Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
Hi Jeff,
the following are on my blacklist:
anyxhost.com geileheissemaus.com golady.com goldnow.st grmushkinsexxx.com lenovo2008.com magicpages.biz megacockcravers.com mellamed.com messagizer.de mtnonline.com mypharmanex.com onlywantsex.net pdgexchanger.com pdginventory.com recyclemycell.com totallyamateurs.com trickortranny.com vetomail.com webmasterlose.de xuevsdes.net ysmtrucker.com
I manually rechecked every one of them in detail. Here are the results:
anyxhost.com: Not sure about this one. Spamvertized URL http://www.top-10-search-engine-ranking.anyxhost.MUNGEcom in spam received on May 9, 2004. This spamvertized subdomain ist still active today. anyxhost.com was only 3 weeks old at the time of the spam.
geileheissemaus.com: German porn site; URL http://geileheissemaus.MUNGEcom/?ref=AX965759486 received in spam on July 30,2004. Originating IP=217.173.157.165, which is the IP of geileheissemaus.com. This definitely is spam.
golady.com: URL http://rds.yahoo.com/*-http://www.yahoo.com.golady.MUNGEcom/rd/b.html received in pill spam ("If you are forking out loads for your pills these people can help") on Feb 29, 2004.
goldnow.st URL http://www.goldnow.MUNGEst advertized in spam on March 23, 2004, offering anonymous credit cards; spam listed various phone numbers of the company that also appear on their website. This would have to be a Joe job for them to be innocent, but a .st domain is anything but confidence inspiring.
grmushkinsexxx.com Porn site; URL http://www.grmushkinsexxx.MUNGEcom/index.html advertised in spam with explicit pictures on July 27, 2004.
lenovo2008.com Spamvertised URL http://www.51mymail.MUNGEcom/projects/tracker.jsp?o=1151&;u=39242396&s=1&e= 2&d=1&r=http://www.lenovo2008.MUNGEcom/edm/1.html which opens http://www.lenovo2008.MUNGEcom/edm/1.html in Chinese language spam received on July 29, 2004.
magicpages.biz Google spamming service site; Spamvertized URL http://www.magicpages.MUNGEbiz/ in spam received on July 26, 2004.
megacockcravers.com: Porn site; Spamvertized URL http://www.megacockcravers.MUNGEcom/main.htm?id=9142120 in spam received on May 12, 2004.
mellamed.com 419 scam from barukh@mellamed.com received on August 8, 2004. The website is not functionional (i.e. incomplete Apache setup). mellamed.com was registered only four days earlier and is hosted by a company in -out of all places- Lagos, Nigeria that has hosted at least two other 419 scam sites before.
messagizer.de Spam from host "news.messagizer.de" received here on February 25, 2004 at an unused address harvested off my website. A google news groups search for "messagizer.de *abuse*" finds many threads.
mtnonline.com: Spamvertised URL: <www.mtnonline.MUNGEcom> in spam from Nigeria (adekunleadekoya@sirltech.com) selling ringing tones for mobile phones, received on July 15, 2004.
mypharmanex.com: Spamvertized URL http://gaylemarie.mypharmanex.MUNGEcom/ in spam received on May 15, 2004. Gayle Marie may only be a spamming affiliate. However, her subdomain still works three months later. Maybe nobody reported her spam?
onlywantsex.net Porn site, Curacao, Netherlands Antilles; Spamvertized URL http://OnlyWantSex.MUNGEnet/enter.asp?src=786 received in spam on May 4, 2004.
pdgexchanger.com: Sender domain of spam received on August 6, 2004. Domain registered with Joker.com five days earlier, on August 1, 2004. http://www.pdgexchanger.MUNGEcom/ gives only a blank webpage.The URL advertised was Http://pde.spedis.MUNGEinfo/wpfrnd/. The MID domain was <pdgproclaimer.com>.
The Name server is PDGBLURB.COM which was also only registered on August 1. This name server was used by spams using the following domains on these dates: pdgexchanger.com;2004-08-06 pdgbroadcast.com;2004-08-09 pdginventory.com;2004-08-09 pdgcampaigner.com;2004-08-11
pdginventory.com: Sender domain of spam received on August 9, 2004. Domain registered with Joker.com five days earlier, on August 1, 2004. http://www.pdginventory.MUNGEcom/ gives only a blank webpage.The URL advertised was Http://cmhr.spedis.MUNGEinfo/wpfrnd/. The MID domain was <pdgpitch.com>. The Name server is PDGBLURB.COM again.
recyclemycell.com: Spam received on July 26, 2004 from "Recycle My Cell.com" advertise@recyclemycell.MUNGEcom.
totallyamateurs.com: Spamvertized URL http://www.totallyamateurs.MUNGEcom/ft=pimp1946 in "SEXUALLY-EXPLICIT:" spam received on May 26, 2004.
trickortranny.com: Japanese porn video site; Spamvertized URL http://www.trickortranny.MUNGEcom/1261379920 in spam received on January 19, 2004.
vetomail.com: A challenge & response spam filter. A link to this site was included in an adult site spam received on February 15, 2004. Hmmm... A spam filter recommended by spammers?
That alone wouldn't have done it, but at the time the name server for vetomail.com appears to have been blacklisted by spamhaus (it no longer is) and I had seen some pages accusing vetomail of spamming or other unethical behaviour.
webmasterlose.de Spamvertized URL http://www.webmasterlose.de/paid-ad-mail.php?id=8&user=1698 in spam (From: "Webmasterlose (Paidmail)" Info@webmasterlose.MUNGEde) received February 12, 2004.
xuevsdes.net: Spamvertised URL http://www.xuevsdes.MUNGEnet/s50.htm?NqchCxweJvhRgvjfIuJ in Cyrillic code page porn spam received on July 28, 2004. The links in that spam no longer work.
ysmtrucker.com: See pdgexchanger.com / pdginventory.com. This seems to be the same spammer. ysmtrucker.com was the sender domain in a spam received on August 3, 2004. The domain of its name server, ysmbroadcaster.com, was registered with Joker.com on August 1, same as PDGBLURB.COM. Spamvertized URL: www.gqh.kredis.MUNGEinfo/wpfrnd/?zhc>, domain registered by the same person as spedis.info...
Bottom line:
The following domains may be innocent. I'll remove them here.
vetomail.com anyxhost.com webmasterlose.de mypharmanex.com
But the following should stay on there:
geileheissemaus.com golady.com goldnow.st grmushkinsexxx.com lenovo2008.com magicpages.biz megacockcravers.com mellamed.com messagizer.de mtnonline.com mypharmanex.com onlywantsex.net pdgexchanger.com pdginventory.com recyclemycell.com totallyamateurs.com trickortranny.com xuevsdes.net ysmtrucker.com
Joe