It’s always amazing when looking at large providers who have a referral to an ‘rwhois’ server at ARIN, when that server is not functioning. Makes it hard to identify who operates the server where the spam is originating.
For example..
Found a referral to rwhois.hostnoc.net:4321.
getaddrinfo(rwhois.hostnoc.net): Name or service not known
This is for spam originating from:
Received: from serv54.buscalead.info (HELO serv54.buscalead.info) (184.22.164.54)
Needless to say, the operator has access to DNS, but has no website with contact information.. sending from Return-Path:
Este informativo é enviado de acordo com o “Guia de Boas Maneiras” para e-mail marketing da ABEMD – Associação Brasileira de Marketing Direto.
Needless to say, the activity would break many Anti-Spam laws.