Anonymous remailer abuse
From Internet Privacy
September 12 2010
These criminals from news.admin.net-abuse.email have now taken to
spamming my mailboxes via an anonymous remailer. This has been
spammed to 5 different mailboxes of mine and I received over
100 of these.
It looks like the spammer from news.admin.net-abuse.email
has taken one of my complaints about them and is spamming
it back to me.
I have removed my email addresses from the headers to prevent
any further abuse by these criminals.
This spam sent from 78.31.67.164
09/18/10 10:06:08 dns 78.31.67.164
nslookup 78.31.67.164
Canonical name: mail.anonymitaet-im-inter.net
Addresses: 78.31.67.164
Delivered-To: <REMOVED EMAIL>
Received: by 10.213.29.209 with SMTP id r17cs55079ebc;
Sun, 12 Sep 2010 18:37:58 -0700 (PDT)
Received: by 10.14.121.141 with SMTP id r13mr2216747eeh.47.1284341876324;
Sun, 12 Sep 2010 18:37:56 -0700 (PDT)
Return-Path: <mixmaster@anonymitaet-im-inter.net>
Received: from anonymitaet-im-inter.net (mail.anonymitaet-im-inter.net [78.31.67.164])
by mx.google.com with ESMTP id b60si10625833eei.17.2010.09.12.18.37.53;
Sun, 12 Sep 2010 18:37:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of mixmaster@anonymitaet-im-inter.net designates 78.31.67.164 as permitted sender) client-ip=78.31.67.164;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of mixmaster@anonymitaet-im-inter.net designates 78.31.67.164 as permitted sender) smtp.mail=mixmaster@anonymitaet-im-inter.net
Received: by anonymitaet-im-inter.net (Postfix, from userid 105)
id 0D35D9E8294; Mon, 13 Sep 2010 03:37:52 +0200 (CEST)
From: Dave U. Random <anonymous@anonymitaet-im-inter.net>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <abuse@anonymitaet-im-inter.net>.
Cc: <REMOVED 5 EMAIL ADDRESSES>
Subject: Please stop spamming newsgroups
Message-ID: <c7364e728c2f2298a1e4dc4aae31a5fb@anonymitaet-im-inter.net>
Date: Mon, 13 Sep 2010 03:37:52 +0200 (CEST)
From: The Usenet <REMOVED EMAIL>
Newsgroups: news.admin.net-abuse.email,news.admin.net-
abuse.usenet
Subject: Re: I HACE CHOCKOLATE FUGE ON MY WINKY
Date: Sat, 11 Sep 2010 23:20:04 -0700 (PDT)
Organization: http://groups.google.com
Lines: 92
Message-ID: <34839352-0514-4d2a-8cf1-
f54eaa0a31be@k30g2000vbn.googlegroups.com>
References: <i6h8l0$ua4$1@speranza.aioe.org>
NNTP-Posting-Host: 108.11.203.231
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
X-Trace: posting.google.com 1284272405 21596 127.0.0.1 (12 Sep
2010 06:20:05 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Sun, 12 Sep 2010 06:20:05 +0000 (UTC)
Complaints-To: groups-abuse@google.com
Injection-Info: k30g2000vbn.googlegroups.com; posting-
host=108.11.203.231; posting-
account=TAGQJwoAAADlMOn7pgNqy3AHM5To5mbq
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-
US; rv:1.9.2.8)
Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729),gzip(gfe)
Yet again this criminal continues to spam NANAE.
This is way off topic for the group it was posted
in as per the group charter.
http://wiki.killfile.org/projects/usenet/nana/charter/nanae/
This was posted via the open news server at
aioe.org. aioe.org requires no authentication
prior to posting so it gets abused by spammers
like this.
09/12/10 00:11:44 dns aioe.org
Mail for aioe.org is handled by mx.aioe.org
Canonical name: aioe.org
Addresses:
94.75.214.39
leaseweb.com terminate all connectivity to aioe.org
till such time as this server is properly
secured where you must authenticate first before
posting is allowed.
http://network-tools.com/default.asp?prog=trace&host=aioe.org
94.75.214.39 is from Netherlands(NL) in region Western Europe
TraceRoute to 94.75.214.39 [aioe.org]
Hop (ms) (ms) (ms) IP Address Host name
1 14 14 6 72.249.128.109 -
2 25 7 11 206.123.64.82 -
3 7 8 18 216.52.189.9 border4.te4-4.colo4dallas-
5.ext1.dal.pnap.net
4 7 6 11 216.52.191.38 core1.tge5-1-bbnet1.ext1.dal.pnap.net
5 10 6 6 208.51.41.57 te6-2-10g.ar4.dal2.gblx.net
6 133 125 123 67.16.138.1 te6-2-10g.ar6.ams2.gblx.net
7 123 130 129 204.245.38.170 -
8 126 127 127 62.212.80.114 te9-2.sr8.evo.leaseweb.net
9 129 124 126 94.75.214.39 newsfeed.aioe.org
Trace complete
Global Crossing you need to contact leaseweb.net and
get them to stop this abuse coming from their customer
if leaseweb.net isn't willing to stop this abuse and
terminate all connectivity to aioe.org immediately
then I expect that you will terminate all connectivity
to them.
gegeweb.org terminate all news feeds to and from
aioe.org till this server is properly secured.
09/12/10 00:18:14 dns obelix.gegeweb.org
Canonical name: obelix.gegeweb.org
Addresses:
91.121.103.138
See that all accounts abused by this spammer
is immediately shut down.
Path: g2news1.google.com!news4.google.com!proxad.net!
feeder1-2.proxad.net!usenet-fr.net!gegeweb.org!aioe.org!not-for-
mail
From: Bamie Jaillie <dork@dorkshado.nul>
Newsgroups: news.admin.net-abuse.email
Subject: I HACE CHOCKOLATE FUGE ON MY WINKY
Date: Sun, 12 Sep 2010 00:59:12 +0000 (UTC)
Organization: Aioe.org NNTP Server
Lines: 4
Message-ID: <i6h8l0$ua4$1@speranza.aioe.org>
NNTP-Posting-Host: bsK1853wkWDPeXaBd6dLmQ.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Complaints-To: abuse@aioe.org
X-Notice: Filtered by postfilter v. 0.8.2
MISTER BINKY WINKY HASE CHAWKOLATE FUGGE ON IT BUT I DONT KNOW
HOW IT
COULD HAVE GOT THERE I DON'T PUT MISTER BINKY WINKY INSIDE NO
CANDY
BARS
OR BAGS OF CANDYS.... CANDYES ARE TO HARD FOR MY MARSH MELLO
MIMBER
WAIT
A MINUTE LET ME TASTE EEEEEEEEWWWWW!!! THAT DOEZENT TASTE LIKE
FUGE!!!
July 24 2008
Some one from news.admin.net-abuse.email
is taking posts from news.admin.net-abuse.email and is mail
bombing my mailbox with them via an anonymous remailer at cyberiade.it
That is just how far these criminals will go to harass me.
I have removed my email addresses from the headers to protect me from
any further abuse. But this spam was sent multiple times to several
accounts including 1 gmail.com account. And as well to my postmaster
and abuse mailbox for this domain. Along with my webmaster account for
my domain and one other email account for my domain.
It was spammed to a total of 5 different mailboxes mulitple times.
Delivered-To: <REMOVED 1 EMAIL ADDRESS>
Received: by 10.90.51.10 with SMTP id y10cs3240agy;
Thu, 24 Jul 2008 19:25:14 -0700 (PDT)
Received: by 10.86.80.5 with SMTP id d5mr1492816fgb.11.1216952713711;
Thu, 24 Jul 2008 19:25:13 -0700 (PDT)
Return-Path: <anonymous@remailer.cyberiade.it>
Received: from remailer.cyberiade.it ([85.18.107.240])
by mx.google.com with ESMTP id 12si4285620fgg.0.2008.07.24.19.25.13;
Thu, 24 Jul 2008 19:25:13 -0700 (PDT)
Received-SPF: neutral (google.com: 85.18.107.240 is neither permitted nor denied by best guess record for domain of anonymous@remailer.cyberiade.it) client-ip=85.18.107.240;
Authentication-Results: mx.google.com; spf=neutral (google.com: 85.18.107.240 is neither permitted nor denied by best guess record for domain of anonymous@remailer.cyberiade.it) smtp.mail=anonymous@remailer.cyberiade.it
Received: (qmail 21601 invoked by uid 290); 25 Jul 2008 05:02:41 +0200
Date: 25 Jul 2008 05:02:41 +0200
From: Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <abuse@remailer.cyberiade.it>.
To:
Cc: <SNIP>
Subject: Abuse originating from 76.68.27.58
Message-ID: <6a91cd0e94378c500fc01c5b71c608e4@remailer.cyberiade.it>
Subject: Re: [Cart00ney] El Tardo joined Level 1
From: "Jamie" <collect@darkshado.ca>
Date: Thu, 24 Jul 2008 09:36:43 -0500
Message-ID: <1216909996_19481@binaries.net>
References: <g692fg$spg$1@ulm.shuttle.de>
Bytes: 2819
Lines: 57
Organization: Nuthinbutnews.com
Path:
border
1.nntp
.dca.g
iganew
s.com!
nntp.g
iganews.com!nx02.iad01.newshosting.com!newshosting.com!news-
out.superfeed.net!sp26iad.superfeed.net!not-for-mail
Newsgroups: news.admin.net-abuse.email
X-Proxy-User: $$__w51yfcwm
X-Newsposter: SurgeNews/WebNews 76.67.93.103
X-Report: Please report illegal or inappropriate use to
<abuse@nuthinbutnews.com>. Forward a copy of ALL headers
INCLUDING the body. (DO NOT SEND ATTACHMENTS)
X-Comments2: IMPORTANT: Nuthinbutnews.com does not
condone,support,nor tolerate spam, any illegal or copyrighted
postings or activity through this network.
X-Comments: This message was posted through Nuthinbutnews.com
X-Original-Bytes: 2602
X-Original-Lines: 70
Group:
From: use-reply-to-mail-me@remove-this.com (Claus v. Wolfhausen)
Subject: [Cart00ney] El Tardo joined Level 1
Date: Thu, 24 Jul 2008 05:03:44 +0000 (UTC)
See: http://www.uceprotect.net/en/rblcheck.php?ipr=76.68.27.58
and http://www.uceprotect.org/cart00neys/2008-002.html
--
Claus von Wolfhausen
UCEPROTECT-Projektleitung
http://www.uceprotect.net
Fuck off Claus that listing is bogus and is nothing more then
a BULLSHIT listing.
You are a real piece of shit Claus you fucking nazi. Should know
better then to ever trust a German.
There also was NO spam that came from that IP again this is
nothing
more then a spite listing by Claus.
Also he refers to the kooky site setup by Brozny which is
full of nothing but lies and none of the information there is
correct. You just happen to be running one of
these little hate sites about me and I happened to send
a complaint about it then the very next day I am listed on
UCEPROTECT.NET. What a bullshit listing that is.
Do you even know what spam even is? because this was
NOT spam.
http://www.spamhaus.org/definition.html
A message is Spam only if it is both Unsolicited and Bulk.
-Unsolicited Email is normal email
(examples: first contact enquiries, job enquiries, sales
enquiries)
-Bulk Email is normal email
(examples: subscriber newsletters, customer communications,
discussion lists)
Claus you have no clue how to fucking run a block list.
Do you even know what the definition of spam really is
Claus when it comes to email?
The email that you have posted there is NOT spam
and definately not a cartooney like you try and claim.
Nor do I even see that IP anywhere in the headers
of that email that you listed. You are a JOKE Claus you have
no clue on how to run a block list and I demand that this
false listing be removed immediately.
Jamie
June 2008
It appears that the latest thing for the criminals from the newsgroup
news.admin.net-abuse.email to do is to flood my mailbox from multiple
anonymous remailers.
I woke up to find over 300 messages like this in my mailbox from
various remailers making threats towards me.
I don't even know who this is and definately did not make any threats
towards this individual. It appears to be yet another one of the
NANAE spammers who has gone off their meds again.
Now I have removed my email addresses from the headers to protect me
from being spammed any further.
This was spammed from the following remailers:
- remailer.privacy.at
- rip.ax.lt
- anonymitaet-im-inter.net
- remailer.paranoici.org
X-EMS: wait 10s Return-path: <> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on gateway.home.darkshado.ca X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=AWL,BAYES_50,MISSING_HEADERS autolearn=no version=3.2.5 Envelope-to: <REMOVED EMAIL> Delivery-date: Wed, 07 Jul 2010 10:25:56 -0400 Received: from maple.maplehost.net [209.44.103.46] by gateway.home.darkshado.ca with POP3 (fetchmail-6.3.9-rc2) for <darkshad@localhost> (single-drop); Wed, 07 Jul 2010 10:28:57 -0400 (EDT) Received: from ip99.internet-security.at ([212.124.142.99] helo=remailer.privacy.at) by maple.maplehost.net with esmtp (Exim 4.69) id 1OWVZT-0004g2-Pg for <REMOVED EMAIL ADDRESS>; Wed, 07 Jul 2010 10:25:55 -0400 Received: from localhost (localhost [127.0.0.1]) by remailer.privacy.at (Postfix) with ESMTP id B64EA7F4D5 for <REMOVED EMAIL>; Wed, 7 Jul 2010 16:25:55 +0200 (CEST) From: "Anonymous Remailer (austria)" <mixmaster@remailer.privacy.at> Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at <abuse [at] remailer.privacy.at>. Cc: <REMOVED EMAIL ADDRESSES> Subject: news.admin.net-abuse.email Message-ID: <27304bb9a4d457b286fbe6185aab56e3@remailer.privacy.at> Date: Wed, 7 Jul 2010 16:25:55 +0200 (CEST) X-Antivirus: AVG for E-mail 9.0.839 [271.1.1/2987] X-Antispam: NO; Spamcatcher 6.0.4. Score 1 Don't you dare threaten me you little worm. You know I only live down the road from you.
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
gateway.home.darkshado.ca
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_50,MISSING_HEADERS
autolearn=no version=3.2.5
Delivered-To: <REMOVED EMAIL ADDRESS>
Received: from gmail-pop.l.google.com [74.125.95.109]
by gateway.home.darkshado.ca with POP3 (fetchmail-6.3.9-rc2)
for <darkshad@localhost> (single-drop); Wed, 07 Jul 2010 09:04:00 -0400 (EDT)
Received: by 10.216.180.9 with SMTP id i9cs121894wem;
Wed, 7 Jul 2010 05:57:51 -0700 (PDT)
Received: by 10.216.231.73 with SMTP id k51mr913106weq.5.1278507470713;
Wed, 07 Jul 2010 05:57:50 -0700 (PDT)
Return-Path: <mixmaster [at] rip.ax.lt>
Received: from rip.ax.lt (rip.ax.lt [188.165.45.229])
by mx.google.com with ESMTP id p22si1017255wej.99.2010.07.07.05.57.46;
Wed, 07 Jul 2010 05:57:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of mixmaster [at] rip.ax.lt designates 188.165.45.229 as permitted sender) client-ip=188.165.45.229;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of mixmaster@rip.ax.lt designates 188.165.45.229 as permitted sender) smtp.mail=mixmaster [at] rip.ax.lt
Received: by rip.ax.lt (Postfix, from userid 111)
id 42A367F9F9; Wed, 7 Jul 2010 14:57:46 +0200 (CEST)
From: Anne Onime <anonymous@rip.ax.lt>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <abuse [at] rip.ax.lt>.
Cc: <REMOVED EMAIL ADDRESSES>
Subject: news.admin.net-abuse.email
Message-ID: <27304bb9a4d457b286fbe6185aab56e3@rip.ax.lt>
Date: Wed, 7 Jul 2010 14:57:46 +0200 (CEST)
X-Antivirus: AVG for E-mail 9.0.839 [271.1.1/2987]
X-Antispam: NO; Spamcatcher 6.0.4. Score 1
Don't you dare threaten me you little worm. You know I only live
down the road from you.
Return-path: <mixmaster@anonymitaet-im-inter.net>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
gateway.home.darkshado.ca
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_50,MISSING_HEADERS
autolearn=no version=3.2.5
Envelope-to: <REMOVED EMAIL ADDRESS>
Delivery-date: Wed, 07 Jul 2010 07:40:35 -0400
Received: from maple.maplehost.net [209.44.103.46]
by gateway.home.darkshado.ca with POP3 (fetchmail-6.3.9-rc2)
for <darkshad@localhost> (single-drop); Wed, 07 Jul 2010 07:43:55 -0400 (EDT)
Received: from mail.anonymitaet-im-inter.net ([78.31.67.164] helo=anonymitaet-im-inter.net)
by maple.maplehost.net with esmtp (Exim 4.69)
(envelope-from <mixmaster@anonymitaet-im-inter.net>)
id 1OWSzT-0001Xu-8F
for <REMOVED EMAIL>; Wed, 07 Jul 2010 07:40:35 -0400
Received: by anonymitaet-im-inter.net (Postfix, from userid 105)
id 242549E8293; Wed, 7 Jul 2010 13:40:38 +0200 (CEST)
From: Dave U. Random <anonymous@anonymitaet-im-inter.net>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <abuse [at] anonymitaet-im-inter.net>.
Cc: <REMOVED EMAIL ADDRESSES>
Subject: news.admin.net-abuse.email
Message-ID: <27304bb9a4d457b286fbe6185aab56e3@anonymitaet-im-inter.net>
Date: Wed, 7 Jul 2010 13:40:38 +0200 (CEST)
X-Antivirus: AVG for E-mail 9.0.839 [271.1.1/2987]
X-Antispam: NO; Spamcatcher 6.0.4. Score 1
Don't you dare threaten me you little worm. You know I only live
down the road from you.
ecn.org
Delivered-To: <REMOVED>
Received: by 10.213.112.141 with SMTP id w13cs51806ebp;
Tue, 6 Jul 2010 23:01:04 -0700 (PDT)
Received: by 10.227.157.201 with SMTP id c9mr4511924wbx.20.1278482464556;
Tue, 06 Jul 2010 23:01:04 -0700 (PDT)
Return-Path: <mixmaster@ecn.org>
Received: from www.ecn.org (isole.ecn.org [89.96.89.204])
by mx.google.com with ESMTP id y38si525374weq.140.2010.07.06.23.01.01;
Tue, 06 Jul 2010 23:01:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of mixmaster@ecn.org designates 89.96.89.204 as permitted sender) client-ip=89.96.89.204;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of mixmaster@ecn.org designates 89.96.89.204 as permitted sender) smtp.mail=mixmaster@ecn.org
Received: by www.ecn.org (Postfix, from userid 108)
id B55951A7A58; Wed, 7 Jul 2010 08:01:00 +0200 (CEST)
From: Anonymous <cripto@ecn.org>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <cripto_abuse [at] ecn.org>.
Cc: <REMOVED EMAIL ADDRESSES>
Subject: news.admin.net-abuse.email
Message-Id: <20100707060100.B55951A7A58@www.ecn.org>
Date: Wed, 7 Jul 2010 08:01:00 +0200 (CEST)
Don't you dare threaten me you little worm. You know I only live
down the road from you.
Return-path: <mixmaster@remailer.paranoici.org>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
gateway.home.darkshado.ca
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_50,MISSING_HEADERS
autolearn=no version=3.2.5
Envelope-to: <REMOVED EMAIL ADDRESS>
Delivery-date: Wed, 07 Jul 2010 01:39:49 -0400
Received: from maple.maplehost.net [209.44.103.46]
by gateway.home.darkshado.ca with POP3 (fetchmail-6.3.9-rc2)
for <darkshad@localhost> (single-drop); Wed, 07 Jul 2010 01:40:56 -0400 (EDT)
Received: from fog.investici.org ([92.243.11.205] helo=remailer.paranoici.org)
by maple.maplehost.net with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from <mixmaster@remailer.paranoici.org>)
id 1OWNML-00026z-Fv
for <REMOVED EMAIL ADDRESS>; Wed, 07 Jul 2010 01:39:49 -0400
Received: by remailer.paranoici.org (Postfix, from userid 105)
id 1E9A226971; Wed, 7 Jul 2010 05:22:31 +0000 (UTC)
From: Anonymous <nobody@remailer.paranoici.org>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <abuse [at] remailer.paranoici.org>.
Cc: <REMOVED EMAIL ADDRESSES>
Subject: news.admin.net-abuse.email
Message-ID: <27304bb9a4d457b286fbe6185aab56e3@remailer.paranoici.org>
Date: Wed, 7 Jul 2010 05:22:31 +0000 (UTC)
X-Antivirus: AVG for E-mail 9.0.839 [271.1.1/2986]
X-Antispam: NO; Spamcatcher 6.0.4. Score 1
Don't you dare threaten me you little worm. You know I only live
down the road from you.
