Date: Tue, 7 Sep 2004 11:50:50 -0400 From: Chris Santerre csanterre@merchantsoverseas.com Subject: RE: [SURBL-Discuss] Re: Need help checking FP list from Theo To: "'SURBL Discussion list'" discuss@lists.surbl.org Message-ID:
620A4FF9B83DD511B69900062939D037AC015E@internal.merchantsoverseas.com
OK, you asked for it ;)
Some of this info will give you a 'feel' for who the hosts operate.
Theo got us a list of 112 new false positives >from across all SURBLs. He showed me the source >messages which are almost all subscribed newsletters and mailing list >messages, so they seem quite hammy.
Given the type of source messages and some >spot checking, I'm inclined to whitelist them all, but I'd like to >ask for some help checking them first. Can anyone help check >these?
123inkjets.com
Oh, these guys are on my personal poop list!
http://groups.google.com/groups?q=123inkjets.com+abuse&hl=en&lr=&...
a
=G&scoring=d
Domain List matching cluster of russ-effrig
- 1: 007inkjets.com
<snip>
24: zbeta.com
@SPAM/spamsource: 553 SPEWS [1] zaconta, see
http://spews.org/ask.cgi?S1467; SPEWS [1] tonerbuys, see http://spews.org/ask.cgi?S1506; 207.178.170/24: 553 SPAM,PINK 207.178.128.0/17 iswest.net AS5033 dedicated spam network - S1467,S2747,S2705,S2657,S786,S1467,SBL9192 2003-07
- SPEWS/spews.org: 553 SPEWS2 [1] zaconta, see
http://spews.org/ask.cgi?S1467; SPEWS2 [1] tonerbuys, see http://spews.org/ask.cgi?S1506; 207.178.170/24: 553 SPEWS2 [2] zaconta, see http://spews.org/ask.cgi?S1467
1and1.com
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&scoring=d&...
u
se&btnG=Search
Domain List matching contacts_email of hostmaster@1and1.com
- 1: 1-asian-sex.com
- 2: 1and1.com
<snip>
- 49: wonderfulldeals.com
Gotomypc.com sells a remote access product Yale.edu is the domain for Yale University
http://spews.org/html/S2611.html
Domain List matching spews of S2611
- 1: ca.us
<snip>
- 12: worldatamail.com
Results: Positive=5, Negative=25 (2004-09-07 15:44:25 UTC)
- @ISP/blackholes.us: 66.151/16: 553 ISP INTERNAP -
http://hatcheck.org/google?internap; http://hatcheck.org/sbl?internap [Blockparade]
- @SPAM/spamsource: 66.151.158/24: 553 SPEWS [1] expertcity/gotomypc,
see http://spews.org/ask.cgi?S2611; 66.151/16: 553 SPAM,PINK,BLOCK 66.150/16 66.151/16 66.151 66.151.44.151 joe4257769@mailgeorgebush.net INTERNAP 2003-04
- DRBL/drbl.all: 66.151/16: 553 DRBL weight: 0.6; vote.drbl.vimas.kiev.ua@ns.vimas.kiev.ua/0.6
- SPEWS/spews.org: 66.151.158/24: 553 SPEWS2 [1] expertcity/gotomypc,
see http://spews.org/ask.cgi?S2611
- FIVETEN/internap.com.spam-support: added 2002-07-07; spam support - hosting sendoutmail.com and jdrmedia.com; added
2003-07-22; spam support - hosting e-i1.com spamming from NET-63-251-54-64-1; added 2003-07-02; spam support - hosting http://www.adaniexports.com on 63.251.163.110; added 2004-03-08; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL14734; added 2004-07-31; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL10031; added 2004-07-31; spam support - transit for AS30038 whose entire 69.63.160.0/20 is on the SBL; added 2003-01-15; spam support - see http://www.spamhaus.org/sbl/listings.lasso?isp=internap.com; added 2003-05-20; spam support - hosting http://www.pr0debtc0nsu1tants.com on 64.74.96.230, was on 63.251.163.110, was on verio; added 2002-01-22; on sprint.net; added 2002-10-07; spam support - hosting netflip.com; added 2003-02-04; spam support - transit for AS18633; added 2003-04-13; spam support - transit for wholesalebandwidth; added 2002-12-07; spam support - dns service for columbiahouse.com; added 2002-09-17; spam support - see http://spews.org/html/S373.html; added 2002-09-10; spam support - hosting randbad.com on 209.191.175.226; added 2002-07-22; spam support - hosting internetseer.com and roving.com
I would love a copy of all the reported FPs. Perhaps they should be moved
to
the IC list?
--Chris
Chris, I agree that these (with the exception of yale.edu) should be moved to the IC list. Unfortunately, since these companies DO have SOME (ONE?) legitimate function, we can't blacklist them here. Of course, I wouldn't object if they were!
--Alden