[Spews] S693 Removal Request
Chris Newcomb
The following domains no longer resolve to our network. Please
remove the listing at your earliest convenience. Thanks in advance.
--
Regards,
Chris Newcomb
Abuse Department Manager
EV1servers.net
Everyones Internet
Theplanet.com
360pro.com, purry.com, increasenet.com, and axisbiopharmacorp.com
1, 64.5.37.161, ns1.360pro.com
1, 64.5.37.162, my.360pro.com
1, 64.5.37.170, 360pro.com
1, 64.5.37.169, ns2.360pro.com / www.passport.360pro.com
1, 64.5.37.128/25, theplanet.com (360pro.com)
1, 64.5.37.0/24, theplanet.com (360pro.com)
1, 64.5.36.0/22, theplanet.com (360pro.com)
2, 64.5.34.0 - 64.5.40.255, theplanet.com (360pro.com)
1, 64.5.56.250, increasenet.com / purry.com
1, 64.5.56.247, axisbiopharmacorp.com
1, 64.5.56.0/25, theplanet.com (360pro.com / purry.com)
1, 64.5.56.0/24, theplanet.com (360pro.com / purry.com)
2, 64.5.56.0/22, theplanet.com (360pro.com / purry.com)
dig 360pro.com
; <<>> DiG 9.2.4 <<>> 360pro.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 550
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;360pro.com. IN A
;; ANSWER SECTION:
360pro.com. 259200 IN A 209.144.224.171
;; AUTHORITY SECTION:
360pro.com. 259200 IN NS ns1.360pro.com.
360pro.com. 259200 IN NS ns2.360pro.com.
;; Query time: 192 msec
;; SERVER: 172.16.220.57#53(172.16.220.57)
;; WHEN: Sat Aug 5 18:12:30 2006
;; MSG SIZE rcvd: 80
dig purry.com
; <<>> DiG 9.2.4 <<>> purry.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4783
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;purry.com. IN A
;; ANSWER SECTION:
purry.com. 3600 IN A 209.144.224.190
;; AUTHORITY SECTION:
purry.com. 259200 IN NS ns1.360pro.com.
purry.com. 259200 IN NS ns2.360pro.com.
;; Query time: 44 msec
;; SERVER: 10.5.2.150#53(10.5.2.150)
;; WHEN: Sat Aug 5 18:14:42 2006
;; MSG SIZE rcvd: 86
dig increasenet.com
; <<>> DiG 9.2.4 <<>> increasenet.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12379
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;increasenet.com. IN A
;; ANSWER SECTION:
increasenet.com. 1800 IN A 69.25.142.5
;; AUTHORITY SECTION:
increasenet.com. 3600 IN NS dns1.name-services.com.
increasenet.com. 3600 IN NS dns2.name-services.com.
increasenet.com. 3600 IN NS dns3.name-services.com.
increasenet.com. 3600 IN NS dns4.name-services.com.
increasenet.com. 3600 IN NS dns5.name-services.com.
;; ADDITIONAL SECTION:
dns1.name-services.com. 84079 IN A 69.25.142.1
dns2.name-services.com. 84079 IN A 216.52.184.230
dns3.name-services.com. 84079 IN A 63.251.92.193
dns4.name-services.com. 84079 IN A 64.74.96.242
dns5.name-services.com. 84079 IN A 70.42.37.1
;; Query time: 79 msec
;; SERVER: 172.16.220.57#53(172.16.220.57)
;; WHEN: Sat Aug 5 18:39:23 2006
;; MSG SIZE rcvd: 238
; <<>> DiG 9.2.4 <<>> axisbiopharmacorp.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9558
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;axisbiopharmacorp.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 1154821155 1800 900 604800 900
;; Query time: 38 msec
;; SERVER: 172.16.220.57#53(172.16.220.57)
;; WHEN: Sat Aug 5 18:39:36 2006
;; MSG SIZE rcvd: 112
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Bill Carton - (The Roadie)
Because it's a question we guess that SPEWS would ask if they were in the
habit of communicating by email, which they aren't: Any chance you can
comment on why it required four escalations of each these spammer records
to get your attention?
Did you boot 'em, or did they simply fail to pay their bill and move on,
unaffected by your AUP enforcement?
I have to admit I'm astonished to see you have a few as four SBL listings,
all under a week old. Relatively clean and impressive record, compared to a
few years ago.
--
Bill "the Roadie" Carton
Mark Roberts
>All,
> The following domains no longer resolve to our network.
<snip>
Too bad all *these* (probably owned by one particular spammer) are
still on line at ev1:
seducing-moms.com (64.246.18.60)
cumonvirgins.com (66.98.166.106)
group-moms-orgies.com (207.44.234.96)
moms-dreams.com (207.44.234.96)
girls-try-olders.com (64.246.18.60)
group-mature.com (66.98.166.106)
And probably many others: My email is so well protected it's a safe
assumption that the above represents just the tip of a very large
iceberg.
I'm not affiliated with SPEWS but if I were I'd be pretty contemptuous
of your request for delisting while still hosting these spammer's
sites.
Chris Newcomb
>
> Because it's a question we guess that SPEWS would ask if they were in
> the habit of communicating by email, which they aren't: Any chance
> you can comment on why it required four escalations of each these
> spammer records to get your attention?
>
> Did you boot 'em, or did they simply fail to pay their bill and move
> on, unaffected by your AUP enforcement?
>
> I have to admit I'm astonished to see you have a few as four SBL
> listings, all under a week old. Relatively clean and impressive
> record, compared to a few years ago.
Bill,
While I would love to speak for the previous administration of the
abuse desk, I cannot. I however can speak for the current
administration which I am the manager of. It will take me some time to
get everything cleaned up, which I will spend more time on focusing on
rather then responding here. If you or anyone else for that matter
have any ongoing issues, please feel free to contact me at chrisn at
ev1servers dot net. Since I have taken over management of the abuse
desk my priorities are to get the glaring problems cleaned up first,
and then go after the small problems.
--
Regards,
Chris Newcomb
Abuse Department Manager
EV1servers.net
Everyones Internet
Theplanet.com
Rudare
is the IP address of one of my biggest clients.
They did have a problem for 10 day with trojens sending one email
constantly to the same person.
They and I have fixed the problem and since last week monday the
problem has not come back.
Will you remove IP Address 80.35.219.176 from your spew-level2
list.
My email address is musc...@gmail.com
Thanks in advance.
Claes T
wrote:
>IP Address 80.35.219.176 is on your black list.
Not my blacklist.
Seems to be listed in S2024 - not in S693! - still at level 2 - for
rima-tde.net/telefonica.es not taking proper care of spammers. Let's
see http://www.spamhaus.org/sbl/listings.lasso?isp=telefonica.es -
yes, 8 listings, three of those ROKSO.
>This IP address is the IP address of one of my biggest clients.
>They did have a problem for 10 day with trojens sending one email
>constantly to the same person.
>They and I have fixed the problem and since last week monday the
>problem has not come back.
The listing isn't about this (as I read the file), it's about
telefonica.es. I rthink you have to talk with them. I guess the level
2 listing will be a level 1 listing rather then unlisted. Level 1 is -
I guess - considrerable more disturbing to be in then just a level 2.
>Will you remove IP Address 80.35.219.176 from your spew-level2 list.
Not my list.
You may want to get a new provider, smarthost outgoing mail - or have
telefonica.es to clean up. If they do, I think they should get
unlisted wrt Spamhaus - all 8 listings - to show they take spam
seriously now (if they do). You may want to post here again when done,
with proper SPEWS file number in subject, telling the world
telefonica.es abuse handling is functional now (if it is). After that
post, let's hope the SPEWS admin like what s/he see and unlist the IPs
from SPEWS.
You may want to read the faq linked below.
Best,
Claes T
Mike Andrews
> IP Address 80.35.219.176 is on your black list. This IP address
> is the IP address of one of my biggest clients.
> They did have a problem for 10 day with trojens sending one email
> constantly to the same person.
> They and I have fixed the problem and since last week monday the
> problem has not come back.
> Will you remove IP Address 80.35.219.176 from your spew-level2
> list.
> My email address is musc...@gmail.com
You're an administrator of worldwebconnect.com, goodmansystems.com,
rima-tde.net, or telefonica.es? If you're with telefonica.es or
rima-tde.net, how about getting rid of your plethora of spammers _and_
responding to mail to abuse@ about spammers, spam drop-boxes, and
spammed-for websites? In any event, using a role address in one of the
above domains would establish that you have some connection to that
domain; use of a Gmail address shows nothing about your connection to
any of the above domains as an administrator.
The IP address you mention is in or near the following lines of S693:
A 1, 80.35.221.210, worldwebconnect.com / goodmansystems.com
B 1, 80.35.221.0/24, worldwebconnect.com / goodmansystems.com (rima-tde.net)
C 2, 80.35.218.0 - 80.35.224.255, worldwebconnect.com / goodmansystems.com (rima-tde.net) (telefonica.es)
D 2, 217.199.175.112, worldsubmit.biz dead?
Note that line C, the only one that contains 80.35.219.176, is listed
at level 2; most users of SPEWS don't block on level 2. A fair number
of folks _do_, however, have telefonica.es IP space listed in their
own private blocklists.
Note also that 80.35.219.176 isn't listed; the entire block 80.35.218.0
- 80.35.224.255 is listed, presumably because rima-tde.net and
telefonica.es were unresponsive to complaints about worldwebconnect.com
and goodmansystems.com, and about the spam comnig from 80.35.221.0/24.
In other words, it's not about you and your trojan infestation; it's
about your ISP. You need to get _them_ to change.
--
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin
NFN Smith
> IP Address 80.35.219.176 is on your black list. This IP address
> is the IP address of one of my biggest clients.
>
> They did have a problem for 10 day with trojens sending one email
> constantly to the same person.
>
> They and I have fixed the problem and since last week monday the
> problem has not come back.
That's nice, but it's probably not the cause for the listing.
Remember that SPEWS is a list of IP blocks belonging to spam-friendly
ISPs, not of individual spammers. Thus, it's the owner of the IP block
(that is, the ISP) that's being held accountable, not the individual user.
One of the popular beliefs about SPEWS is that if SPEWS delists a
particular IP or block, and the ISP is still spammer friendly, there's
plenty of incentive to move the legitimate customer to a different IP
block, and move a pet (read: high-paying) spamming customer into that block.
Essentially, SPEWS' condition for removing a listing is adequate
assurance that the spam won't be coming from those IP addresses. In the
case of your client being a customer of Telefonica, there's no
reasonable expectation that that block won't start emitting spam again,
if/when Telefonica reassigns that IP space to another customer (either
by them moving your client to another IP block, or by them leaving for
another ISP), and Telefonica assigning addresses in that block to
another spammer.
Thus, until Telefonica makes it clear that they're stopping spam
support, including not signing new contracts with known spammers, and
terminating accounts of customers that turn out to be spammers, as well
as other spammer-support services, such website hosting and DNS support,
it's unlikely that SPEWS will remove the listing. Given TdE's historic
response to abuse complaints (usually nothing, other than perhaps an
auto-ack message), it seems unlikely that TdE is willing to get rid of
its spammers -- it's either too much effort, or they like the revenues
the spammers are paying them. Plus, they seem to be unwilling to do
much about cleaning up trojan-infected customers.
The usual options apply (the top of the list is the most effective, the
bottom is the easiest to do):
1) Get TdE to terminate its spammers;
2) Move to another ISP;
3) Find another provider that will relay your outbound mail for you,
rather than doing it from a TdE IP address.
4) Convince recipients to either not use SPEWS, or whitelist mail coming
from your IP addresses.
5) Live with the situation.
In the apparently unlikely scenario that TdE gets serious about
suppressing spam coming from its customers, you client will not be able
to send mail from the IP addresses it is currently allocated by TdE to
users with accounts on servers that use SPEWS.
In short, if I'm an admin that uses SPEWS to determine whether I'm going
to accept a message or not (and I don't use SPEWS), the SPEWS listing
ultimately means "If you're a customer of Telefonica, I don't want your
mail, whether it's legitimate to you, or not).
Smith