On Wednesday, May 25, 2005, 4:05:55 AM, Kevin McGrail wrote:
So do they use zombies or fixed IPs to send from?
Without researching, I would guess that they are legitimate business using their own resources or salespeople and do unethical solicitations.
What would you say from headers like this?
Received: from twm2005-dev.thoughtworthy.com ([10.10.10.31]) by dev.thoughtworthy.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 May 2005 17:21:13 -0400 Received: from sales (sales.anthemtechnologies.com [65.213.110.30]) by twm2005-dev.thoughtworthy.com (8.13.4/8.13.4) with SMTP id j4OLKKfc024063 for jobs@thoughtworthy.com; Tue, 24 May 2005 17:20:26 -0400
http://rbls.org/?q=65.213.110.30 comes up clean, so it's perhaps not a zombie.
(BTW my favorite rbl checker openrbl.org seems gone. :-( )
Looks like their own /25 from UUNet:
CustName: Anthem Technologies, Inc. Address: 1405 State Route 18 Address: Suite 106, 1st floor, phone room City: Old Bridge StateProv: NJ PostalCode: 08857 Country: US RegDate: 2003-05-22 Updated: 2003-05-22
NetRange: 65.213.110.0 - 65.213.110.127 CIDR: 65.213.110.0/25 NetName: UU-65-213-110-D6 NetHandle: NET-65-213-110-0-1 Parent: NET-65-192-0-0-1 NetType: Reassigned Comment: Addresses within this block are non-portable. RegDate: 2003-05-22 Updated: 2003-05-22
TechHandle: OA12-ARIN TechName: UUnet Technologies, Inc., Technologies TechPhone: +1-800-900-0241 TechEmail: help4u@mci.com
If they are spammers, they're stupid to spam from their own network. If you want to block them, there's a nice /25 to deny access from..... :-)
It's looking less and less like it belongs on SURBLs....
Jeff C. -- Don't harm innocent bystanders.