wholesalebandwidth.com major sponsor of spammers refuses to accept email at abuse
I have received almost 200 different spam messages from domains hosted by this provider from russain domains attempting to sell pharmacueticals and other unsolicited services that I do not want tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company -Henry Message from yahoo.com. Unable to deliver message to the following address(es). <abuse@wholesalebandwidth.com>: 69.6.21.60 does not like recipient. Remote host said: 550 5.7.1 <abuse@wholesalebandwidth.com>... Relaying denied Giving up on 69.6.21.60.
On Thursday, March 11, 2004 10:11 PM [EST], Henry Linneweh <hrlinneweh@sbcglobal.net> wrote:
I have received almost 200 different spam messages from domains hosted by this provider from russain domains attempting to sell pharmacueticals and other unsolicited services that I do not want tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company
-Henry
Message from yahoo.com. Unable to deliver message to the following address(es).
<abuse@wholesalebandwidth.com>: 69.6.21.60 does not like recipient. Remote host said: 550 5.7.1 <abuse@wholesalebandwidth.com>... Relaying denied Giving up on 69.6.21.60.
Wholesalebandwidth is just a front-end for spammers. I've had them blacklisted for a long time with no ill affects (and alot less spam). -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Henry Linneweh writes on 3/12/2004 8:41 AM:
I have received almost 200 different spam messages from domains hosted by this provider from russain domains attempting to sell pharmacueticals and other unsolicited services that I do not want tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company
Wholesalebandwidth = Scott Richter. http://groups.google.com/groups?q=scott+richter+wholesalebandwidth You can safely nullroute 69.6.0.0/18 srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
On Fri, 12 Mar 2004, Suresh Ramasubramanian wrote:
Henry Linneweh writes on 3/12/2004 8:41 AM:
I have received almost 200 different spam messages from domains hosted by this provider from russain domains attempting to sell pharmacueticals and other unsolicited services that I do not want tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company
Wholesalebandwidth = Scott Richter.
http://groups.google.com/groups?q=scott+richter+wholesalebandwidth
You can safely nullroute 69.6.0.0/18
Don't forget to add 69.6.64.0/20 to your access list - they recently got this addition and quickly moved quite some number of spam servers there. -- William Leibzon Elan Networks william@elan.net
Are such networks maintained somewhere? SPEWS? -GSH ----- Original Message ----- From: "william(at)elan.net" <william@elan.net> To: "Suresh Ramasubramanian" <suresh@outblaze.com> Cc: "Henry Linneweh" <hrlinneweh@sbcglobal.net>; <nanog@merit.edu> Sent: Friday, March 12, 2004 4:37 AM Subject: Re: wholesalebandwidth.com major sponsor of spammers refuses to accept email at abuse
On Fri, 12 Mar 2004, Suresh Ramasubramanian wrote:
Henry Linneweh writes on 3/12/2004 8:41 AM:
I have received almost 200 different spam messages from domains hosted by this provider from russain domains attempting to sell pharmacueticals and other unsolicited services that I do not want tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company
Wholesalebandwidth = Scott Richter.
http://groups.google.com/groups?q=scott+richter+wholesalebandwidth
You can safely nullroute 69.6.0.0/18
Don't forget to add 69.6.64.0/20 to your access list - they recently got this addition and quickly moved quite some number of spam servers there.
-- William Leibzon Elan Networks william@elan.net
On 03/12/04, "Gu?bj?rn S. Hreinsson" <gsh@centrum.is> wrote:
Are such networks maintained somewhere? SPEWS?
http://www.spamhaus.org/ is always a good place to start. They've got the most comprehensive public collection of information about spammer operations. -- J.D. Falk "be crazy dumbsaint of the mind" <jdfalk@cybernothing.org> -- Jack Kerouac
On Fri, 12 Mar 2004, Suresh Ramasubramanian wrote: Wholesalebandwidth = Scott Richter. http://groups.google.com/groups?q=scott+richter+wholesalebandwidth You can safely nullroute 69.6.0.0/18 You can say that again. He's a strong third on my list: http://mrtg.snark.net/nullstats.cgi Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are! matto --matt@snark.net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
On Thu, Mar 11, 2004 at 10:59:01PM -0800, just me wrote: | | Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are! | I'd say that it is not a wise thing to do, but it is up to you. Inside this /8 block there are a lot allocation to important networks in our region. There is also, users that send spam from these IPs, but I see this all the time from IP blocks of all over the world. According to some statistics USA is one of the top in the list of spammers. Do you filter all American blocks in your network? I guess not. You wisely filter only some, like this 69.6.0.0/18. Do you filter all Asia blocks? I guess not... regards, Ricardo. -- Latin American and Caribbean Internet Addresses Registry http://lacnic.net
On Fri, 12 Mar 2004, Ricardo G Patara wrote: On Thu, Mar 11, 2004 at 10:59:01PM -0800, just me wrote: | | Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are! I'd say that it is not a wise thing to do, but it is up to you. Inside this /8 block there are a lot allocation to important networks in our region. There is also, users that send spam from these IPs, but I see this all the time from IP blocks of all over the world. It is an effective solution in my specific application, with my set of users. I have a 100% hit rate with no false positives. I am not suggesting other folks do the same unless their requirements are also the same. I certainly wouldn't do this at my day job as postmaster@sony.com, for example. According to some statistics USA is one of the top in the list of spammers. Do you filter all American blocks in your network? I guess not. You wisely filter only some, like this 69.6.0.0/18. I filter the blocks that I see a 1:0 spam to ham ratio from, wherever they are located. I also try to aggregate where I can. The LACNIC blocks were a convenient place to do so. Do you filter all Asia blocks? I guess not... I certainly do filter abuseive asian networks, except for networks that my users need connectivity to, or networks that I have not seen abuse from: http://mrtg.snark.net/blacklist.cgi I think you'll see that there's no region singled out there. You might also be forgetting that the reason I singled out the LACNIC blocks, is that they are the third largest source of unwanted SMTP traffic I see. I'm sorry if my actions have offended you, because there really is nothing personal going on here, just pragmatism and a desire to prevent as much spam as possible from reaching my users. Matt Ghali speaking as postmaster@snark.net only --matt@snark.net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
Hello, I also just want to make clear that there is nothing personal going on neither from my side. BTW, I tried to answer this directly to you, but as you block the whole 200/8, it was not possible. Interestingly, this could be your your first "ham" message from LACNIC region. Not this time... :( I sent my message to the list just to make it clear that not everyone in LACNIC region is spammer. The way you said the following: | Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are! sounded that you had no idea what LACNIC is, and don't even care. To you it is just a bunch of spammer. Other might had the wrong impression that really doesn't matter what LACNIC is, and start to block the 200/8 because someone does so. Just my thoughts, Regards, Ricardo. On Fri, Mar 12, 2004 at 10:03:31AM -0800, just me wrote: | | On Fri, 12 Mar 2004, Ricardo G Patara wrote: | | On Thu, Mar 11, 2004 at 10:59:01PM -0800, just me wrote: | | | | Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are! | | I'd say that it is not a wise thing to do, but it is up to you. | | Inside this /8 block there are a lot allocation to important networks | in our region. | There is also, users that send spam from these IPs, but I see this all | the time from IP blocks of all over the world. | | | It is an effective solution in my specific application, with my set of | users. I have a 100% hit rate with no false positives. I am not | suggesting other folks do the same unless their requirements are also | the same. I certainly wouldn't do this at my day job as | postmaster@sony.com, for example. | | According to some statistics USA is one of the top in the list of | spammers. | Do you filter all American blocks in your network? I guess not. You | wisely filter only some, like this 69.6.0.0/18. | | I filter the blocks that I see a 1:0 spam to ham ratio from, wherever | they are located. I also try to aggregate where I can. The LACNIC | blocks were a convenient place to do so. | | Do you filter all Asia blocks? I guess not... | | I certainly do filter abuseive asian networks, except for networks | that my users need connectivity to, or networks that I have not seen | abuse from: | | http://mrtg.snark.net/blacklist.cgi | | I think you'll see that there's no region singled out there. You might | also be forgetting that the reason I singled out the LACNIC blocks, is | that they are the third largest source of unwanted SMTP traffic I see. | | I'm sorry if my actions have offended you, because there really is | nothing personal going on here, just pragmatism and a desire to | prevent as much spam as possible from reaching my users. | | Matt Ghali | speaking as postmaster@snark.net only | | --matt@snark.net------------------------------------------<darwin>< | Flowers on the razor wire/I know you're here/We are few/And far | between/I was thinking about her skin/Love is a many splintered | thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
Ricardo G Patara wrote:
According to some statistics USA is one of the top in the list of spammers. Do you filter all American blocks in your network? I guess not. You wisely filter only some, like this 69.6.0.0/18. Do you filter all Asia blocks? I guess not...
When this came up the previous time, I suggested that disconnecting Florida from the Internet would be a good start to reduce abuse. However, since some people seem to care about the hardly measurable amount of legitimate traffic coming from there, this has not happened. Pete
--- hrlinneweh wrote:
tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company
Wholesale Bandwidth are spammers, the 4th worst in the world according to spamhaus.org. According to senderbase.org, those two domains are the 8th and 18th biggest sources of all Internet e-mail, ahead of entire networks of worm ridden cable users. http://www.theregister.co.uk/content/55/35937.html also makes interesting reading. --- gsh wrote:
Are such networks maintained somewhere? SPEWS?
Spamhaus has useful data. There was some talk of a MAPS style BGP feed from Spamhaus which would be ideal, but I don't know what the current situation is. SBL data is available direct from Spamhaus or from http://spfilter.sourceforge.net/data/sbl/ -- Alex Clark __________________________________ Do you Yahoo!? Yahoo! Search - Find what you�re looking for faster http://search.yahoo.com
--- hrlinneweh wrote:
tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company
Wholesale Bandwidth are spammers, the 4th worst in the world according to spamhaus.org.
But 69.6.0.0/18 is not listed in http://www.spamhaus.org/drop/ Is the Spamhaus BL different from the Drop? This network is listed in the SBL... -GSH
participants (12)
-
Alex Clark -
Brian Bruns -
Guðbjörn Hreinsson -
Guðbjörn S. Hreinsson
-
Henry Linneweh -
J.D. Falk -
John Payne -
just me -
Petri Helenius -
Ricardo G Patara -
Suresh Ramasubramanian -
william(at)elan.net