On Fri, 2 May 1997 21:51:20 -0400, PPCD <[log in to unmask]> wrote:
>Our listserv received something from a "rogue site" that allows email
>addresses with any email address you want. We phoned (voiced) the contacts
>for the site and got nothing. We tried filtering the site in the filter
>and it still got through. Look at this:
>
>Received: from ucsd.com (ucsd.com [207.87.178.65])
>           by techunix.technion.ac.il
>          (8.8.5/8.6.10) with ESMTP id XAA13590 for
>          Received: (from nobody@localhost) by ucsd.com <-----
>           (8.8.5/8.6.12) id QAA07946; Fri,
>          2 May 1997 16:47:36 -0400 (EDT)
>Message-ID:  <[log in to unmask]><-----------
>Date:         Fri, 2 May 1997 16:47:36 -0400
>From: <********@MAIL.COIN.MISSOURI.EDU> <---- not the REAL poster
>Subject:      Re: *****************
>X-Status: A
>
>       -------------
>They allowed this person to use the name and email address
>of 6 of the list users which sent some pretty disgusting posts.
>
>Whois produced this:
>
>AJ Wilson (UCSD2-DOM)
>   PO Box 611
>   La Jolla, CA 92038
>   US
>
>   Domain Name: UCSD.COM
>
>   Administrative Contact:
>      Wilson, Anthony  (AW628)  [log in to unmask]
>      619.454.5444
>   Technical Contact, Zone Contact:
>      Administrator, Domain  (DA550)  [log in to unmask]
>      1 412 681 6932
>
>   Domain servers in listed order:
>
>   NS3.PAIR.COM                 207.86.128.15
>   NS0.NS0.COM                  207.87.178.7
>
>They never answer emails and they do not have real people at the site.
>I would appreciate any ideas. We DID filter this domain in FILTER
>but you see this abuser posted as another domain that was not his.

A "TraceRoute" of the IP-packets to 'UCSD.COM' reveals:

   9  mae-west-nap.SanFrancisco.mci.net (204.70.1.14)
  10  mae-west.digex.net (198.32.136.60)
  11  sjc1-core1-h1-0.atlas.digex.net (165.117.50.46)
  12  oma1-core1-h8-0.atlas.digex.net (165.117.50.17)
  13  ord1-core1-h8-0.atlas.digex.net (165.117.50.13)
  14  dtw1-core1-h8-0.atlas.digex.net (165.117.50.9)
  15  cvg1-core1-h8-0.atlas.digex.net (165.117.50.5)
  16  pit1-core1-h1-0.atlas.digex.net (165.117.50.2)
  17  pair-t1a.pair.net (207.87.178.1)
  18  ucsd.com (207.87.178.65)

So, 'UCSD.COM' (coincidentally?? similar to 'UCSD.EDU' in the same area)
gets their connectivity from 'PAIR.NET'.

Checking the WWW-server for 'PAIR.NET', I found the page at:

   http://support.pair.com/policy/security.html

which states:

  Use of pair Networks services to engage in any type of fraud,
  "cracking", malicious behavior, or harrassment is expressly forbidden.
  Interference with the proper operation of systems reachable via the
  Internet is forbidden.  Compliance with the acceptable use policies of
  any network or system with which you connect through our service is
  required.  Forging e-mail, Usenet postings, or other messages is forbidden.
  Trafficking in pirated software is forbidden.  Port scanning or the use of
  similar tools is forbidden.

  If inappropriate activity is detected, all accounts of the user in
  question will be deactivated until the investigation is complete.  Prior
  notification to the user is not assured.  In extreme cases, law enforcement
  will be contacting regarding the activity.

  ... <<SNIP>> ...

  This policy simply requires that you use your accounts responsibly.
  Breaking into other systems, trying to break into ours, forging messages,
  swapping games with your friends - all of this is illegal and inappropriate
  for our userbase of Internet professionals.

  Because of the potential legal and technical risks these activities can
  present to our service, we deactivate first, and ask questions later.  This
  is necessary to protect our service for all customers.


So, I suggest that you have a "talk" with the administrators of PAIR NETWORKS,
and indicate the policy-violations with respect to 'UCSD.COM'.