QUOTE(Kevin @ Thu 10th December 2009, 2:28pm)
Here's the relevant lookup:
QUOTE
; <<>> DiG 9.4.3-P1 <<>> -x 212.22.3.8 any +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options: printcmd
8.3.22.212.in-addr.arpa. 86400 IN PTR mailserver.foundation66.org.uk.
8.3.22.212.in-addr.arpa. 86400 IN PTR dickens.arp-uk.org.
8.3.22.212.in-addr.arpa. 86400 IN PTR mailserver.rharp.org.uk.
3.22.212.in-addr.arpa. 137844 IN NS ns1.sysonline.net.
3.22.212.in-addr.arpa. 137844 IN NS ns0.sysonline.net.
ns0.sysonline.net. 142182 IN A 212.22.0.10
ns1.sysonline.net. 142182 IN A 212.22.0.11
You should always take reverse-DNS records with a grain of salt. In fact, in this case, this IP is not owned by foundation66 at all, but is instead the IP of their hosted mail service provider (System Online). The fact that 212.22.3.5, 212.22.3.9, and 212.22.3.10 are mail exchangers for apparently entirely unrelated entities supports this theory.
This raises very real possibility that whoever is behind this works at System Online and has been "borrowing" identities and the like from their clients. Not terribly ethical, but we've seen that sort of thing before, now, haven't we?