On Saturday, October 16, 2004, 3:57:36 AM, Jeff Chan wrote:
On Wednesday, October 13, 2004, 9:00:29 PM, Jeff Chan wrote:
On Monday, October 11, 2004, 4:59:24 PM, Jeff Chan wrote:
See the first message in this thread for a little more information about some of these:
http://lists.surbl.org/pipermail/discuss/2004-October/003169.html
Thanks to Ryan and others for identifying most of the free hosting sites in the full list. We whitelisted those free sites earlier.
We still need help identifying the other potential FPs from the percentiled top DMOZ and wikipedia list:
http://spamcheck.freeapp.net/whitelists/percentile-wikipedia-dmoz-blocklist....
]I went ahead and checked the remainder:
arena.ne.jp
1997 domain, web hosting site belonging to Japan's national telco NTT, no SBL, 72 NANAS - mostly sender addresses and a few abuse reporting addresses. 36 DMOZ hits. Probably should not be listed.
away.com
1995 domain, no SBL, 7 NANAS - all apparently joe job or "whitening" or "chaff" type false inclusions in spam. away.com appears to be a legitimate travel site with no actual abuse. Probably should not be listed.
centralhome.com
1998 domain, no SBL, no NANAS, May be a legitimate site: "Dance, Exercise, Sports and Fitness Videos, DVD, Books & Accessories". Probably should not be listed.
cheapass.com
1997 domain, no SBL, no NANAS, sells board games. Looks legitimate. Probably should not be listed.
kit.net
1997 domain, no SBL, 2000+ NANAS - user abuse of this hosting site. Redirects to kitnet.globo.com. Clearly this domain is abused. The only question is whether it has enough legitimate use to whitelist.
Hosting IP belongs to Embratel, and is listed in only SPEWS as a /24, which I don't consider particularly meaningful. IP is not listed in any other RBLs that openrbl.org knows about. Possibly ok to whitelist, though as others have noted, it does get abused a lot. 4 DMOZ hits.
kki.net.pl
1997 domain, no SBL, 248 NANAS - almost all in forged headers, appears to be a legitimate Polish ISP with mail and web hosting. Personal web sites probably subject to some abuse, but the NANAS hits were almost all forged mentions in mail headers. Appears to have legitimate uses. 15 DMOZ hits.
ledger-enquirer.com
1997 domain, no SBL, 1 NANAS in spam headers as forged recipient, which is usually meaningless. This is the web site of a local Georgia newspaper owned by large newspaper chain Knight Ridder. Almost certainly not a spam gang.
nana.co.il
2000 or earlier domain, no SBL, 754 NANAS - mostly forged headers, major Internet portal in Israel, appears to have legitimate uses. 40 DMOZ hits.
online-dictionary.biz
March 2004 domain registration, no SBL, no NANAS, mentioned as an online reference in Wikipedia as "free multi-lingual online dictionary between English and seven modern languages". Probably has legitimate uses despite the bizarre choice of TLD.
p5.org.uk
2001 domain belonging to portland.co.uk like 8bit.co.uk and some other free hosts we recently whitelisted, no SBL, 17 NANAS, appears to have some legitimate uses and some minor abuse. 2 DMOZ.
quuxuum.org
1996 domain, no SBL, 23 NANAS, all referring to "evan's" Bill Gates' net worth page, probably a Joe Job or chaff in contest scams. (Or some kind of sick, envy-driven justification in the scammers' puny brains for trying to scam people.) This site looks like a personal web server with some legitimate personal hobbyist uses. Does not seem to be a major spam destination or spammer, at least based on visible sites and NANAS mentions. 6 DMOZ.
republika.pl
1999 domain, no SBL, 12 NANAS, but 2526 DMOZ mentions, so it probably has far more legitimate uses than spam uses. Appears to be a Polish hosting provider. Probably should not be listed.
s5.com
1996 domain, no SBL, 116 NANAS, free hosting site belongs to freeservers.com. Already whitelisted along with others belonging to them.
spaceports.com
1997 domain, no SBL, 22 NANAS from 1999 through 2003. None in 2004. Hosting provider with reasonable looking abuse policies. The reports seem short-lived and few, indicating that they may be stopping abusers. 229 DMOZ hits. Probably should be whitelisted.
t35.com
1999 domain, no SBL, 59 NANAS, 44 DMO. Hosting provider. Seems to have reasonable abuse policies including specifically prohibiting spam mentions.
telepolis.com
1996 domain, no SBL, 33 NANAS, 262 DMOZ. Wanadoo Spain ISP. Minor spam from personal web or picture hosting. Spam-mentioned sites seem shut down, so probably has a functional abuse desk. Has some minor abuse, but probably should not be listed.
transnationale.org
1999 domain, no SBL, 250 NANAS, 3 DMOZ, French web site apparently tracking social policies of international companies. The NANAS hits are almost entirely mentions in 419-type spams, probably due to socio-political articles, but that does not make the domain spammers. Oddly it's the same article URI mentioned in every spam I checked, and that URI no longer serves a page. Perhaps the site owners got tired of the abuse and took it down. Again, this does not make the site spammers, more like victims of the mention. Probably should not be listed.
up.co.il
1998 or earlier domain, no SBL, 23 NANAS - mix of senders and hosts but relatively few, 48 DMOZ, Israel web hosting company. Some minor abuse, but probably should not be listed. Spam- mentioned sites seem shut down.
xiloo.com
2000 domain, in SBL, 345 NANAS, 8 DMOZ. Appears to be a China ISP or portal. Can't determine much more than that. Also owns xilu.com. Source on WS is:
/home/dbfunk/black-dbfunk-2:xiloo.com
Dave, got any data on them?
zip.net
1998 domain, not in SBL, 230 NANAS looking like abusive users.
Already whitelisted per Joe Wein's report:
"zip.net (http://zipmail.uol.com.br/) is a webmailer by UOL in Brazil."
zonai.com
1999 domain, no SBL, 88 NANAS, 2 DMOZ. Looks like Puerto Rico web portal. Appears to have legitimate uses. NANAS hits all appear to be 419-scam reply mentions and mail headers. Probably should not be listed.
So out of the above all should probably be whitelisted, except xiloo.com and kit.net for which I can't determine enough. Can any Chinese readers check out xiloo.com?
Does anyone have any comments on any of these?
OK I went ahead and whitelisted all of the above except for kit.net and xiloo.com .
I'd appreciate comments on those two or any of the others.
Jeff C. -- "If it appears in hams, then don't list it."