[Dshield] Spam Problem

Jon R. Kibler Jon.Kibler at aset.com
Mon Jan 12 16:22:01 GMT 2004

Actually, the address is not really reserved for IANA use per se... Rather, it is one of the 3 netblocks specified by RFC 1918 for private address space. (The 3 netblocks being: 192.168/16, 172.16/12, and 10/8.)

When you see an RFC 1918 address as part of a Received: email header, it means that the mail server is a multi-homed system (has multiple network interfaces) and the email originated from a system on the local network of that mail server.

Furthermore, it is not possible for a system with an RFC 1918 address to connect to your system as RFC 1918 addresses are not routable on the Internet. Yes, a host can forge an originating address that is in private address space, but there is no way to send a response back to that host. Thus, you can never complete a TCP connection over the Internet with such a host.

Hope this helps.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

Deb Hale wrote:
> Downeyjrd1 at aol.com
> The IP address that you have referenced is obviously spoofed (faked).  It is
> an IP that is reserved for IANA use.
> Internet Assigned Numbers Authority
> OrgID:      IANA
> Address:    4676 Admiralty Way, Suite 330
> City:       Marina del Rey
> StateProv:  CA
> PostalCode: 90292-6695
> Country:    US
> NetRange: -
> NetHandle:  NET-172-16-0-0-1
> Parent:     NET-172-0-0-0-0
> NetType:    IANA Special Use
> Comment:    This block is reserved for special purposes.
> Comment:    Please see RFC 1918 for additional information.
> Comment:
> RegDate:    1994-03-15
> Updated:    2002-09-12
> OrgAbuseHandle: IANA-IP-ARIN
> OrgAbuseName:   Internet Corporation for Assigned Names and Number
> OrgAbusePhone:  +1-310-301-5820
> OrgAbuseEmail:  abuse at iana.org
> You can try sending an email to the above abuse address and include the
> email you received as an attachment.  Other than that, not much can be done
> at this point.
> Deb
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
> Of Downeyjrd1 at aol.com
> Sent: Sunday, January 11, 2004 5:04 PM
> To: list at dshield.org
> Subject: [Dshield] Spam Problem
> I have been searching through with hopes of locating someone who has partook
> of spoofing my email with disturbing messages.  I am not exactly computer
> savy, however, I have found whomever is responsible to have the IP address
> of
> Did you ever locate who was responsible for your troubles in
> May of
> last year and if so, how did you do it?

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list