[SURBL-Discuss] Numerous FPs

Joe Wein joewein at pobox.com
Mon Sep 6 04:17:05 CEST 2004


Raymond wrote:
> Some are also found in Joe's list, Joe can you have
> a look what triggered them? Postsnet is a little tricky,
> they seem a little 'grey' ... the rest i could not find much
> references to.

Three of those appear on my my list:


1) mardox.com

The spammed me on August 13, 2004 using a bulk mailer program. The email
said that a URL in one of my sites had been submitted for their search
engines, but that the IP of the submitting machine was unavailable: "Unknown
IP. User had used an automated software for url submission". That
explanation didn't make any sense to me and smelled very fishy.

According to Google, similar messages went to lots of other people, see

http://nlug.org/mail/nlugsc/nlugsc__2004_06/0013.html
http://lists.cwrl.utexas.edu:81/read/messages?id=2906
http://juul-punt.com/index.php?itemid=4906

for instance. Looks more like they created their own submissions by
harvesting addresses off websites and then spamming the site owners.

If they do have legitimate uses however, I guess I'll just locally block the
sender address (request at global-submit.com) and whitelist the domain.


2) postsnet.com

Received spam on May 12, 2004 from mail server mta9br.postsnet.com. The
domain was only 8 months old. There are 39 NANAS sightings. In it went...


3) worldhealth.net

On April 14 I received a bulk-mailed email from one of these guys, inviting
me to a conference. He obviously had used an address harvester, because the
subject of the site he contacted me about is only only marginally related to
what their group is about. I ignored the mail.

On April 27, 2004 I started receiving a newsletter from them that I'd never
subscribed to.

A Google search for the domain name and "spam" finds another page quoting
from a newsletter by these guys that includes this passage:

  "To be removed from this list just follow the instructions at the
  end of this newsletter. All addresses are double opt in. If you
  did not sign up for this newsletter, perhaps someone did in
  your name, we apologize. THIS IS NOT SPAM!"

Interesting, if this "double opt in", how can someone else subscribe in your
name? As to "THIS IS NOT SPAM!", we know what that usually means...

Anyway, inquiries in June as to why I ended up on their recipient list went
unanswered and so I decided to list them.

Maybe this is another grey case. They've been around since 1995 and claim to
have thousands of members. I'll remove the domain and locally block the
sender address.

Joe
-- 
http://www.joewein.de/sw/spam.htm



More information about the Discuss mailing list