Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
Here's a summary of matches against the lists, with some overlap:
list count: 130
ws: 77 ob: 54 ab: 2 ph: 4 sc: 0
activismispatriotism.org anwod.com anyxhost.com appleseedsacks.com aramova.com asexstoryforyou.com asianangels.com autumntiger.com b33r.us barnstablepatriot.com bigbigsavings.com bl4h.net cashspiders.info casinovendors.com challengerone.com cherryinc.com chinese960.com cllgeprgamsonlne.biz cmaya.com cn4e.com conception766pi11.us condominiums.tk coolerfix.com courrielleur.com dakotacom.net easysitelaunch.com eletricjoy-bz.com eletricjoy-hm.com emailministry.org findbrooke.com fivecentclicks.com freepornofreeporn.com gaingreenbacks.com gayartworks.org geileheissemaus.com getuni.com golady.com goldnow.st grmushkinsexxx.com healthinsurancesavings.com heightmax.com hottigotti.com humaniststudies.org hunt4stuff.com iasurvey.org indiapakistanpeace.org kehuidao.com kimberlygordon.biz lavahelp.net lenovo2008.com letnaderdebate.org livingmath.net lowratesource.com lvalite.com magicpages.biz manchuriangame.com marketingdealtime.com marketmysite.com maybeyes.biz megacockcravers.com mellamed.com memri.org.il messagizer.de micropoint.biz misshaped982twisty.com monarchhs.com mtnonline.com mxincome.com myebay-secure.net mypharmanex.com nameauditors.com newsenterpriseonline.com nexuswebs.net niceshemale.net numbersusa.com onlneductnprgms.biz onlywantsex.net ourpictures.com outplan.com.br ownsthis.com paidbymouse.com pcdepot.co.il pdgexchanger.com pdginventory.com peoplejudgebush.org peterforflorida.com philosc.com pksnetwork.com plainfunxe.com politicalbrew.com qerhj.com recyclemycell.com rxmedaid.com sandicarismasport.com santosdiablos.com savedarfur.org scotclayton.org scottrader.com securybanks.net smileycons.com soroacaba.us spaceports.com spamusement.com stayandorplay.com tastingsjournal.com thundercloud.net topvaluenow.com totallyamateurs.com trickortranny.com ultraqualityforyou.com unitedemailsystems.com usabusiness1.com utadaexodus.com utopiafootball.com vetomail.com vherb.idv.tw webmasterlose.de webmldlz.com widomaker.com worldjobs.us wz-bbs.com xfhotel.net xfjob.net xfsale.net xfte.net xuevsdes.net yourdomainhere.com youthbuy.net ysmtrucker.com zdrux.com
Jeff C.
On Thu, 12 Aug 2004 00:58:55 -0700, Jeff Chan jeffc@surbl.org wrote:
Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
Here's a summary of matches against the lists, with some overlap:
list count: 130
ws: 77 ob: 54 ab: 2 ph: 4 sc: 0
activismispatriotism.org anwod.com anyxhost.com appleseedsacks.com aramova.com asexstoryforyou.com asianangels.com autumntiger.com b33r.us barnstablepatriot.com bigbigsavings.com bl4h.net cashspiders.info casinovendors.com challengerone.com cherryinc.com chinese960.com cllgeprgamsonlne.biz cmaya.com cn4e.com conception766pi11.us condominiums.tk coolerfix.com courrielleur.com dakotacom.net easysitelaunch.com eletricjoy-bz.com eletricjoy-hm.com emailministry.org findbrooke.com fivecentclicks.com freepornofreeporn.com gaingreenbacks.com gayartworks.org geileheissemaus.com getuni.com golady.com goldnow.st grmushkinsexxx.com healthinsurancesavings.com heightmax.com hottigotti.com humaniststudies.org hunt4stuff.com iasurvey.org indiapakistanpeace.org kehuidao.com kimberlygordon.biz lavahelp.net lenovo2008.com letnaderdebate.org livingmath.net lowratesource.com lvalite.com magicpages.biz manchuriangame.com marketingdealtime.com marketmysite.com maybeyes.biz megacockcravers.com mellamed.com memri.org.il messagizer.de micropoint.biz misshaped982twisty.com monarchhs.com mtnonline.com mxincome.com myebay-secure.net mypharmanex.com nameauditors.com newsenterpriseonline.com nexuswebs.net niceshemale.net numbersusa.com onlneductnprgms.biz onlywantsex.net ourpictures.com outplan.com.br ownsthis.com paidbymouse.com pcdepot.co.il pdgexchanger.com pdginventory.com peoplejudgebush.org peterforflorida.com philosc.com pksnetwork.com plainfunxe.com politicalbrew.com qerhj.com recyclemycell.com rxmedaid.com sandicarismasport.com santosdiablos.com savedarfur.org scotclayton.org scottrader.com securybanks.net smileycons.com soroacaba.us spaceports.com spamusement.com stayandorplay.com tastingsjournal.com thundercloud.net topvaluenow.com totallyamateurs.com trickortranny.com ultraqualityforyou.com unitedemailsystems.com usabusiness1.com utadaexodus.com utopiafootball.com vetomail.com vherb.idv.tw webmasterlose.de webmldlz.com widomaker.com worldjobs.us wz-bbs.com xfhotel.net xfjob.net xfsale.net xfte.net xuevsdes.net yourdomainhere.com youthbuy.net ysmtrucker.com zdrux.com
Hi Jeff,
The following domains were found but not removed as they do not appear to be FP's.
bl4h.net securybanks.net myebay-secure.net
nexuswebs.net was however removed and was an FP.
I have a two-part question:
(1) header parsing issues...
I was reading a web site discussing an implementation of SURBL on the IceWarp web server (using a third party add-on). One person complained that there are too many false positives when submitting IPs and domains found in the header of the e-mail. They felt like ONLY the body of the message should be examined. I see good arguments both ways. For example, parsing the header can catch spam which was originally sent to one place, but then forwarded to another. On the other hand, actual affiliate URLs would only normally occur in the body of the message. Any thoughts or suggestions?
(2) Another Possible FP...
This person was asked to give an example of a message which shouldn't have been blocked and which would have gone through if the header wasn't parsed. They provided an example which had the following line in the header:
Message-ID: 000b01c47f1a$e02f73e0$0200a8c0@MUNGED-callatg.com
The offending domain was MUNGED-callatg.com
Therefore, I must ask, could MUNGED-callatg.com be a FP? The reason I suspect so is because they mentioned that this company is a division of GE. Please check on this.
On Thursday, August 12, 2004, 5:51:43 AM, Rob McEwen wrote:
I have a two-part question:
(1) header parsing issues...
I was reading a web site discussing an implementation of SURBL on the IceWarp web server (using a third party add-on). One person complained that there are too many false positives when submitting IPs and domains found in the header of the e-mail. They felt like ONLY the body of the message should be examined. I see good arguments both ways. For example, parsing the header can catch spam which was originally sent to one place, but then forwarded to another. On the other hand, actual affiliate URLs would only normally occur in the body of the message. Any thoughts or suggestions?
SURBLs should be used on message body URIs, not message headers. Though I can see some of the reasons for wanting to try on headers, they're really meant for URIs. Please do us a favor and let them know that. TIA.
(2) Another Possible FP...
This person was asked to give an example of a message which shouldn't have been blocked and which would have gone through if the header wasn't parsed. They provided an example which had the following line in the header:
Message-ID: 000b01c47f1a$e02f73e0$0200a8c0@MUNGED-callatg.com
The offending domain was MUNGED-callatg.com
Therefore, I must ask, could MUNGED-callatg.com be a FP? The reason I suspect so is because they mentioned that this company is a division of GE. Please check on this.
I've whitelisted:
atgi.net callatg.com advancedtelcom.com
All of which belong to the same legitimate company.
Jeff C.
on Thu, Aug 12, 2004 at 12:58:55AM -0700, Jeff Chan wrote:
...that these were FPs. I suspect otherwise for the following, at least:
Oh, right; this isn't a spammer:
conception766pi11.us
And I suppose neither are these: ait4453pill.us alarming5834pill.us alarming6350pills.us antler8223pills.us armoured6658pill.us astf2571pills.us auger1103pills.us boiler6872pill.us bumble3749pill.us chafe3017pills.us cipher7630pill.us complexity1006pill.us conflict8955pill.us cornstalk8555pill.us dakota323pill.us diatribe3927pill.us disneyland1937pill.us fateful3948pill.us follow7065pill.us fraudulent4567pill.us fugacious2107pill.us genius5748pills.us guano7904pills.us horrid3661pill.us immature4319pills.us lettish3429pill.us limped6950pill.us living5155pill.us outweigh9214pills.us patellas2315pill.us payout4174pills.us phaseout2762pills.us priceless4311pills.us referral9466pill.us sabbaths396pill.us scrawny8814pill.us scuttle5567pills.us seafarers9127pill.us septuagint8949pill.us seraglios121pill.us sewerage5665pills.us silenced221pills.us simpleness128pill.us slowpokes4043pill.us smeltery7284pills.us smock928pill.us smocked5251pill.us sot3669pills.us sprang3978pill.us stillness4372pills.us striptease9199pill.us suborning7098pills.us tangential3858pill.us temazepam2834pill.us unburdened2613pills.us unpainted4643pills.us victimize4839pill.us vizier7547pill.us whosever7825pill.us wicks5749pills.us wimbledon743pill.us worrisome5163pill.us wrigley3912pills.us yapped2284pills.us
Uh-huh. And that's just the output from:
egrep "^[a-z]+[0-9]+" domains|grep \.us|grep pil
There are similar lists for 'tab', 'rx', 'med', 'rned', and this is just the '.us' domains. .biz has 160 'pil' domains alone.
akimbo6968tabs.us anaerobe9918tabs.us apologies4018tabs.us copenhagen1026tabs.us coulisse4359tabs.us deepened4521tabs.us flatfoot8255tabs.us insecure7285tabs.us permanent2811tabs.us pollinator6632tabs.us popliteal9927tabs.us remake9252tabs.us sceptical5237tabs.us senses3444tabs.us shahs6172tabs.us slumbrous754tabs.us tentative1876tabs.us wiggle6767tabs.us withdrawn5155tabs.us workman3166tabs.us
acappela9459rx.us adding8383rx.us alex6346rx.us anapest869rx.us astrolabe9495rx.us beat7063rx.us best8938rx.us bridegroom6963rx.us burying1974rx.us canvas8741rx.us catatonia9112rx.us courtly4086rx.us department5215rx.us exuberance8985rx.us foetus4647rx.us foresaw3895rx.us guillotine416rx.us hardcore3684rx.us magenta4358rx.us matchless3341rx.us megacunt1810rx.us misentry1982rx.us moisten982rx.us olive306rx.us outfox2624rx.us penney5099rx.us reassess837rx.us reel2598rx.us ruin6998rx.us scours6508rx.us sharif7046rx.us sods4562rx.us sprinkler9531rx.us treating849rx.us tunny1567rx.us very9221rx.us
alderman8723meds.us bales5994meds.us boris5251meds.us borrower6275meds.us coolness6579meds.us dehydrated8623meds.us dukedom221meds.us gratuitous4973meds.us hard8589meds.us hectare912meds.us joke1903meds.us matting9896meds.us mimeograph648meds.us odometer3845meds.us oleaginous9337meds.us pompadour8149meds.us prelim7911meds.us puling7796meds.us querela1822meds.us quint997meds.us scrapbook3383meds.us sheik1028meds.us slaphappy7346meds.us sneezed4222meds.us stipulator7250meds.us teenage5800meds.us thinness6484meds.us thrust3047meds.us tmg4933meds.us
Funny thing is, they seem to be the same person, going by the whois records. 330 alone have the contact address admin@gohsadsa.biz, for example.
Blue Rock Dove - hard core spammers:
misshaped982twisty.com
likely phish candidate:
myebay-secure.net
Good morning, all,
On Thu, 12 Aug 2004, Jeff Chan wrote:
Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
I appreciate their taking the time to send these in, and your time to take a look at them. I must admit a _little_ bit of agreement with Steve's position that a few of those look awfully spammy. I'm just as concerned about incoming whitelists that may have incorrect entries as incoming blacklists that may have incorrect entries. I'll do some hand-checking on these here. Is unnamed-ISP willing to provide the messages from which these were taken? Cheers, - Bill
--------------------------------------------------------------------------- Things you Do Not Want To See On IRC: your husband commenting on the S390 port and in the next comment, announcing that he expects a new toy. He tells me the two are unrelated. I do hope so. - Telsa Gwynn, Alan Cox's wife -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
on Thu, Aug 12, 2004 at 10:24:21AM -0400, William Stearns wrote:
Good morning, all,
On Thu, 12 Aug 2004, Jeff Chan wrote:
Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
I appreciate their taking the time to send these in, and your time to take a look at them. I must admit a _little_ bit of agreement with Steve's position that a few of those look awfully spammy. I'm just as concerned about incoming whitelists that may have incorrect entries as incoming blacklists that may have incorrect entries. I'll do some hand-checking on these here. Is unnamed-ISP willing to provide the messages from which these were taken?
As well as the names and addresses of the folks who probably didn't properly whitelist the mailing lists they were found being discussed in? ;)
On Thursday, August 12, 2004, 7:24:21 AM, William Stearns wrote:
On Thu, 12 Aug 2004, Jeff Chan wrote:
Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
I appreciate their taking the time to send these in, and your timeto take a look at them. I must admit a _little_ bit of agreement with Steve's position that a few of those look awfully spammy. I'm just as concerned about incoming whitelists that may have incorrect entries as incoming blacklists that may have incorrect entries. I'll do some hand-checking on these here. Is unnamed-ISP willing to provide the messages from which these were taken?
Thanks for checking since some may possibly be FPs. Some probably aren't.
This was apparently a first pass of some a data collection method and it may be imperfect. I certainly agree with you and Steve about the pill spammer, etc. And David Hooton already commented on some of the phishing hits.
I kind of doubt for privacy reasons that we'll be able to get the original messages. The person I got them from is on this list so perhaps they can let me know off list.
Jeff C.
Good day, all,
On Thu, 12 Aug 2004, Jeff Chan wrote:
On Thursday, August 12, 2004, 7:24:21 AM, William Stearns wrote:
On Thu, 12 Aug 2004, Jeff Chan wrote:
Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
I appreciate their taking the time to send these in, and your timeto take a look at them. I must admit a _little_ bit of agreement with Steve's position that a few of those look awfully spammy. I'm just as concerned about incoming whitelists that may have incorrect entries as incoming blacklists that may have incorrect entries. I'll do some hand-checking on these here. Is unnamed-ISP willing to provide the messages from which these were taken?
Thanks for checking since some may possibly be FPs. Some probably aren't.
This was apparently a first pass of some a data collection method and it may be imperfect. I certainly agree with you and Steve about the pill spammer, etc. And David Hooton already commented on some of the phishing hits.
I kind of doubt for privacy reasons that we'll be able to get the original messages. The person I got them from is on this list so perhaps they can let me know off list.
Then I might put a general request to that individual. Can you think of a way to provide some support to the entries you've submitted? We're in a bind here because we truly want to remove FP's. And again, we really _do_ appreciate your taking the time to help out. Cheers, - Bill
--------------------------------------------------------------------------- "Absence of evidence is not evidence of absence." -- SETI, the Search for Extra-Terrestrial Intelligence -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
On Thursday, August 12, 2004, 8:09:21 AM, William Stearns wrote:
On Thu, 12 Aug 2004, Jeff Chan wrote:
Thanks for checking since some may possibly be FPs. Some probably aren't.
This was apparently a first pass of some a data collection method and it may be imperfect. I certainly agree with you and Steve about the pill spammer, etc. And David Hooton already commented on some of the phishing hits.
I kind of doubt for privacy reasons that we'll be able to get the original messages. The person I got them from is on this list so perhaps they can let me know off list.
Then I might put a general request to that individual. Can youthink of a way to provide some support to the entries you've submitted? We're in a bind here because we truly want to remove FP's. And again, we really _do_ appreciate your taking the time to help out.
Thanks everyone for checking these.
I heard back from the source and they won't be able to provide the original messages, for privacy reasons as we thought might be the case.
They may try to correlate these possible whitelist entries against honeypots, etc.
The phishers may have been due to: meta discussion about phishers, spammers deliberately unjunking their phishing messages, a successfully confusing fraud, data or processing errors, etc.
I hope this has been somewhat educational for everyone and that we caught some legitimate FPs. We'll try to get some better qualified entries from them next time.
Jeff C.
On Thu, 12 Aug 2004, Jeff Chan wrote:
Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
b33r.us
Ebay phishing site. IMHO, the person that asked to whitelist this needs to check their credit report, and soon.
barnstablepatriot.com
Appears to be legit newspaper, whitelisted.
cherryinc.com
www.cherryinc.com has a typical spammer page - just the name of the domain in the body.
conception766pi11.us
I _do_ grant you that people may purchase things from spammers, and therefore have a legitimate business relationship with them, but pi11.us is a name type used by a particular spammer over and over again.
eletricjoy-bz.com eletricjoy-hm.com
"We'll send you lots of offers!" sites.
fivecentclicks.com
"We'll pay you to read our advertising email!"
healthinsurancesavings.com
"Fill out our form and we'll send you insurance quotes"
lowratesource.com
Mortgage quotes.
OK, that's just A-L.
I'm all for removing FP's from the lists. But I'm concerned about domains like the above (except for barnstablepartriot) where the domains are spam domains, but one person actually corresponds with them. Of course _somebody_ is buying from these domains, or the spammers would give up and go home. I tend to lean towards _not_ removing the above and ones like them. Other opinions? Cheers, - Bill
--------------------------------------------------------------------------- "Unix _is_ user friendly. It's just very selective about who its friends are. And sometimes even best friends have fights." -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
"William Stearns" wstearns@pobox.com
www.cherryinc.com has a typical spammer page - just the name of the domain in the body.
I received a spam for this just now. It was sent from 218.86.121.234 with a HELO string of mail.cherryinc.com, which DNS resolves to... 218.86.121.234 (surprize, surprize!)
Joe
Here is a list of 130 domains that come from messages have been manually marked as "not spam" at a large but deliberately unnamed mail provider. We may want to consider whitelisting these.
Hi Jeff,
the following are on my blacklist:
anyxhost.com geileheissemaus.com golady.com goldnow.st grmushkinsexxx.com lenovo2008.com magicpages.biz megacockcravers.com mellamed.com messagizer.de mtnonline.com mypharmanex.com onlywantsex.net pdgexchanger.com pdginventory.com recyclemycell.com totallyamateurs.com trickortranny.com vetomail.com webmasterlose.de xuevsdes.net ysmtrucker.com
I manually rechecked every one of them in detail. Here are the results:
anyxhost.com: Not sure about this one. Spamvertized URL http://www.top-10-search-engine-ranking.anyxhost.MUNGEcom in spam received on May 9, 2004. This spamvertized subdomain ist still active today. anyxhost.com was only 3 weeks old at the time of the spam.
geileheissemaus.com: German porn site; URL http://geileheissemaus.MUNGEcom/?ref=AX965759486 received in spam on July 30,2004. Originating IP=217.173.157.165, which is the IP of geileheissemaus.com. This definitely is spam.
golady.com: URL http://rds.yahoo.com/*-http://www.yahoo.com.golady.MUNGEcom/rd/b.html received in pill spam ("If you are forking out loads for your pills these people can help") on Feb 29, 2004.
goldnow.st URL http://www.goldnow.MUNGEst advertized in spam on March 23, 2004, offering anonymous credit cards; spam listed various phone numbers of the company that also appear on their website. This would have to be a Joe job for them to be innocent, but a .st domain is anything but confidence inspiring.
grmushkinsexxx.com Porn site; URL http://www.grmushkinsexxx.MUNGEcom/index.html advertised in spam with explicit pictures on July 27, 2004.
lenovo2008.com Spamvertised URL http://www.51mymail.MUNGEcom/projects/tracker.jsp?o=1151&;u=39242396&s=1&e= 2&d=1&r=http://www.lenovo2008.MUNGEcom/edm/1.html which opens http://www.lenovo2008.MUNGEcom/edm/1.html in Chinese language spam received on July 29, 2004.
magicpages.biz Google spamming service site; Spamvertized URL http://www.magicpages.MUNGEbiz/ in spam received on July 26, 2004.
megacockcravers.com: Porn site; Spamvertized URL http://www.megacockcravers.MUNGEcom/main.htm?id=9142120 in spam received on May 12, 2004.
mellamed.com 419 scam from barukh@mellamed.com received on August 8, 2004. The website is not functionional (i.e. incomplete Apache setup). mellamed.com was registered only four days earlier and is hosted by a company in -out of all places- Lagos, Nigeria that has hosted at least two other 419 scam sites before.
messagizer.de Spam from host "news.messagizer.de" received here on February 25, 2004 at an unused address harvested off my website. A google news groups search for "messagizer.de *abuse*" finds many threads.
mtnonline.com: Spamvertised URL: <www.mtnonline.MUNGEcom> in spam from Nigeria (adekunleadekoya@sirltech.com) selling ringing tones for mobile phones, received on July 15, 2004.
mypharmanex.com: Spamvertized URL http://gaylemarie.mypharmanex.MUNGEcom/ in spam received on May 15, 2004. Gayle Marie may only be a spamming affiliate. However, her subdomain still works three months later. Maybe nobody reported her spam?
onlywantsex.net Porn site, Curacao, Netherlands Antilles; Spamvertized URL http://OnlyWantSex.MUNGEnet/enter.asp?src=786 received in spam on May 4, 2004.
pdgexchanger.com: Sender domain of spam received on August 6, 2004. Domain registered with Joker.com five days earlier, on August 1, 2004. http://www.pdgexchanger.MUNGEcom/ gives only a blank webpage.The URL advertised was Http://pde.spedis.MUNGEinfo/wpfrnd/. The MID domain was <pdgproclaimer.com>.
The Name server is PDGBLURB.COM which was also only registered on August 1. This name server was used by spams using the following domains on these dates: pdgexchanger.com;2004-08-06 pdgbroadcast.com;2004-08-09 pdginventory.com;2004-08-09 pdgcampaigner.com;2004-08-11
pdginventory.com: Sender domain of spam received on August 9, 2004. Domain registered with Joker.com five days earlier, on August 1, 2004. http://www.pdginventory.MUNGEcom/ gives only a blank webpage.The URL advertised was Http://cmhr.spedis.MUNGEinfo/wpfrnd/. The MID domain was <pdgpitch.com>. The Name server is PDGBLURB.COM again.
recyclemycell.com: Spam received on July 26, 2004 from "Recycle My Cell.com" advertise@recyclemycell.MUNGEcom.
totallyamateurs.com: Spamvertized URL http://www.totallyamateurs.MUNGEcom/ft=pimp1946 in "SEXUALLY-EXPLICIT:" spam received on May 26, 2004.
trickortranny.com: Japanese porn video site; Spamvertized URL http://www.trickortranny.MUNGEcom/1261379920 in spam received on January 19, 2004.
vetomail.com: A challenge & response spam filter. A link to this site was included in an adult site spam received on February 15, 2004. Hmmm... A spam filter recommended by spammers?
That alone wouldn't have done it, but at the time the name server for vetomail.com appears to have been blacklisted by spamhaus (it no longer is) and I had seen some pages accusing vetomail of spamming or other unethical behaviour.
webmasterlose.de Spamvertized URL http://www.webmasterlose.de/paid-ad-mail.php?id=8&user=1698 in spam (From: "Webmasterlose (Paidmail)" Info@webmasterlose.MUNGEde) received February 12, 2004.
xuevsdes.net: Spamvertised URL http://www.xuevsdes.MUNGEnet/s50.htm?NqchCxweJvhRgvjfIuJ in Cyrillic code page porn spam received on July 28, 2004. The links in that spam no longer work.
ysmtrucker.com: See pdgexchanger.com / pdginventory.com. This seems to be the same spammer. ysmtrucker.com was the sender domain in a spam received on August 3, 2004. The domain of its name server, ysmbroadcaster.com, was registered with Joker.com on August 1, same as PDGBLURB.COM. Spamvertized URL: www.gqh.kredis.MUNGEinfo/wpfrnd/?zhc>, domain registered by the same person as spedis.info...
Bottom line:
The following domains may be innocent. I'll remove them here.
vetomail.com anyxhost.com webmasterlose.de mypharmanex.com
But the following should stay on there:
geileheissemaus.com golady.com goldnow.st grmushkinsexxx.com lenovo2008.com magicpages.biz megacockcravers.com mellamed.com messagizer.de mtnonline.com mypharmanex.com onlywantsex.net pdgexchanger.com pdginventory.com recyclemycell.com totallyamateurs.com trickortranny.com xuevsdes.net ysmtrucker.com
Joe
Hi Jeff,
the following are on my blacklist:
anyxhost.com geileheissemaus.com golady.com goldnow.st grmushkinsexxx.com lenovo2008.com magicpages.biz megacockcravers.com mellamed.com messagizer.de mtnonline.com mypharmanex.com onlywantsex.net pdgexchanger.com pdginventory.com recyclemycell.com totallyamateurs.com trickortranny.com vetomail.com webmasterlose.de xuevsdes.net ysmtrucker.com
Which means the following must be from other people's lists:
activismispatriotism.org anwod.com appleseedsacks.com aramova.com asexstoryforyou.com asianangels.com autumntiger.com b33r.us barnstablepatriot.com bigbigsavings.com bl4h.net cashspiders.info casinovendors.com challengerone.com cherryinc.com chinese960.com cllgeprgamsonlne.biz cmaya.com cn4e.com conception766pi11.us condominiums.tk coolerfix.com courrielleur.com dakotacom.net easysitelaunch.com eletricjoy-bz.com eletricjoy-hm.com emailministry.org findbrooke.com fivecentclicks.com freepornofreeporn.com gaingreenbacks.com gayartworks.org getuni.com healthinsurancesavings.com heightmax.com hottigotti.com humaniststudies.org hunt4stuff.com iasurvey.org indiapakistanpeace.org kehuidao.com kimberlygordon.biz lavahelp.net letnaderdebate.org livingmath.net lowratesource.com lvalite.com manchuriangame.com marketingdealtime.com marketmysite.com maybeyes.biz memri.org.il micropoint.biz misshaped982twisty.com monarchhs.com mxincome.com myebay-secure.net nameauditors.com newsenterpriseonline.com nexuswebs.net niceshemale.net numbersusa.com onlneductnprgms.biz ourpictures.com outplan.com.br ownsthis.com paidbymouse.com pcdepot.co.il peoplejudgebush.org peterforflorida.com philosc.com pksnetwork.com plainfunxe.com politicalbrew.com qerhj.com rxmedaid.com sandicarismasport.com santosdiablos.com savedarfur.org scotclayton.org scottrader.com securybanks.net smileycons.com soroacaba.us spaceports.com spamusement.com stayandorplay.com tastingsjournal.com thundercloud.net topvaluenow.com ultraqualityforyou.com unitedemailsystems.com usabusiness1.com utadaexodus.com utopiafootball.com vherb.idv.tw webmldlz.com widomaker.com worldjobs.us wz-bbs.com xfhotel.net xfjob.net xfsale.net xfte.net yourdomainhere.com youthbuy.net zdrux.com
Joe
-
David Hooton -
Jeff Chan -
Joe Wein -
Rob McEwen -
Steven Champeon -
William Stearns