need opinion! is this the right guy?

[csitenet]

Ok, i been searching for AGES for the guy sending @paypal.us spam, finally i got him, he sent over 10,000 yesterday, all were bounced, caught, and here is his ip.

http://www.paypal.us/pp1

He sent alot of people these mails, i take it from dreamhost servers. i have over 9500 bounced mails today...

He sent them IN A HTML FILE, which has a BUILT IN VIRUS, which bouces you in a DIFFRENT site than PAYPAL to login, this is AUTOMATIC and very advanced. it SHOWS paypal.com but it really isn't.

Obviously i will forward this info to paypal, just to make sure is it dreamhost who are hosting this guy or someone else? Please note the link i submited is the log he sent the email that bounced back. (9500 others did the same today)

(just to add a note i own paypal.us ! incase people wonder why i submitted this)

hmm, found more info!

here is his email patch:

Return-Path: <[email protected]>
Received: from mx25.nyc.untd.com (mx25.nyc.untd.com [10.140.24.85])
        by maildeliver04.lax.untd.com with SMTP id AABBNXWEEALYVSBA
        for <[email protected]> (sender <[email protected]>);
        Tue,  5 Jul 2005 11:25:08 -0700 (PDT)
Received: from faceman.dreamhost.com (faceman.dreamhost.com [205.196.210.16])
        by mx25.nyc.untd.com with SMTP id AABBNXWEDAWCKHEA
        (sender <[email protected]>);
        Tue,  5 Jul 2005 11:25:07 -0700 (PDT)
Received: from User (unknown [219.166.243.77])
        by faceman.dreamhost.com (Postfix) with ESMTP
        id 124EE111DB3; Tue,  5 Jul 2005 11:24:21 -0700 (PDT)
Reply-To: <[email protected]>
From: "[email protected]" <[email protected]>
Subject: Resolution Center: Your PayPal account is limited.
Date: Tue, 5 Jul 2005 13:24:51 -0500
MIME-Version: 1.0
Content-Type: text/html;
        charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <[email protected]>
To: undisclosed-recipients:;
X-ContentStamp: 3:4:1059778712
X-MAIL-INFO:
1c25a121ed3175613d1d11ed49cd75e13558995c5c89cdf5ad5d05d1ed98380dd191e9e919cce5b17de57d00017d212dd8099ca12dc588ec09711c4cf1ac8ca5d578e11c8c25b89c55b18d11b9ed05a8110511d118115c5c95b109e895995885d8390175998db8483ccd3d
X-UNTD-Peer-Info:
205.196.210.16|faceman.dreamhost.com|faceman.dreamhost.com|[email protected]
X-UNTD-UBE: -1
X-SA-Poll-Id:
1120587908.640391.21129.5518450.maildeliver04.lax.untd.com,S=5855..1..1120587891000
X-SA-USERIDNR: 460415
Received-SPF: none(paypal.us: paypal.us does not designate permitted sender hosts)

 

[slavahosting]

yup e-mail was sent from a server with hostname faceman.dreamhost.com. Dreamhost is hosting this guy.

 

[csitenet]

Its very clear dreamhost DO NOT monitor their hosting servers at all, its impossible it could have gone unnoticed from a server admin who would have monitored the servers, SO MANY HAVE been sent out this week, it exceeds well over 200,000 by my count.... and after 9 hours of emailing them i am still awaiting a reply!

 

[Anthony Ng]

Its very clear dreamhost DO NOT monitor their hosting servers at all, its impossible it could have gone unnoticed from a server admin who would have monitored the servers, SO MANY HAVE been sent out this week, it exceeds well over 200,000 by my count....

As far as I know, DreamHost is run by a bunch of VERY server-savvy geeks, and I *doubt* that something of that scale could have gone through one of their servers without them noticing for more than a couple of days (although today is only Tuesday, and Monday was July 4th).

 

[csitenet]

Hmmm... i got a nice little reply from them ^^

Thanks for the heads-up. We were able to identify the customer in
question, and have disabled the account. If you have any other questions
or concerns, please let us know.