Overview

I have been being bombareded by spam e-mail recently (and hasn't everybody?) by a marketing firm called I-Entry. Their unsubscribe feature of their 'Newsletters' *Cough*Cheap_Advertising*cough* doesn't work. I've tried the unsubscribe three times and ended up getting three times the amount of spam =[

So I figured I'd do a bit of digging and send someone a dirty letter! This may turn into a tutorial on how to get corporate spammers to take you off their mailing lists - and then again it might end up as a tutorial on how to get a corporate spammer to send you a nice email telling you to f'ck off. Only time will tell =]

Finding the Culprits

The whois information shown below was found using the NetCat application by Hobbit, which T1 wrote a first class tutorial on here:
http://www.antionline.com/showthread...hreadid=231562

E:\WINNT>nslookup www.i-entry.com
Server: ns1.talk-101.com
Address: 195.8.181.10

Name: www.i-entry.com
Address: 161.58.178.209


E:\WINNT>nc whois.arin.net 43
161.58.178.209
Verio, Inc. (NET-VRIO-161-058)
8005 South Chester Street
Englewood, CO 80112
US

Netname: VRIO-161-058
Netblock: 161.58.0.0 - 161.58.255.255
Maintainer: VRIO

Coordinator:
Verio, Inc. (VIA4-ORG-ARIN) vipar@verio.net
303.645.1900

Domain System inverse mapping provided by:

NS0.VERIO.NET 129.250.15.61
NS1.VERIO.NET 204.91.99.140
NS2.VERIO.NET 129.250.31.190

********************************************
Reassignment information for this block is
available at rwhois.verio.net port 4321
********************************************

Record last updated on 26-Sep-2001.
Database last updated on 8-Jul-2002 20:01:39 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

E:\WINNT>nc rwhois.verio.net 4321
%rwhois V-1.5:0078b6:00 rwhois.verio.net (Vipar 0.1a. Comments to vipar@verio.ne
t)
161.58.178.209

network:Class-Name:network
network:Auth-Area:161.58.176.0/20
network:ID:NETBLK-AWH-161-058-178-209.127.0.0.1/32
network:Handle:NETBLK-AWH-161-058-178-209
network:Network-Name:AWH-161-058-178-209
network:IP-Network:161.58.178.209/32
network:In-Addr-Server;I:NS931-HST.127.0.0.1/32
network:In-Addr-Server;I:NS1829-HST.127.0.0.1/32
network:In-Addr-Server;I:NS4208-HST.127.0.0.1/32
network:IP-Network-Block:161.58.178.209 - 161.58.178.209
network:Org-Name:IHoldings.com, Inc
network:Street-Address:9032 NW 12th Street
network:City:Miami
network:State:FL
network:Postal-Code:33172
network:Country-Code:US
network:Tech-Contact;I:AWHIA4407-VRIO.127.0.0.1/32
network:Created:2001-10-30 12:18:49+00
network:Updated:2001-10-30 12:18:49+00

network:Class-Name:network
network:Auth-Area:161.58.176.0/20
network:ID:NETBLK-W061-161-058-176.127.0.0.1/32
network:Handle:NETBLK-W061-161-058-176
network:Network-Name:W061-161-058-176
network:IP-Network:161.58.176.0/20
network:In-Addr-Server;I:NS931-HST.127.0.0.1/32
network:In-Addr-Server;I:NS1829-HST.127.0.0.1/32
network:In-Addr-Server;I:NS4208-HST.127.0.0.1/32
network:IP-Network-Block:161.58.176.0 - 161.58.191.255
network:Org-Name:Verio Advanced Hosting - Dulles
network:Street-Address:22451 Shaw Rd
network:City:Sterling
network:State:VA
network:Postal-Code:20166
network:Country-Code:US
network:Tech-Contact;I:IA17312-VRIO.127.0.0.1/32
network:Created:2001-03-28 23:26:30+00
network:Updated:2001-03-28 23:26:30+00

%ok
Provoking a reaction

I found an email address on their excuse for a website - I feel a nasty letter is in order

Hi --

I have unsubscribed from all of your mailing lists three times (each time waiting the stated three days) and am still receiving unsolicited and unwanted spam email from yourselves to this email address.

If this does not cease immediately I will be left with no option but to contact MAPS (the Mail Abuse Prevention System - see: http://mail-abuse.org/) and have your IP addresses (161.58.176.0/20) added to RBL (Real Time Black Hole List) list that they maintain. This will block outbound mail relay from your network to any network using the MAPS System.

I will also be forced to contact your service providers, VERIO, to inform them of your activates, because they too will be reported to MAPS unless they prove that their position to spammers is neither friendly nor neutral (normally by discontinuing the service of the spamming network).

Hopefully in the last two paragraphs I have my proved my ability to trace your servers and company information and make such a report. I also hope I have convinced you of my sincerity in this matter. I fervently hope that such a report will not be necessary.
How much of the above I'd get away with, or even be bothered to actually do, is debatable. But hopefully that will provoke a response. I'll keep you all posted as to how this progresses and if I get any response