And now I just received this same spam... Indeed it did come through wlug. We could prevent this sort of thing by only allowing subscribers of the list to post to the list. How does everyone feel about that? I usually look up the IP address in the Received line of the most trusted mail server (usually the one closest to the destination, in this case smtp.wpi.edu). Don't rely on the hostname, always use the bracketed IP address, and look it up in the ARIN whois database: Received: from chat.ru ([194.143.190.11]) by smtp.WPI.EDU (8.12.5/8.12.5) with SMTP id g5UB46wx028128
whois 194.143.190.11@whois.arin.net
This reveals that the owner of that IP address isn't in the Americas (ARIN), but in Europe (RIPE), so you have to look it up again. (For Asian hosts look it up again in APNIC, whois.apnic.net):
whois 194.143.190.11@whois.ripe.net
For RIPE hosts, I usually complain to the admin-c: and tech-c: e-mail: addresses: jonr@hedgehognet.co.uk noc@uk.xo.com tc@uk.concentric.com In this case, the e-mail addresses don't look like generic abuse contacts, so I tried abuse@ their domains first: abuse@hedgehognet.co.uk abuse@uk.xo.com abuse@uk.concentric.com (For virus e-mails I use security@domain.) If those bounce, then I'll try the real e-mail addresses. On Sun, Jun 30, 2002 at 10:44:04AM -0400, Gregory Avedissian wrote: avedis> Return-Path: wlug-admin@mail.wlug.org avedis> Received: from paramount.ind.wpi.edu (root@paramount.ind.WPI.EDU avedis> [130.215.24.199]) by acestes-fe0.ultra.net (8.8.8/ult/n26500/mtc.v2) with avedis> ESMTP id HAA01415; Sun, 30 Jun 2002 07:06:22 -0400 (EDT) avedis> Received: from paramount.ind.WPI.EDU (IDENT:mailman@localhost [127.0.0.1]) avedis> by paramount.ind.wpi.edu (8.11.6/8.11.6) with ESMTP id g5UB1Tn02769; avedis> Sun, 30 Jun 2002 07:01:29 -0400 avedis> Received: from smtp.WPI.EDU (root@smtp.WPI.EDU [130.215.24.62]) avedis> by paramount.ind.wpi.edu (8.11.6/8.11.6) with ESMTP id g5UB0En02743 avedis> for <wlug@mail.wlug.org>; Sun, 30 Jun 2002 07:00:14 -0400 avedis> Received: from chat.ru ([194.143.190.11]) avedis> by smtp.WPI.EDU (8.12.5/8.12.5) with SMTP id g5UB46wx028128 avedis> for <wlug@mail.wlug.org>; Sun, 30 Jun 2002 07:04:07 -0400 (EDT) avedis> Message-Id: <200206301104.g5UB46wx028128@smtp.WPI.EDU>