OK, you asked for it ;)
Some of this info will give you a 'feel' for who the hosts operate.
Theo got us a list of 112 new false positives >from across all SURBLs. He showed me the source >messages which are almost all subscribed newsletters and mailing list >messages, so they seem quite hammy.
Given the type of source messages and some >spot checking, I'm inclined to whitelist them all, but I'd like to >ask for some help checking them first. Can anyone help check >these?
123inkjets.com
Oh, these guys are on my personal poop list!
http://groups.google.com/groups?q=123inkjets.com+abuse&hl=en&lr=&... =G&scoring=d
Domain List matching cluster of russ-effrig
* 1: 007inkjets.com * 2: 00inkjets.com * 3: 111inkjets.com * 4: 123cartridges.com * 5: 123inkjets.com * 6: 123lasertoner.com * 7: 411inkjets.com * 8: 911inkjets.com * 9: amazingofferings.com * 10: communicationadvisor.com * 11: customoffers.com * 12: customoffersmail.com * 13: ebabyloninc.com * 14: etoll.net * 15: freecartridges.com * 16: imagerocket.com * 17: inkjetorder.com * 18: itsimazing.com * 19: mosaicdatasolutions.com * 20: niftyoffer.com * 21: proinkjets.com * 22: rocketmouse.net * 23: yourmailsource.com * 24: zbeta.com
* @SPAM/spamsource: 553 SPEWS [1] zaconta, see http://spews.org/ask.cgi?S1467; SPEWS [1] tonerbuys, see http://spews.org/ask.cgi?S1506; 207.178.170/24: 553 SPAM,PINK 207.178.128.0/17 iswest.net AS5033 dedicated spam network - S1467,S2747,S2705,S2657,S786,S1467,SBL9192 2003-07 * SPEWS/spews.org: 553 SPEWS2 [1] zaconta, see http://spews.org/ask.cgi?S1467; SPEWS2 [1] tonerbuys, see http://spews.org/ask.cgi?S1506; 207.178.170/24: 553 SPEWS2 [2] zaconta, see http://spews.org/ask.cgi?S1467
1and1.com
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&scoring=d&... se&btnG=Search
Domain List matching contacts_email of hostmaster@1and1.com
* 1: 1-asian-sex.com * 2: 1and1.com * 3: ansonline.com * 4: attachs.com * 5: autoperl.com * 6: basix.com * 7: bb4f.info * 8: bloated.org * 9: bonzil.com * 10: clickforhosting.com * 11: college-nudes.net * 12: colomb.org * 13: cyber-cd.com * 14: discreetdvd.com * 15: diveadventurers.com * 16: domymarketing.com * 17: dynawebdesigns.com * 18: e-hostonline.net * 19: e-mazingdeals.com * 20: equestriantherapy.org * 21: equotesonline.com * 22: extremmovies.com * 23: ffa-usa.com * 24: freepussypass.com * 25: ghostbiz.com * 26: globaladvt.com * 27: gun-sales.com * 28: ivee.org * 29: ladygodivanetwork.com * 30: linethai.com * 31: marketingconceptsgroup.com * 32: medicalwebservices.net * 33: metreward.com * 34: micacy.com * 35: michigan-business.com * 36: myhouselist.com * 37: myproemail.com * 38: nastiest-teens.com * 39: njmovietime.com * 40: onlinehome-server.com * 41: onlinehome.us * 42: propappr-alachua-fl.org * 43: softwarepark-goa.org * 44: something-else.org * 45: speedyvalues.com * 46: systechintegration.com * 47: theinfoman.com * 48: uptimesoftware.com * 49: wonderfulldeals.com
Gotomypc.com sells a remote access product Yale.edu is the domain for Yale University
http://spews.org/html/S2611.html
Domain List matching spews of S2611
* 1: ca.us * 2: expertcity.com * 3: gotomypc.com * 4: internap.com * 5: pcmag-direct.com * 6: pnap.net * 7: spamlaws.com * 8: twtelecom.net * 9: wd10.com * 10: wd12.com * 11: whew.com * 12: worldatamail.com Results: Positive=5, Negative=25 (2004-09-07 15:44:25 UTC)
* @ISP/blackholes.us: 66.151/16: 553 ISP INTERNAP - http://hatcheck.org/google?internap; http://hatcheck.org/sbl?internap [Blockparade] * @SPAM/spamsource: 66.151.158/24: 553 SPEWS [1] expertcity/gotomypc, see http://spews.org/ask.cgi?S2611; 66.151/16: 553 SPAM,PINK,BLOCK 66.150/16 66.151/16 66.151 66.151.44.151 joe4257769@mailgeorgebush.net INTERNAP 2003-04 * DRBL/drbl.all: 66.151/16: 553 DRBL weight: 0.6; vote.drbl.vimas.kiev.ua@ns.vimas.kiev.ua/0.6 * SPEWS/spews.org: 66.151.158/24: 553 SPEWS2 [1] expertcity/gotomypc, see http://spews.org/ask.cgi?S2611 * FIVETEN/internap.com.spam-support: added 2002-07-07; spam support - hosting sendoutmail.com and jdrmedia.com; added 2003-07-22; spam support - hosting e-i1.com spamming from NET-63-251-54-64-1; added 2003-07-02; spam support - hosting http://www.adaniexports.com on 63.251.163.110; added 2004-03-08; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL14734; added 2004-07-31; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL10031; added 2004-07-31; spam support - transit for AS30038 whose entire 69.63.160.0/20 is on the SBL; added 2003-01-15; spam support - see http://www.spamhaus.org/sbl/listings.lasso?isp=internap.com; added 2003-05-20; spam support - hosting http://www.pr0debtc0nsu1tants.com on 64.74.96.230, was on 63.251.163.110, was on verio; added 2002-01-22; on sprint.net; added 2002-10-07; spam support - hosting netflip.com; added 2003-02-04; spam support - transit for AS18633; added 2003-04-13; spam support - transit for wholesalebandwidth; added 2002-12-07; spam support - dns service for columbiahouse.com; added 2002-09-17; spam support - see http://spews.org/html/S373.html; added 2002-09-10; spam support - hosting randbad.com on 209.191.175.226; added 2002-07-22; spam support - hosting internetseer.com and roving.com
I would love a copy of all the reported FPs. Perhaps they should be moved to the IC list?
--Chris