-----Original Message----- From: Bill Landry [mailto:billl@pointshare.com] Sent: Tuesday, August 24, 2004 2:28 PM To: SURBL Discussion list Subject: [SURBL-Discuss] FP in WS & DS?
This is from a US Bank newsletter, and I have confirmed via whois that US Bank does own the domain in question:
usbank-email.MUNGEDcom
The sending IP address is not listed in any RBL/RHSBLs:
http://www.dnsstuff.com/tools/ip4r.ch?ip=192.168.40.122
Looks like a legitimate, subscription based, US Bank newsletter.
Bill
We aren't seeing eye to eye today bill :)
207.189.106.22 not the reserved IP you listed.
I see it as 4at1.com who is also:
00123.com 1nc002.com 1nc012.com 1nc022.com 4at1.com 4at2.com 4at2.net 4at5.net
#Once ONCE (NET-207-189-106-0-1) 207.189.106.0 - 207.189.106.255 Empire Communications FORTIX-NET (NET-207-189-96-0-1) 207.189.96.0 - 207.189.127.255
Registrant: #once.com (4AT3-DOM) 309 SW Sixth Avenue, Suite 900 Portland, OR 97204 US
Domain Name: 4AT1.COM
Administrative Contact: #once.com (DB3242-ORG) billing#ONCE.COM 309 SW 6TH AVE STE 900 PORTLAND, OR 97204-1765 US 503-241-4185 fax: 503-241-4279
Technical Contact: #Once.com (AS3215-ORG) sysadmin#ONCE.COM 309 SW Sixth Avenue Suite 900 PORTLAND, OR 97204 US 5032414185 fax: 5032414279
Record expires on 28-Dec-2006. Record created on 28-Dec-1999. Database last updated on 24-Aug-2004 14:46:25 EDT.
Domain servers in listed order:
NS.ONCE.COM 207.189.106.105 NS2.ONCE.COM 207.189.106.108 NS3.ONCE.COM 207.162.212.83
--Chris
----- Original Message ----- From: "Chris Santerre" csanterre@merchantsoverseas.com
This is from a US Bank newsletter, and I have confirmed via whois that US Bank does own the domain in question:
usbank-email.MUNGEDcom
The sending IP address is not listed in any RBL/RHSBLs:
http://www.dnsstuff.com/tools/ip4r.ch?ip=192.168.40.122
Looks like a legitimate, subscription based, US Bank newsletter.
We aren't seeing eye to eye today bill :)
207.189.106.22 not the reserved IP you listed.
Yep, I corrected that in my last e-mail.
I see it as 4at1.com who is also:
00123.com 1nc002.com 1nc012.com 1nc022.com 4at1.com 4at2.com 4at2.net 4at5.net
#Once ONCE (NET-207-189-106-0-1) 207.189.106.0 - 207.189.106.255 Empire Communications FORTIX-NET (NET-207-189-96-0-1) 207.189.96.0 - 207.189.127.255
Why would it matter who assigned US Bank the address space, or who else they assigned address space to? The IP address US Bank is using in not listed in any RBL/RHSBLs, and the bottom line is that the newsletter, and the company distributing it, are quite obviously both legitimate. What else matters...?
Bill
----- Original Message ----- From: "Bill Landry" billl@pointshare.com To: "'SURBL Discussion list'" discuss@lists.surbl.org Sent: Tuesday, August 24, 2004 9:05 PM Subject: Re: [SURBL-Discuss] FP in WS & DS?
----- Original Message ----- From: "Chris Santerre" csanterre@merchantsoverseas.com
This is from a US Bank newsletter, and I have confirmed via whois that US Bank does own the domain in question:
usbank-email.MUNGEDcom
The sending IP address is not listed in any RBL/RHSBLs:
http://www.dnsstuff.com/tools/ip4r.ch?ip=192.168.40.122
Looks like a legitimate, subscription based, US Bank newsletter.
We aren't seeing eye to eye today bill :)
207.189.106.22 not the reserved IP you listed.
Yep, I corrected that in my last e-mail.
I see it as 4at1.com who is also:
00123.com 1nc002.com 1nc012.com 1nc022.com 4at1.com 4at2.com 4at2.net 4at5.net
#Once ONCE (NET-207-189-106-0-1) 207.189.106.0 - 207.189.106.255 Empire Communications FORTIX-NET (NET-207-189-96-0-1) 207.189.96.0 - 207.189.127.255
Why would it matter who assigned US Bank the address space, or who else
they
assigned address space to? The IP address US Bank is using in not listed
in
any RBL/RHSBLs, and the bottom line is that the newsletter, and the
company
distributing it, are quite obviously both legitimate. What else
matters...?
Bill,
Not every spammer HAS to be in a RBL... every mail a spammer sends is legitimate. (except for Chris_looking_for_car_keys )
May I suggest you use http://openrbl.org for your lookups.
eg: http://openrbl.org/ip/207/189/106/22.htm
world looks a different colour there...
I got about 400 of those US bank legitimate messages all directed to german speaking users, among them 200 pupils of a hearing impaired school. Wanna tell ME they subscribed to that #@*/$àöç
my 2 cents
Alex
----- Original Message ----- From: "Alex Broens" surbl@alexb.ch
Bill,
Not every spammer HAS to be in a RBL... every mail a spammer sends is legitimate. (except for Chris_looking_for_car_keys )
May I suggest you use http://openrbl.org for your lookups.
eg: http://openrbl.org/ip/207/189/106/22.htm
world looks a different colour there...
Maybe it's time to reevaluate your testing sources. I have taken on the challenge to manually test all of the RBLs that I know of that were listed on the openrbl.org site that it claims have the US Bank IP address listed, and none (NOT ONE) of them currently has the IP address listed:
[billl@mgw1 billl]$ dig 22.106.189.207.dnsbl.ahbl.org +short [billl@mgw1 billl]$ dig 22.106.189.207.block.blars.org +short [billl@mgw1 billl]$ dig 22.106.189.207.cbl.abuseat.org +short [billl@mgw1 billl]$ dig 22.106.189.207.unconfirmed.dsbl.org +short [billl@mgw1 billl]$ dig 22.106.189.207.blackholes.five-ten-sg.com +short [billl@mgw1 billl]$ dig 22.106.189.207.blackholes.intersil.net +short [billl@mgw1 billl]$ dig 22.106.189.207.dnsbl.njabl.org +short [billl@mgw1 billl]$ dig 22.106.189.207.no-more-funn.moensted.dk +short [billl@mgw1 billl]$ dig 22.106.189.207.relays.ordb.org +short [billl@mgw1 billl]$ dig 22.106.189.207.psbl.surriel.com +short [billl@mgw1 billl]$ dig 22.106.189.207.ipwhois.rfc-ignorant.org +short [billl@mgw1 billl]$ dig 22.106.189.207.sbl.csma.biz +short [billl@mgw1 billl]$ dig 22.106.189.207.dnsbl.sorbs.net +short [billl@mgw1 billl]$ dig 22.106.189.207.blacklist.spambag.org +short [billl@mgw1 billl]$ dig 22.106.189.207.bl.spamcop.net +short [billl@mgw1 billl]$ dig 22.106.189.207.map.spam-rbl.com +short [billl@mgw1 billl]$ dig 22.106.189.207.spews.dnsbl.net.au +short [billl@mgw1 billl]$ dig 22.106.189.207.blackholes.uceb.org +short
I got about 400 of those US bank legitimate messages all directed to
german
speaking users, among them 200 pupils of a hearing impaired school. Wanna tell ME they subscribed to that #@*/$àöç
And you know for a fact that they did not subscribe to the newsletter? I am a US Back customer and I have never received their newsletter (and they certainly have my e-mail address since I do online banking with them) until just now, when I subscribed to it for testing purposes.
my 2 cents
Worthless, unless you are willing to back it up with real data and real results.
Bill
Hi!
And you know for a fact that they did not subscribe to the newsletter? I am a US Back customer and I have never received their newsletter (and they certainly have my e-mail address since I do online banking with them) until just now, when I subscribed to it for testing purposes.
I am not a customer, heck, i dont even know that US bank at all, but i have at least 10 fresh ones in my spamtrap, on never used domains/address combinations. They are a known fishing target.
Try google on usbank and spam...
Bye, Raymond.
----- Original Message ----- From: "Raymond Dijkxhoorn" raymond@prolocation.net
And you know for a fact that they did not subscribe to the newsletter?
I am
a US Back customer and I have never received their newsletter (and they certainly have my e-mail address since I do online banking with them)
until
just now, when I subscribed to it for testing purposes.
I am not a customer, heck, i dont even know that US bank at all, but i have at least 10 fresh ones in my spamtrap, on never used domains/address combinations. They are a known fishing target.
No one is disputing that, certainly not me, since I report US Bank phishing e-mails to PH almost daily. However, don't confuse these phishing e-mails with "legitimate", subscription based, e-mails coming directly from US Bank. Remember, they are a legitimate, national banking institution and have a right to send out legitimate e-mail newsletters to their subscribers without having them unnecessarily and erroneously blocked.
Would you dispute this?
Bill
On Tuesday, August 24, 2004, 3:15:16 PM, Bill Landry wrote:
----- Original Message ----- From: "Raymond Dijkxhoorn" raymond@prolocation.net
And you know for a fact that they did not subscribe to the newsletter?
I am
a US Back customer and I have never received their newsletter (and they certainly have my e-mail address since I do online banking with them)
until
just now, when I subscribed to it for testing purposes.
I am not a customer, heck, i dont even know that US bank at all, but i have at least 10 fresh ones in my spamtrap, on never used domains/address combinations. They are a known fishing target.
No one is disputing that, certainly not me, since I report US Bank phishing e-mails to PH almost daily. However, don't confuse these phishing e-mails with "legitimate", subscription based, e-mails coming directly from US Bank. Remember, they are a legitimate, national banking institution and have a right to send out legitimate e-mail newsletters to their subscribers without having them unnecessarily and erroneously blocked.
Would you dispute this?
So bottom line: is usbank-email.com legitimate and being mentioned in a phish? Does the phish actually direct victims to a different site?
Jeff C.