[SURBL-Discuss] Trying to Figure Something Out

[Neil Schwartzman]

FWIW, i see some chatter on an anti-spam discussion list dating back to March 2013 (happy anniversary) making note of the /24 surrounding these IPs as being highly questionable:

185.18.33.78.in-addr.arpa mailer1.ibwmail.com <http://mailer1.ibwmail.com/>.
186.18.33.78.in-addr.arpa mailer2.ibwmail.com <http://mailer2.ibwmail.com/>.
187.18.33.78.in-addr.arpa mailer5.thetradingfloor.co.uk <http://mailer5.thetradingfloor.co.uk/>.
188.18.33.78.in-addr.arpa mailer4.ibwmail.com <http://mailer4.ibwmail.com/>.

n


> On Mar 10, 2015, at 11:50, Anne P. Mitchell, Esq. <amitchell at isipp.com> wrote:
> 
> The domain that is listed is ibwmail.com <http://ibwmail.com/>;  the problem that we are having is that there is no website at all on that domain, nor can we find any spam - anywhere - mentioning the domain.  The only clue that we can find is that there is a gambling site that is using the domain as their MX (now, you may be saying that this is a big clue - but given that this is a domain listing, not an IP/MX listing - the two taken together don't add up, and that  makes the delisting request process difficult because, for example, there is no message containing the (non-existent) website to include as required in a SURBL delisting request).
> 
> This is a sender who is trying to reform their customers' practices, their space, etc... but it's awfully hard to whack anybody with a clue-by-four ("Bad sender!  Bad, bad, bad!") when we can't find the puddle they stepped in (to torture a metaphor).