[SURBL-Discuss] Possible large whitelist from DMOZ data
Joe Wein
joewein at pobox.com
Thu Oct 7 10:14:48 CEST 2004
Jeff wrote:
> A couple points:
>
> 1. We haven't whitelisted any of these yet.
>
> 2. We need to bias against listing. I don't dispute that some
> of these do send some spams. The question remains, as ever,
> whether any have legitimate (non-spam) uses. Those that do
> probably should not be listed.
>
> 3. It is possible that some true spammers got into DMOZ, but
> most probably aren't.
Here's an update on the state of my checking:
[SP] = spammer
[UC] = spammy, but not for SURBL
[FP] = false positive
[TBD] = to be determined
1800patches.com [SP]
- created in 1999
- 210 NANAS sightings
- Spamhaus SBL15666
- listed in [WS]
- received in spamfeed on 2004-09-21
adultlounge.com [FP?]
- created in 1997
- no NANAS listings
- NS blacklisted, SBL10966
- advertised in mail received in spamfeed on 2004-10-07 (nopostal address,
sent from adtmarket.com domain)
adultloveline.com: [FP?]
- created in 2002
- 11 NANAS listings, most from 2002 and 2003
- listed on [WS]
- spam sent to a spamtrap, advertising someone's entry on the site
- sent via http://list.freemailpass.com
allofem.com [FP]
- created 2000
- NS blacklisted (conpuppy.com)
- listed on [WS]
- found in spamfeed on 2004-09-28 but may have been valid subscription by
recipient
ancientacu.com [FP?]
- created in 2002
- no NANAS listings
- NS listed in open relay database
- spam received on 2004-05-14 at German mailbox, from China, fake Hotmail
sender
- also spammed some mailing lists
- may have legitimate uses
bet-at-home.com [FP?]
- sportsbetting site, created 1999
- 58 NANAS listings, most recent 2003-12
- mail received 2004-07-05, probably afiliate spam
christineyoung.com [FP?]
- domain created 2001
- no NANAS reports
- NS blacklisted SBL17961
- mail sent by sex4nothing.net to friend's mailbox on 2004-08-07 who
forwarded it
- mail claimed subscription but used many anti-filter techniques
- domain mentioned only as URL within URL
coid.biz [FP]
- Indonesian portal and webmail site, created 2003
- no NANAS
- NS not blacklisted
- listed by [WS]
- abused as fake sender in pill spam on 2004-04-04
coins-and-banknotes.com [FP?]
- Norwegian coin site, spam sent to a Norwegian mailbox,
recipient has no interest in coins whatsoever
diademtravel.com [SP]
- see smyrnagroup.net
digienjoy.com [FP, block locally?]
- Taiwanese video conferencing product, created in 2002
- 2 NANAS postings
- mail received on 2004-09-16, very similar to the NANAS spamtrap posting
- looks like a legitimate company that sometimes spams
ebonyexclusive.com [TBD]
- adult site, created 2001
- no NANAS sightings
- NS blacklisted SBL18947
- listed on [WS]
- advertised in mail from spamfeed on 2004-09-23 sent by adtmarket.com
- no postal address in mail, but image with feedback code
evidence-eliminator.com [SP]
- created 1999, spamming since at least 2000
- 340 NANAS sightings
- NS and MX blacklisted SBL10095
- spam received 2003-05-28
fantasy-mail.com [TBD]
- adult site, created in 1999
- 228 NANAS sightings
- NS and site blacklisted
- banner ad in mail in spam feed on 2004-08-30
- the fantasy-mail.com list itself seems confirmed opt-in.
fattyfarm.com [TBD]
flashcash.com [TBD]
greenguyandjim.com: [FP, removed]
- appeared as sender domain for a refinance spam for finalsavings.com
- went unnoticed because it's hosted by national.net (spammy porn-hoster),
therefore NS are listed on Spamhaus, and only 4 months old
incomebuddy.com [TBD]
jackpot.com: [TBD]
kaplancollege.edu: [UC]
- 31 NANAS sightings
- SBL17199
- persistent spams over extended period
- no response to attempts to contact
knorad.com [TBD]
lasseters.com.au [TBD]
lovercash.com [TBD]
manevent.de: [FP]
- sex contact mail to spamtrap included link to manevent.de (sex party
site)
- no NANAS, no SBL, site seems to have legitimate uses
medchoicelabs.com [TBD]
moneytrend.at [TBD]
movieerotica.com [TBD]
mymailgenie.com [TBD]
online-dictionary.biz [TBD]
pcbugdoctor.com [TBD]
pibcash.com [TBD]
platinumbucks.com: [SP]
- Spamhaus SBL7867 [marketingx.com/platinumbucks.com]
- 123 NANAS sightings
- listed on SORBS
- spam on 2004-03-10 advertising whitepussyblackcocks.com
used image hosted at pb
- domain created 1999 but hosted by national.net
- claim "zero-tolerance for spamming" by afiliates
pornindustryjobs.com: [SP]
- 23 NANAS
- the domains appears to have been suspended for spamming on or before
2004-09-12 and is not currently active.
realage.com [TBD]
realtimevideos.com [TBD]
robotreply.com [TBD]
silvercash.com [TBD]
smyrnagroup.net: [SP]
- notorious spammer from Turkey (travel agency)
- persistent usenet and email spams in .de/.ch
- can be blocked by email address, as they only use a few sender email
addresses.
thebingoaffiliates.com [TBD]
tiptopjob.com [SP]
- job search site created in 2000
- received bulkmail from marketing at tiptopjob.com, 2004-05-12
- many samba.org, debian.org, kde.org mailinglists got same spam in May/June
- blacklisted on WS
- google finds tons of directory-type hits, but little else (search engine
spamming?)
- NS has SBL for another domain
- no NANAS listings
- outgoing mailserver not blacklisted anywhere
tomsnewbiebooster.com [TBD]
tripod.com.ar [FP, removed]
- Oops!
tvujdum.cz [UC]:
- sent spam on 2004-02-16 advertizing "deinwohnen.de"
- same spam received by many German users
- no response when contacted
- probably no hardcore spammer
umtscom.org [SP]
- WAP Advertising Ltd.
- registered in 2000
- spam sent 2004-02-18 to addr probably harvested off web
vicp.net [TBD]
virtuagirl2.com [TBD]
visaforyou.com [TBD]
vistaprint.com: [SP]
- 130 NANAS sightings
- Spamhaus SBL14856
webspace4free.biz [TBD]
webway.at [FP, add to local blacklist]
- coin collector magazine
- unsolicited subsription of an unused mail account on 2004-09-24
- appears to have legitimate use
wujidomartialarts.com [SP]
- created 2003
- no NANAS
- NS not blacklisted
- listed on [WS]
- spam sent directly to Raymond's personal address (from=info at wujido.com)
from a SWBell DSL account, advertising this domain
xboxchips.com [SP]
- created in 2003
- 2 NANAS sightings (direct to MX from a DSL account in Cyprus)
- spam received on 2004-02-21, same spam run as NANAS, same source
- domain no longer live
yesmoke.ch: [UC, but blacklisting locally]
- Mail order tobacco store, advertised in spam sent to a dormant personal
mailbox on 2004-05-26.
- they have an MLM afiliate program, it probably was afiliate spam
Joe
More information about the Discuss
mailing list