Do you put public IP addresses on every single device of yours? Or are some devices configured with private ranges for internal movement (public bridghead e-mail vs. internal databases?)
Or is everything internal private, and you simply NAT for public accessible parts. Seeing those addresses in the the e-mail header of an application is not an indication of what is seen out on the 'Net. Just an indication of what that specific device saw. I would guess (hope?) that most, if not all, providers filter the RFC1918 space addresses from entering or leaving their networks unchecked. But just my two cents there... Scott -----Original Message----- From: macbroadcast [mailto:m...@let.de] Sent: Wednesday, December 24, 2008 6:48 AM To: NANOG list Subject: Christmas spam from RESERVED IANA adressblock ? hello ladys and getlepersons just out of curiosity i looked a bit closer into this spammail header, because this company is really annoying and abusing a lot of internet citizens. Anfang der weitergeleiteten E-Mail: > Von: maill...@ualadys.com > Datum: 24. Dezember 2008 12:30:18 MEZ > An: m...@let.de > Betreff: E-Mail For You @ ualadys.com > Return-Path: <www-d...@web1.iispp.com> > Received: from mx2.mail.vrmd.de ([10.0.1.21]) by vm42.mail.vrmd.de > (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA; Wed, 24 Dec > 2008 12:30:25 +0100 > Received: from mx2.iispp.com ([76.74.250.247]) by mx2.mail.vrmd.de > with esmtp (Exim 4.69) (envelope-from <www-d...@web1.iispp.com>) id > 1LFRwW-00011o-DY for m...@let.de; Wed, 24 Dec 2008 12:30:25 +0100 > Received: from web1.iispp.com (w1 [172.16.21.244]) by mx2.iispp.com > (Postfix) with ESMTP id B71CF3504DB for <m...@let.de>; Wed, 24 Dec > 2008 11:30:18 +0000 (UTC) > Received: by web1.iispp.com (Postfix, from userid 33) id A5C7917A405C; > Wed, 24 Dec 2008 06:30:18 -0500 (EST) "Whois" wurde gestartet . OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 172.16.0.0 - 172.31.255.255 CIDR: 172.16.0.0/12 NetName: IANA-BBLK-RESERVED NetHandle: NET-172-16-0-0-1 Parent: NET-172-0-0-0-0 NetType: IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IANA.ORG Comment: This block is reserved for special purposes. Comment: Please see RFC 1918 for additional information. Comment: http://www.arin.net/reference/rfc/rfc1918.txt RegDate: 1994-03-15 Updated: 2007-11-27 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: ab...@iana.org OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: ab...@iana.org # ARIN WHOIS database, last updated 2008-12-23 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. so how is this possible ? merry christmas anyway Marc > X-Sieve: CMU Sieve 2.2 > Envelope-To: m...@let.de > Delivery-Date: Wed, 24 Dec 2008 12:30:25 +0100 > X-Id-From: 1000 > X-Id-To: 238141 > X-Mail-Id: 203714382 > Mime-Version: 1.0 > Content-Type: text/html > Message-Id: <20081224113018.a5c7917a4...@web1.iispp.com> > X-Spam-Suspicion: No > X-Purgate: Clean X-purgate-ID: > 150741::081224123024-0FFB86C0-283E8BDE/0-0/0-1 X-purgate-Ad: For more > information about eXpurgate please visit http://www.expurgate.net/ > > > > > marc, You have new mail > This is to notify you that you have received an E-Mail from > > View Photos > DetailsIrina O #1000 > Subject: Destiny has linked us... > > Date: 24 December 2008 > > To read the message go here: > > PLEASE, DO NOT REPLY TO THIS E-MAIL - FOLLOW THE LINK > > http://www.ualadys.com/view_mail.rpx?hash=a71d2600f032ece232a391296f5f > 071e&mid=203714382&uid=238141 > > Thank you, > ualadys.com Support Team > > Favorites ualadys.com > > 24x7 Call center > > United States > +1 (315) 849-5814 > > United Kigdom > +44 (315) 849-5814 > > Skype support : ualadys > > > > For any question in english > about this site please call: > +1 (212) 226-8900 > Mon-Fri 9:00-16:00 (EST)
