Keygrip,
Here is the result of a WHOIS search on ATTBI:
Organization:
AT&T Corp.
Corporate Administrator
32 Avenue of the Americas
New York, NY 10013
US
Phone: 908-221-5578
Fax..: 908-221-5581
Email:
[email protected]
Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com
Domain Name: ATTBI.COM
Created on..............: Tue, Oct 02, 2001
Expires on..............: Sat, Oct 02, 2004
Record last updated on..: Sun, Nov 30, 2003
Administrative Contact:
Comcast
Domain Admin
183 Inverness Drive West
Englewood, CO 80112
US
Phone: 1-888-565-4329
Fax..: 720-267-2802
Email:
[email protected]
Technical Contact:
Comcast
Domain Tech
183 Inverness Drive West
Englewood, CO 80112
US
Phone: 1-888-565-4329
Fax..: 720-267-2802
Email:
[email protected]
Zone Contact:
Comcast
Domain Tech
183 Inverness Drive West
Englewood, CO 80112
US
Phone: 1-888-565-4329
Fax..: 720-267-2802
Email:
[email protected]
Domain servers in listed order:
NS2.ATTBI.COM 216.148.227.68
NS.ATTBI.COM 204.127.198.4
NS6.ATTBI.COM 63.240.76.4
NS5.ATTBI.COM 204.127.202.4
It doens't necessarily follow that attbi.com is the source of the Spam - it could be a domain name hijack.
"One of the most popular generic form-to-email scripts in use today is FormMail. Unfortunately, most versions of this script contain security loopholes which allow bulk emailers to hijack a third-party's FormMail script in order to send out any number of messages. When this happens, the innocent third party appears to be the sender of the messages and gets all of the blame.
Bulk emailers actively probe web sites all around the world, looking for insecure FormMail scripts to exploit."
The last is a quote from obliquity.com (http://www.obliquity.com/computer/spambait/) - an interesting website with a pretty robust position on spam!
HTH
SD