Vintners.net "spam" management
(Page last updated: 15-Apr-2003)
When you get spam email, there's really not much that's worth doing,
except to hit the delete button. You can spend as much of your life
as you wish fighting back, but due to the non-validated nature of the
SMTP protocol, there's just not much that can be done. My
recommendation is to not even walk down that frustrating path --
however, if you're determined, here's some starting points.
Homework: Start by looking very carefully at the FULL HEADERS
of a legitimate email from a friend. Get to know the order of the
email flow to you -- your upstream ISP's "Received:" line and perhaps
any intermediate for you domain, eg. Vintners.Net.
Everything keys on the first hop that you don't recognize
from a legitimate email.
- Look very carefully at the full headers. Any line added by
'sendmail' will have the "claimed" sender system's name, the
"looked up" sender system's name, and it's IP address.
- If the "looked up" system name is one of the "big guys", they will
be equipped to handle this. Forward the email, unchanged and
complete, INCLUDING THE COMPLETE HEADERS, to
- If you send email to the appropriate "abuse" address, and it
bounces, try the that same domain's "postmaster" address.
- If the "postmaster" address fails (returns a Non-delivarble
notice) you can help save the world from further garbage
by this cretin:
- If you are considering using a blocklist for email spam
protection, I strongly encourage using rfc-ignorant. In
a nutshell, it puts teeth into the policies of the Internet -- if
the sender plays by the rules, they're welcome; if they don't play
by the rules, we won't deal with them. All they have to do to get
un-blocklisted, is to update their public configuration to reflect
legitimate information -- to play by the
- If there are multiple hops, and the first one you don't recognize
is not the last, this may be an "open relay". Visit
Here you can add the open relays address to the worldwide
database. This is an extremely effective tool -- Vintners.Net is
a subscriber to MAPS, thus by doing this you are immediately
protecting yourself from this cretin, as well as protecting the
rest of the world from them.
- You can look up more information about the sender by their IP
address. A sample run using a (legitimate) attbi mail exchanger
brix:~] telnet whois.arin.net 43
Connected to whois.arin.net.
Escape character is '^]'.
AT&T WorldNet Services ATTPLS (NET-204-127-0-0-1)
184.108.40.206 - 220.127.116.11
AT&T Consumer IP Services ATT-ASP2 (NET-204-127-202-0-1)
18.104.22.168 - 22.214.171.124
# ARIN Whois database, last updated 2002-12-07 20:00
# Enter ? for additional hints on searching ARIN's Whois database.
Connection closed by foreign host.
- Advice: Don't reply to "reply to be opt out" or visit "opt out"
pages unless it's a reputable corporation. Sleazeballs typically
use these as a mechanism to harvest additional email addresses to
add to spam lists. You can try this experiment
yourself -- make up a bogus email address that does go
to you, but that can be shut off, and enter it into one of those
pages. Within days it will start to receive spam and you'll have
to shut it off.
- Sending nasty email to anybody will achieve nothing. Just hit
Copyright © 1997-2017
(running on host vinifera)