
<td></td>=0D
<td></td>=0D
</tr>=0D
<tr> =0D
<td height=3D"0"></td>=0D
<td></td>=0D
<td></td>=0D
<td></td>=0D
<td></td>=0D
</tr>=0D
</table></center>=0D
<hr>=0D
<img src=3D"http://216.200.240.12/m/p1297-q??????@??????.???.gif">=0D
<img src=3D"http://216.200.240.12/m/p1298-q??????@??????.???.gif">=0D
<img src=3D"http://216.200.240.12/m/p1299-q??????@??????.???.gif">=0D
<img src=3D"http://216.200.240.12/m/p1300-q??????@??????.???.gif">=0D
<img src=3D"http://216.200.240.12/m/p1301-q??????@??????.???.gif">=0D
<img src=3D"http://216.200.240.12/m/p1302-q??????@??????.???.gif">=0D
<img src=3D"http://216.200.240.12/m/p1303-q??????@??????.???.gif">=0D
</body>=0D
=0D
</html>=0D
<!-- footer -->
<p>
<center>
<font face=3D"arial" size=3D"-2">
You are receiving this e-mail because ??????@??????.??? registered
with EnthusiasmOnline or one of our marketing partners.
<BR>
If you received this message in error or if you wish to be removed from
our mailing list, follow this link to unsubscribe.<p>
<a href=3D"
http://www.4jo2ely.com/unsub.php?id=3Didnoidnoidnoidnoidnoid">
http://www.4jo2ely.com/unsub.php?id=3DBJADBBFAE7EAC000
</a>
<P>
During the removal period, you may receive some offers that were already
in process when your request was received.
<BR>
EnthusiasmOnline does not sponsor or otherwise endorse the goods and/or ser=
vices advertised herein.
<p>
Monday 08/11/03 05:26:22-54758
</font>
</center>
<!-- /footer -->
------------=_1060575756-6748-0--
ID-code:NrppobISv22(本記事は投稿者自身により09/04-22:47に修正されました)
このサイトの管理人さん提供のヘッダ解析ツールを使って
http://antispam.stakasaki.net/tools/hdpar-fr.html
hdparの使い方
http://antispam.stakasaki.net/tools/hdpar/yongfa.html
簡単に苦情先を見つけることが出来ますよ。
Received: from 4jo2ely.com ([ 157.151.50.86 1 PTR 4jo2ely.com ])
ヘッダ情報よりこのIPアドレス「157.151.50.86」が送信に使われたサーバのアドレスです。
で、結果です
--------------------------------------------
以下が各IPアドレスからの苦情先解析です。
!注意!受け手側のサーバから0,1,2番くらい前の所に、御自身の利用ネット業者が出てきた場合、
単に受信した後の経路が残っているだけの可能性が高いので注意して下さい。
とんちんかんな苦情先になります。
IPアドレス「157.151.50.86」のipseek簡易解析結果
このIPアドレスは受け手側のサーバから0つ前のサーバが残した記録です。
受信サーバによれば標準時刻 Day11-12:20:58 に残したことになっています。
PTR 4jo2ely.com ---> www.4jo2ely.com
SOA root@zoanmail.com 中策 ---> www.zoanmail.com
NS miles.zoanmail.com
NS ella.zoanmail.com
NS ns2.4jo2ely.com
NS ns1.4jo2ely.com
ABUSENET abuse@pbi.net (for zoanmail.com), 上策の苦情先
ABUSENET abuse@cogentco.com (for zoanmail.com), 上策の苦情先
MX sarah.zoanmail.com
A 198.207.169.253 (157.151.50.86) WARNING! DNS SERVER MAY FORGED!! (contact to the upper reaches)
上記のように上策の苦情先が見つかりました。
→一応、GeekTools結果(詳細版)でネット業者を確認できます。 (代用1:日本の場合JPNIC結果、代用2:ipseek結果)
[分かる人向け→このIPのブラックリストへの登録状況/Proxscan]
送信者のコンピュータでは に発信したことになっているようです。
-------------------------------------------------------------
の様に結果が出ます。
この場合は、上策の苦情先が出ましたので此れを苦情先として使います。
「 abuse@pbi.net abuse@cogentco.com support@Lenders2You.com(サイト」が今回の苦情先です。
英語で苦情文を同報で送信すればよいでしょう。
英語が苦手なら、スパム対処依頼文雛型を参考にどうぞ。
http://www.interq.or.jp/red/tatifuro/spam/kougi_menu.html
------------------------------------------------------------
サイト関係はと言うと、以下「216.200.240.12」の例
support@Lenders2You.comがこの場合の苦情先です。
IPアドレス 216.200.240.12
ホスト名 lenders2you.com
IPアドレス 割当国 ※ アメリカ合衆国 (US)
abuse.net に苦情先が登録されていないので
Whoisから探します。
(省略致します)
Domain Name: LENDERS2YOU.COM
Created on..............: Wed, May 14, 2003
Expires on..............: Fri, May 14, 2004
Record last updated on..: Fri, Jun 13, 2003
Administrative Contact:
Lenders2You.com
Marketing Associate
PO Box 7361 - 101438
San Francisco, CA 94120-7361
US
Phone: (415) 773-8638
Email: support@Lenders2You.com
Technical Contact: -------------此れが苦情先「技術担当者」
Lenders2You.com
Marketing Associate
PO Box 7361 - 101438
San Francisco, CA 94120-7361
US
Phone: (415) 773-8638
Email: support@Lenders2You.com
Zone Contact:
Lenders2You.com
Marketing Associate
PO Box 7361 - 101438
San Francisco, CA 94120-7361
US
Phone: (415) 773-8638
Email: support@Lenders2You.com
Domain servers in listed order:
NS.ABOVE.NET 207.126.96.162
NS3.ABOVE.NET 207.126.105.146
Register your domain name at http://www.register.com
ID-code:no_id
お返事ありがとうございます。
> このサイトの管理人さん提供のヘッダ解析ツールを使って
> http://antispam.stakasaki.net/tools/hdpar-fr.html
> hdparの使い方
> http://antispam.stakasaki.net/tools/hdpar/yongfa.html
> 簡単に苦情先を見つけることが出来ますよ。
hdparはいつも、使っております。
> 「 abuse@pbi.net abuse@cogentco.com support@Lenders2You.com(サイト」が今回の苦情先です。
でもなぜ、lenders2You.comがでてくるのですか?
それと、zonmailはネームサーバー自前のため、
nicでたどってみたのですが。違うのでしょうか?
ID-code:NrppobISv22
あくまでHTML文の中の「216.200.240.12」を
検索した結果です。
Domain Name: LENDERS2YOU.COM
まあ、省略した部分にあるのですが、送信元と宣伝先は結果が、
同じとは限りません。
support@Lenders2You.comは本文宣伝先、又はスパマーがデータを
置く為に使っているサーバの苦情先です。
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Name Server: NS.ABOVE.NET
Name Server: NS3.ABOVE.NET
Status: ACTIVE
Updated Date: 02-jun-2003
Creation Date: 14-may-2003
Expiration Date: 14-may-2004
ネームサーバは、ABOVEですね。
結果が、良く判らない場合などの時は、複数のツールを使って
結果を見比べると言う事も必要になってきます。
hdperで苦情先が出ない場合等、す〜ぱ〜もので苦情先が出ない場合等の
場合、登録情報を見て探すわけですが、単にGeekを見ただけでは出ない場合も有ります。
私の出した結果が、正しいとはかぎりませんよ。