[VHFcontesting] Re: Why we ... YADA YADA YADA

Ed K1EP k1ep at mgef.org
Mon Jul 28 17:00:37 EDT 2003 

Well, thanks to David Vondranek, it seems as if the identity of n2xre at usa.com is actually k1ra.

ANDREW R ZWIRKO
12509 RANSOM DR
GLENN DALE MD 20769
USA 

<http://andyz.k8gp.net/>http://andyz.k8gp.net/

So, I ask K1RA, why he needed to use a mail address of "Kip K. n2xre at usa.com"?  Isn't his callsign K1RA, his name Andy Z. and his mail address andyz at sort.net?  Why the need to hide?  To cast aspersions at the competition of K8GP?   

At 02:39 PM 7/28/03 -0500, David Vondrasek wrote:
>At 03:20 PM 7/28/2003 -0400, you wrote:
>>Hey Guys,
>>
>>Welcome to the internet.   It IS a spoof.   Take a look at the 
>>headers and notice the underlined sections:
>
>Let's read the headers the correct way...  comments below.
>
>>>Received: from contesting.com [216.1.128.73] by nt030203-107137 with ESMTP
>>>  (SMTPD32-8.00) id A33DA910020; Mon, 28 Jul 2003 10:54:05 -0700
>>>Received: from dayton.akorn.net (localhost [127.0.0.1])
>>>        by contesting.com (8.12.9/8.12.9) with ESMTP id h6SHsCn5016804;
>>>        Mon, 28 Jul 2003 13:54:16 -0400
>
>Above is correct and no to any concern. It's the lists server.
>
>>>Received: from spf13.us4.outblaze.com (205-158-62-67.outblaze.com
>>>        [205.158.62.67])
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>And just who is Outblaze.com?  A whois search results:
>
>
>Outblaze is a free email service and will NUKE this account
>if complaints are filed. The abuse type God is  Suresh
>and can be contacted via abuse at outblaze.com
>They are NOT at fault.
>
>>So, Kip is routing his email via a company in Hong Kong?  I don't think so.
>
>Well yes he is.. It's a forwarding service.. And perfectly valid..
>Keep going down..
>
>>>        by contesting.com (8.12.9/8.12.9) with ESMTP id h6SHrxn4016564
>>>        for <vhfcontesting at contesting.com>; Mon, 28 Jul 2003 13:53:59 -0400
>>>Received: from 205-158-62-68.outblaze.com (205-158-62-68.outblaze.com
>>>        [205.158.62.68])
>>>        by spf13.us4.outblaze.com (Postfix) with QMQP id 82EC41800770
>>>        for <vhfcontesting at contesting.com>;
>>>        Mon, 28 Jul 2003 17:53:58 +0000 (GMT)
>>>Received: (qmail 88944 invoked from network); 28 Jul 2003 17:53:54 -0000
>>>Received: from unknown (HELO ws1-12.us4.outblaze.com) (205.158.62.81)
>>>  by 205-158-62-153.outblaze.com with SMTP; 28 Jul 2003 17:53:54 -0000
>>>Received: (qmail 94651 invoked by uid 1001); 28 Jul 2003 17:53:52 -0000
>>>Message-ID: <20030728175352.94650.qmail at mail.com>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>Next, we see that the mail originated on another free email service,
>mail.com.
>
>Mail.com *is* Outblaze. They own mail.com as well as several thousand
>other free email redirectors . Still a valid path line..
>
>
>>Using an anonymous mail account routed via hong kong is a typical
>footprint for
>>an email spammer.
>
>Not in this case.. But your right...
>
>>No problem, except the address used in the email is an address on usa.com.
> The
>>mail should have come from an account on a usa.com server.
>
>It did usa.com = outblaze.com = mail.com
>
>The part you DIDN't leave of the header is the TRUE senders Ip address.
>That would be this part at the bottom.
>
>X-Mailer: MIME-tools 5.41 (Entity 5.404)
>Received: from [12.109.148.178] by ws1-12.us4.outblaze.com with http for
>    n2xre at usa.com; Mon, 28 Jul 2003 12:53:51 -0500
>
>the original person is using the Ip of  12.109.148.178 and he gave it to 
>outblaze.com to be forwared. This is the sender..
>
>This belongs to these people
>
>REGUS BUSINESS CENTRE CO REGUS-BU64-148-128 (NET-12-109-148-128-1)
>                                  12.109.148.128 - 12.109.148.191
>
>OrgName:    REGUS BUSINESS CENTRE CO
>OrgID:      RBC-36
>Address:    13800 COPPERMINE ROAD
>City:       HERNDON
>StateProv:  VA
>PostalCode: 20171
>Country:    US
>
>NetRange:   12.109.148.128 - 12.109.148.191
>CIDR:       12.109.148.128/26
>NetName:    REGUS-BU64-148-128
>NetHandle:  NET-12-109-148-128-1
>Parent:     NET-12-0-0-0-1
>NetType:    Reassigned
>Comment:
>RegDate:    2002-05-19
>Updated:    2002-05-19
>
>TechHandle: JS971-ARIN
>TechName:   SMITH, JIM
>TechPhone:  +1-914-304-4147
>TechEmail:  jsmith at regususa.com
>
>Now.. lets see who comes out of the woodwork...
>
>This also matches a previous post
>
>X-Mailer: MIME-tools 5.41 (Entity 5.404)
>Received: from [12.109.148.178] by ws1-12.us4.outblaze.com with http for
>    n2xre at usa.com; Mon, 28 Jul 2003 12:53:51 -0500
>From: "Kip K." <n2xre at usa.com>
>To: vhfcontesting at contesting.com
>Date: Mon, 28 Jul 2003 12:53:51 -0500
>X-Originating-Ip: 12.109.148.178
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>X-Originating-Server: ws1-12.us4.outblaze.com
>Subject: [VHFcontesting] Re: Why we ... YADA YADA YADA
>X-BeenThere: vhfcontesting at contesting.com
>X-Mailman-Version: 2.1
>
>
>Dave
>- I do this for a living folks....
>
>_______________________________________________
>VHFcontesting mailing list
>VHFcontesting at contesting.com
>http://lists.contesting.com/mailman/listinfo/vhfcontesting


CONFIDENTIALITY NOTICE: This message is a PRIVATE communication. This email may 
contain privileged and confidential information intended only for the above-named 
recipient. If you have received this in error and you are not the intended
recipient, you are hereby notified that any use, dissemination, or copying is 
strictly prohibited. In such case, do not read, copy, or use it, and do not disclose 
it to others. Please notify the sender of the delivery error by replying to this
message, and then delete it from your system. Thank you.

More information about the VHFcontesting mailing list