# RETIRED SPAMMERS LIST # # These are spammers that have disappeared/quit spamming for some # reason. Some have renounced spamming; others have not. In any # event, they don't appear to be spamming any more, but I am keeping # their recipes around for reference. # 0ffshorepharm (0ffshorepharm.com) # # Last reported spam: 3/03/05 # Data files last updated: 5/19/05 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL20235 # # Status: Unknown # TESTNAME='0ffshorepharm' TESTDOMAINS=${SBDIR}/retired/0ffshorepharm-domains.txt TESTCIDR=${SBDIR}/retired/0ffshorepharm-ips.cidr TESTPATTERNS=${SBDIR}/retired/0ffshorepharm-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050303 TESTUPDATED=20050519 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # 1UpAutomated # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 2/08/04: # "3MinuteMiracle.org" spammers, have worked with Damon DeCrecenzo # and other ROKSO-listed spammers. They convince foolish small-time # operators to spam for them, but their product is an aggressive # pyramid scheme and their advertising method is outright spamming. # Anti-spammer Bill Carton did quite a job researching these idiots, # results can be found at: # # http://www.theclubbuiltonspam.com/1upautomated.html # # Status: Unknown # TESTNAME='1UpAutomated' TESTDOMAINS=${SBDIR}/retired/1upautomated-domains.txt TESTCIDR=${SBDIR}/retired/1upautomated-ips.cidr TESTPATTERNS=${SBDIR}/retired/1upautomated-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # AdProSolutions/HiSpeedMedia # # Last reported spam: 8/25/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # 11/02/02: # Just discovered that AdProSolutions and HiSpeedMedia # are the same spammers. They have the same modus operandi; # they go through a rapid cycle of new domain names and IP # addresses, many of them on Exodus, which appears to have # no working AUP/TOS enforcement now. So this recipe is # aggressive, and assumes that the infested netblocks are # used by AdProSolutions and no one else. # # 11/11/02: # Exodus has moved APS to a new netblock, they are using # a new pattern of domains too. # # 11/19/02: # Yet another new netblock, and several new domains of a new # pattern. :/ # # 11/21/02: # Dug up a bunch more netblocks and domains for these folks, # added them. # # 12/04/02: # More domains, new netblocks. # # 2/18/03: # A WHOLE BUNCH more domains and netblocks, of course. # # 8/15/03: # Updated, in the process of working on SpamBouncer 2.0. HSM # is reportedly spamming via proxies these days, which I # believe, since the direct hits have fallen off. # # 1/29/04: # Still out there, still spamming, but not the floods they # were last summer. I think they got so blocked they # couldnt. # # 1/30/04: # Spam seen from Integratix referencing a haven domain hosted # in Hi-Speed Media netspace. Interesting.... # # 6/17/04: # Hi-Speed seems to have gotten out of the business of sending # spam, and into the business of hosting spam haven domains. # Thats just as spammy, of course.... # # Status: Probably Morphed to Vendare/JumpStart/etc. :/ # TESTNAME='Hi-Speed Media' TESTDOMAINS=${SBDIR}/reired/hispeed-domains.txt TESTCIDR=${SBDIR}/retired/hispeed-ips.cidr TESTPATTERNS=${SBDIR}/retired/hispeed-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050808 TESTUPDATED=20050825 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # AdultFreely.com # # Last reported spam: 12/01/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL16827 # # Status: Unknown # TESTNAME='AdultFreely' TESTDOMAINS=${SBDIR}/retired/adultfreely-domains.txt TESTCIDR=${SBDIR}/retired/adultfreely-ips.cidr TESTPATTERNS=${SBDIR}/retired/adultfreely-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Ambrose, Gary (cashfromhome.com) # # Last reported spam: 1/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 6/18/99: Hullaballoo in news.admin.net-abuse.email over Ambroses # abuse of Aureate Group Mail to send spam. :( # # 7/12/99: At home at Covesoft. Figures. :( (Covesoft is another # long-term net abuser.) # # 5/22/00: Now peddling spamware via wahju.com and stas.net. :/ # # 6/10/00: Reportedly spamming for various other spamhouses via # throwaway accounts, etc. This filter only catches spam referring # to his own sites. Hes responsible for plenty more. # # 5/02/02: Apparent reappearance as sendco.com/ultimatebizsource.com # # 11/02/02: Has his own IP block with Hi-Speed Hosting, the # company behind the AdProSolutions/HiSpeedMedia spammers. :/ # # 1/30/04: *Still* spamming as ultimatebizsource.(biz|com). # # Status: Unknown # TESTNAME='Gary Ambrose' TESTDOMAINS=${SBDIR}/retired/ambrose-domains.txt TESTCIDR=${SBDIR}/retired/ambrose-ips.cidr TESTPATTERNS=${SBDIR}/retired/ambrose-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Amend, Andrew (U.S. Health Laboratories) # # Last reported spam: 1/17/05 # Data files last updated: 6/19/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Andrew%20Amend%20/%20US%20Health%20Laboratories # # Status: Unknown # TESTNAME='Andrew Amend' TESTDOMAINS=${SBDIR}/retired/andrewamend-domains.txt TESTCIDR=${SBDIR}/retired/andrewamend-ips.cidr TESTPATTERNS=${SBDIR}/retired/andrewamend-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050117 TESTUPDATED=20050619 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # AmeriLink # # Last reported spam: 3/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='AmeriLink' TESTDOMAINS=${SBDIR}/retired/amerilink-domains.txt TESTCIDR=${SBDIR}/retired/amerilink-ips.cidr TESTPATTERNS=${SBDIR}/retired/amerilink-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # artprice.com # # Last reported spam: 1/06/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 8/05/03: # For what should be a small-time company, these guys are # really persistent spammers, spamming even the autoresponder # at a non-profit domain I run. # # 10/06/03: # Not small-time anymore, at least when it comes to spamming. # Sending multiple spams a *day* to each address. :( # # 6/30/04: # After a considerable time spewing away, this spammer seems to # have dropped from the radar.... Keeping an eye out for # reappearances under other names. # # Status: Unknown # TESTNAME='ArtPrice' TESTDOMAINS=${SBDIR}/retired/artprice-domains.txt TESTCIDR=${SBDIR}/retired/artprice-ips.cidr TESTPATTERNS=${SBDIR}/retired/artprice-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Atherton, Jon # # Last reported spam: 2/23/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Jon%20Atherton%20/%20Supabill # # Status: Unknown # TESTNAME='Jon Atherton' TESTDOMAINS=${SBDIR}/retired/atherton-domains.txt TESTCIDR=${SBDIR}/retired/atherton-ips.cidr TESTPATTERNS=${SBDIR}/retired/atherton-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Auman, Drew (thebulkclub.com) # # Last reported spam: 7/12/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Drew%20Auman%20/%20thebulkclub.com # # Status: Unknown # TESTNAME='Drew Auman' TESTDOMAINS=${SBDIR}/retired/drewauman-domains.txt TESTCIDR=${SBDIR}/retired/drewauman-ips.cidr TESTPATTERNS=${SBDIR}/retired/drewauman-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Australian Porn Mafia # # Last reported spam: 8/24/05 # Data files last updated: 8/19/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Australian%20Porn%20Mafia # # Status: Unknown # TESTNAME='Australian Porn Mafia' TESTDOMAINS=${SBDIR}/retired/australianpornmafia-domains.txt TESTCIDR=${SBDIR}/retired/australianpornmafia-ips.cidr TESTPATTERNS=${SBDIR}/retired/australianpornmafia-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050824 TESTUPDATED=20050819 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Avary, Philippine # # Last reported spam: 4/17/05 # Data files last updated: 6/22/05 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL17957 # # Status: Unknown # TESTNAME='Philippine Avary' TESTDOMAINS=${SBDIR}/retired/avary-domains.txt TESTCIDR=${SBDIR}/retired/avary-ips.cidr TESTPATTERNS=${SBDIR}/retired/avary-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050417 TESTUPDATED=20050622 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Baer, Joshua # # Last reported spam: 8/07/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Joshua%20Baer # # 11/08/02: # Another fine RackSpace spammer, this one also multihomed with Sprint. :/ # # 12/20/03: # Gone from Rackspace, has shown up in a whole /18 at Texas.net. :/ # # 1/30/04: # Spam seen that teams up Baer with Wholesale Bandwidth. Stock spam. # # 6/30/04: # Despite making noises about going legitimate, Baer is spewing away # as much as he always has. # # 6/19/05: # Have seen nothing from Baer for months; maybe he finally is walking # the talk. # # 7/20/05: # I hadn't see anything from Baer since the first couple of weeks # this year until I got an email a week ago to a spamtrap. I # reported it to SpamHaus, which cc'd me on their correspondence # with Baer. He nuked the customer based on a report that # contained only the IP and relevant Received header; he didn't # get the email address that was hit and didn't request it. # The response couldn't have looked more whitehat if it had # been Rodney Joffe. # # A few days ago SpamHaus quietly dropped Baer from the ROKSO # list per their new(ish) policy of expiring listings # after six months of no activity. A fellow antispammer # yesterday expressed the opinion that, while Baer was not # essentially reformed, he was running a cleaner operation # than a lot of ESPs do, even ESPs that aren't normally # considered spammers. # # Since he's still in the bulk email business, he has to wait a # year to get out of the SpamBouncer, but with him (unlike with # Richter), I have some real hope that he has quit spamming. # # # Status: Unknown # TESTNAME='Joshua Baer' TESTDOMAINS=${SBDIR}/retired/baer-domains.txt TESTCIDR=${SBDIR}/retired/baer-ips.cidr TESTPATTERNS=${SBDIR}/retired/baer-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050807 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Banks, Tony # # Last reported spam: 5/20/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Anthony%20Tony%20M.%20Banks # # Status: Unknown # TESTNAME='Tony Banks' TESTDOMAINS=${SBDIR}/retired/tonybanks-domains.txt TESTCIDR=${SBDIR}/retired/tonybanks-ips.cidr TESTPATTERNS=${SBDIR}/retired/tonybanks-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Battles, Brendan (IMG Online/World-Services) # # Last reported spam: 5/10/05 # Data files last updated: 6/19/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Brendan%20Battles%20/%20IMG%20Online%20/%20World-Services # # Status: Active Spammer # TESTNAME='Brendan Battles' TESTDOMAINS=${SBDIR}/retired/battles-domains.txt TESTCIDR=${SBDIR}/retired/battles-ips.cidr TESTPATTERNS=${SBDIR}/retired/battles-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050510 TESTUPDATED=20050619 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Bell, John # # Last reported spam: 3/03/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # Status: Active Spammer # TESTNAME='John Bell' TESTDOMAINS=${SBDIR}/retired/johnbell-domains.txt TESTCIDR=${SBDIR}/retired/johnbell-ips.cidr TESTPATTERNS=${SBDIR}/retired/johnbell-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050303 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Frank Bernal/Steve Hardigree (IMG Direct) # # Last reported spam: 5/31/04 # Data files last updated: 8/07/05 # # Other Relevant Info: # # 4/15/02: # *DEFINITELY* opt-out spammers. :( # # 11/15/02: # According to a system administrator at Opt In Inc., they at # one time managed a database for OneStopData, but are not the # same company. They no longer occupy the same netblocks, and # appear to be operating as separate companies as well. # So Ive separated their complaint recipes and # am treating them as separate companies. # # 12/11/02: # Spamming from new netblock at avhcomm.net. # # 1/30/04: # Spamming as IMG Direct these days. # # Status: Active Spammer # TESTNAME='Bernal/Hardigree' TESTDOMAINS=${SBDIR}/retired/bernal-domains.txt TESTCIDR=${SBDIR}/retired/bernal-ips.cidr TESTPATTERNS=${SBDIR}/retired/bernal-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20040531 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Borzilleri, James (Torpedomail) # # Last reported spam: 10/23/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=James%20Borzilleri%20-%20Torpedomail # # Status: Unknown # TESTNAME='James Borzilleri' TESTDOMAINS=${SBDIR}/retired/borzilleri-domains.txt TESTCIDR=${SBDIR}/retired/borzilleri-ips.cidr TESTPATTERNS=${SBDIR}/retired/borzilleri-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Brown, Chris # # Last reported spam: 3/03/05 # Data files last updated: 7/20/04 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Chris%20Brown # # Status: Unknown # TESTNAME='Chris Brown' TESTDOMAINS=${SBDIR}/retired/chrisbrown-domains.txt TESTCIDR=${SBDIR}/retired/chrisbrown-ips.cidr TESTPATTERNS=${SBDIR}/retired/chrisbrown-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050303 TESTUPDATED=20040720 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Brunenieks, Elmar # # Last reported spam: 3/02/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Elmar%20Brunenieks # # 6/19/05: # Reported dead, per SpamHaus, but no substantiation and # SpamHaus clearly does not believe it. However, have seen # nothing from this once rabidly prolific spammer since # March. (Okay, nine months *after* his reported death, # but whos counting?) # # Status: Unknown # TESTNAME='Elmar Brunenieks' TESTDOMAINS=${SBDIR}/retired/brunenieks-domains.txt TESTCIDR=${SBDIR}/retired/brunenieks-ips.cidr TESTPATTERNS=${SBDIR}/retired/brunenieks-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050302 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # BSB Publishing Co./"BRP Group" # # Last reported spam: 4/14/05 # Data files last updated: 3/29/04 # # Other Relevant Info: # # 4/12/98: # Extremely prolific Chicago-area spammer who targets books # to a black male audience claiming to help them deal with # black women. :/ Has recently expanded into offering spamming # mailing lists of black people. (The lists arent very # accurate -- Im on them and I am both female and white.) :> # Extremely persistent and obnoxious, has been kicked off of # many ISPs already. # # 8/20/02: # Still extremely prolific, but over the years has morphed # into a seller of general purpose "targeted email lists", # that probably are not targeted. Im sure its the same # person because the morph has been slow, and at each step # the same methodologies were used and same spamtrap addresses # were targeted, in a combination no other spammer ever used. # # 9/10/02: # Spamming from attbi.com with forged From: line claiming to be # coming from amazon.com. :/ These despicable slimeballs have # no shame. # # 12/06/02: # Spamming as "Tools 4 Marketing" these days. # # 1/10/04: # Still at it -- must be some kind of record. :/ # # 4/14/05: # And *still* at it, as "Tools 4 Marketing", using the same # throwaway Netscape email address and same 888 number. # Unbelievable. # # Status: Active Spammer # TESTNAME='BSB Publishing' TESTDOMAINS=${SBDIR}/retired/bsbpub-domains.txt TESTCIDR=${SBDIR}/retired/bsbpub-ips.cidr TESTPATTERNS=${SBDIR}/retired/bsbpub-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050414 TESTUPDATED=20040329 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # BulkMarketing.net # # Last reported spam: 2/23/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='BulkMarketing' TESTDOMAINS=${SBDIR}/retired/bulkmarketing-domains.txt TESTCIDR=${SBDIR}/retired/bulkmarketing-ips.cidr TESTPATTERNS=${SBDIR}/retired/bulkmarketing-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # BusinessBooster # # Last reported spam: 3/02/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 1/31/04: # Reportedly spamming web sites that host a particular trojan # program that downloads itself and infects computers that come # to a URL, turning them into spam "zombie" computers. Listed # by SpamHaus, too dangerous to let pass at all. :( # # Status: Unknown # TESTNAME='BusinessBooster' TESTDOMAINS=${SBDIR}/retired/businessbooster-domains.txt TESTCIDR=${SBDIR}/retired/businessbooster-ips.cidr TESTPATTERNS=${SBDIR}/retired/businessbooster-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Carnegie Sun # # Last reported spam: 7/02/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Carnegie Sun' TESTDOMAINS=${SBDIR}/retired/carnegiesun-domains.txt TESTCIDR=${SBDIR}/retired/carnegiesun-ips.cidr TESTPATTERNS=${SBDIR}/retired/carnegiesun-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Champion, Ryan (AMR Ventures/PerfectNameservers) # # Last reported spam: 7/12/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Ryan%20Champion%20/%20AMR%20Ventures # # Status: Unknown # TESTNAME='Ryan Champion' TESTDOMAINS=${SBDIR}/retired/ryanchampion-domains.txt TESTCIDR=${SBDIR}/retired/ryanchampion-ips.cidr TESTPATTERNS=${SBDIR}/retired/ryanchampion-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Chan, Vincent (yoric.net) # # Last reported spam: 10/18/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Vincent%20Chan%20/%20yoric.net # # Status: Unknown # TESTNAME='Vincent Chan' TESTDOMAINS=${SBDIR}/retired/vincentchan-domains.txt TESTCIDR=${SBDIR}/retired/vincentchan-ips.cidr TESTPATTERNS=${SBDIR}/retired/vincentchan-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Clickman LLC # # Last reported spam: 7/29/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 11/15/02: # Aggressive new spammer using lots of new domains. # # 10/02/03: # Apparently theyve become a source of Penis Enlargement spams. :/ # # 7/12/04: # Now sending floods of web cam spam, hosting sites with porn # web cams. Those sites have DNS from servergod.com, which is # decidely Clickman LLC. Not good. :/ # # Status: Unknown # TESTNAME='Clickman LLC' TESTDOMAINS=${SBDIR}/retired/clickman-domains.txt TESTCIDR=${SBDIR}/retired/clickman-ips.cidr TESTPATTERNS=${SBDIR}/retired/clickman-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Conta/Love4Lust # # Last reported spam: 2/18/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Conta/Love4Lust' TESTDOMAINS=${SBDIR}/retired/conta-domains.txt TESTCIDR=${SBDIR}/retired/conta-ips.cidr TESTPATTERNS=${SBDIR}/retired/conta-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Cowles, Thomas (Empire Towers/POPLaunch/StealthLaunch) # # Last reported spam: 7/05/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Thomas%20Cowles%20-%20Empire%20Towers # # 11/11/02: # The scum joe-jobbed one of my email addresses. I am NOT # amused. # # Status: Unknown # TESTNAME='Thomas Cowles' TESTDOMAINS=${SBDIR}/retired/cowles-domains.txt TESTCIDR=${SBDIR}/retired/cowles-ips.cidr TESTPATTERNS=${SBDIR}/retired/cowles-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # CP Cyberwurx (conepuppy.com) # # Last reported spam: 6/15/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 4/25/02: # Chinese network with no reverse DNS, little valid info in APNIC, # no valid complaint email addresses, and a pattern of spamming. # Probably a spamhaus, but being blocked as a precaution. # # 11/06/02: # Definitely a spamhaus. Plonk! # # 1/18/04: # Still spamming away. # TESTNAME='Cyberwurx' TESTDOMAINS=${SBDIR}/retired/cyberwurx-domains.txt TESTCIDR=${SBDIR}/retired/cyberwurx-ips.cidr TESTPATTERNS=${SBDIR}/retired/cyberwurx-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Daily Mislead # # Last reported spam: 1/04/05 # Data files last updated: 2/04/04 # # Other Relevant Info: # # 1/14/04: # Leftist ideological newsletter spammed to various email # addresses scraped off of web sites with political or # human rights content. # # 8/02/04: # An antispammer I trust tells me that they're not so much # spammers as runners of opt-out email lists who simply # won't listen to reason. :/ That isn't good, but deserves # to be treated differently than outright spammers. # # Status: Unknown # :0 * ! MAINSLEAZE ?? NONE { TESTNAME='Daily Mislead' TESTDOMAINS=${SBDIR}/retired/mislead-domains.txt TESTCIDR=${SBDIR}/retired/mislead-ips.cidr TESTPATTERNS=${SBDIR}/retired/mislead-patterns.rc TESTLAST=20050104 TESTUPDATED=20040204 TESTTYPE=ALL :0 * MAINSLEAZE ?? BLOCK { TESTSCORE=${BLOCKLEVEL} } :0 * MAINSLEAZE ?? SPAM { TESTSCORE=${SPAMLEVEL} } INCLUDERC=${SBDIR}/functions/identify-spammer.rc } # DailyPointsMail # # Last reported spam: 11/29/05 # Data files last updated: 11/28/05 # # Other Relevant Info: # # 11/29/2005: # Customer of spamming ISP Cave Creek Internet Exchange/CWIE. # # Status: Unknown # TESTNAME='DailyPointsMail' TESTDOMAINS=${SBDIR}/retired/dailypointsmail-domains.txt TESTCIDR=${SBDIR}/retired/dailypointsmail-ips.cidr TESTPATTERNS=${SBDIR}/retired/dailypointsmail-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20051129 TESTUPDATED=20051128 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Dangtran, Quang (Whoa Medical) # # Last reported spam: 8/24/05 # Data files last updated: 7/15/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Quang%20Dangtran%20-%20Whoa%20Medical # # Status: Unknown # TESTNAME='Quang Dangtran' TESTDOMAINS=${SBDIR}/retired/dangtran-domains.txt TESTCIDR=${SBDIR}/retired/dangtran-ips.cidr TESTPATTERNS=${SBDIR}/retired/dangtran-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050824 TESTUPDATED=20050715 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Davidson, Eddie # # Last reported spam: 8/24/04 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Eddie%20Davidson # # 8/07/05: Was behind spam hosting outfit A1-BulkEmailHost, # which was listed separately in the SpamBouncer. Listings # merged. # # Status: Unknown # TESTNAME='Eddie Davidson' TESTDOMAINS=${SBDIR}/retired/davidson-domains.txt TESTCIDR=${SBDIR}/retired/davidson-ips.cidr TESTPATTERNS=${SBDIR}/retired/davidson-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # DealCop # # Last reported spam: 12/12/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Dealcop' TESTDOMAINS=${SBDIR}/retired/dealcop-domains.txt TESTCIDR=${SBDIR}/retired/dealcop-ips.cidr TESTPATTERNS=${SBDIR}/retired/dealcop-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # DeCrescenzo, Damon # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Damon%20DeCrescenzo%20-%20Docdrugs # # Since DeCrescenzo uses proxies, relays, forged headers, and every other # spammer obfuscation trick in the book, this will catch only spam # that comes directly from IPs known to belong to him or advertising web # sites hosted at IPs known to belong to him. But that # should be some of it anyway. # # Status: Unknown # TESTNAME='Damon DeCrescenzo' TESTDOMAINS=${SBDIR}/retired/decrescenzo-domains.txt TESTCIDR=${SBDIR}/retired/decrescenzo-ips.cidr TESTPATTERNS=${SBDIR}/retired/decrescenzo-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Devincenzi, Kevin (Million Marketing/Money Matters) # # Last reported spam: 8/24/05 # Data files last updated: 7/15/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Million%20Marketing/Money%20Matters%20-%20Kevin%20Devincenzi # # Status: Unknown # TESTNAME='Kevin Devincenzi' TESTDOMAINS=${SBDIR}/retired/devincenzi-domains.txt TESTCIDR=${SBDIR}/retired/devincenzi-ips.cidr TESTPATTERNS=${SBDIR}/retired/devincenzi-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050824 TESTUPDATED=20050715 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Dialpadmail.us # # Last reported spam: 6/29/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='DialPadMail' TESTDOMAINS=${SBDIR}/retired/dialpadmail-domains.txt TESTCIDR=${SBDIR}/retired/dialpadmail-ips.cidr TESTPATTERNS=${SBDIR}/retired/dialpadmail-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # DirectQlick # # Last reported spam: 4/18/05 # Data files last updated: 4/18/05 # # Other Relevant Info: # # Status: Unknown # TESTNAME='DirectQlick' TESTDOMAINS=${SBDIR}/retired/directqlick-domains.txt TESTCIDR=${SBDIR}/retired/directqlick-ips.cidr TESTPATTERNS=${SBDIR}/retired/directqlick-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20040418 TESTUPDATED=20040418 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Dukarossa, Bonnie (Bullet 9 Communications) # # Last reported spam: 12/21/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Bonnie%20Dukarossa%20-%20Bullet9%20Communications # # 12/21/03: # Got on my radar spamming for Emailbox Filter, a spam # filter. :/ # # Status: Unknown # TESTNAME='Bonnie Dukarossa' TESTDOMAINS=${SBDIR}/retired/dukarossa-domains.txt TESTCIDR=${SBDIR}/retired/dukarossa-ips.cidr TESTPATTERNS=${SBDIR}/retired/dukarossa-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Ehostz.org # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Ehostz.org' TESTDOMAINS=${SBDIR}/retired/ehostzorg-domains.txt TESTCIDR=${SBDIR}/retired/ehostzorg-ips.cidr TESTPATTERNS=${SBDIR}/retired/ehostzorg-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Ellis, Kelly Joe (WebMark/Marketforce) # # Last reported spam: 10/14/04 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Kelly%20Joe%20Ellis%20/%20WebMark%20inc%20/%20Marketforce%20inc # # Status: Active Spammer # TESTNAME='Kelly Joe Ellis' TESTDOMAINS=${SBDIR}/retired/kjellis-domains.txt TESTCIDR=${SBDIR}/retired/kjellis-ips.cidr TESTPATTERNS=${SBDIR}/retired/kjellis-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20041014 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # emailfactory.com (allneighbor.com) # # Last reported spam: 8/25/05 # Data files last updated: 8/25/05 # # Other Relevant Info: # # Status: Unknown # TESTNAME='EmailFactory' TESTDOMAINS=${SBDIR}/retired/emailfactory-domains.txt TESTCIDR=${SBDIR}/retired/emailfactory-ips.cidr TESTPATTERNS=${SBDIR}/retired/emailfactory-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050825 TESTUPDATED=20050825 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Equalamail/Coopt (Marketing Services/Promotion Services) # # Last reported spam: 7/06/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknowns # TESTNAME='Equalamail' TESTDOMAINS=${SBDIR}/retired/equalamail-domains.txt TESTCIDR=${SBDIR}/retired/equalamail-ips.cidr TESTPATTERNS=${SBDIR}/retired/equalamail-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Etracks # # Last reported spam: 7/20/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 1/21/04: # Internap shut down eTracks connection, and de-swipped all # of eTracks IP space. Noted and SpamBouncer updated to # reflect this. # # Status: Unknown # TESTNAME='Etracks' TESTDOMAINS=${SBDIR}/retired/etracks-domains.txt TESTCIDR=${SBDIR}/retired/etracks-ips.cidr TESTPATTERNS=${SBDIR}/retired/etracks-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Evergreen Corporation # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL20162 # # Status: Unknown # TESTNAME='Evergreen Corporation' TESTDOMAINS=${SBDIR}/retired/evergreencorp-domains.txt TESTCIDR=${SBDIR}/retired/evergreencorp-ips.cidr TESTPATTERNS=${SBDIR}/retired/evergreencorp-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Evidence Eliminator (Andy Churchill) # # Last reported spam: 5/15/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 7/21/03: # Aggressive and dishonest spammer with a history of bogus claims # and lawsuits against those that publicly objected to their # behavior. # # Status: Unknown # TESTNAME='Evidence Eliminator' TESTDOMAINS=${SBDIR}/retired/eelim-domains.txt TESTCIDR=${SBDIR}/retired/eelim-ips.cidr TESTPATTERNS=${SBDIR}/retired/eelim-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Five Elements (Phil Doroff) # # Last reported spam: 7/09/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Phil%20Doroff%20/%20Five%20Elements,%20Inc # # Status: Unknown # TESTNAME='Five Elements' TESTDOMAINS=${SBDIR}/retired/fiveelements-domains.txt TESTCIDR=${SBDIR}/retired/fiveelements-ips.cidr TESTPATTERNS=${SBDIR}/retired/fiveelements-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # FlyInAds # # Last reported spam: 1/02/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='FlyInAds' TESTDOMAINS=${SBDIR}/retired/flyinads-domains.txt TESTCIDR=${SBDIR}/retired/flyinads-ips.cidr TESTPATTERNS=${SBDIR}/retired/flyinads-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Francis-Macrae, Peter # # Last reported spam: 4/17/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Peter%20Francis-Macrae # # Status: Unknown TESTNAME='Peter Francis-Macrae' TESTDOMAINS=${SBDIR}/retired/francismacrae-domains.txt TESTCIDR=${SBDIR}/retired/francismacrae-ips.cidr TESTPATTERNS=${SBDIR}/retired/francismacrae-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050417 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Friesner, Ryan (E-ListDirect/Ride Marketing) # # Last reported spam: 11/03/04 # Data files last updated: 11/07/04 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Ryan%20Friesner%20-%20E-ListDirect%20/%20Ride%20Marketing # # Status: Unknown # TESTNAME='Ryan Friesner' TESTDOMAINS=${SBDIR}/retired/friesner-domains.txt TESTCIDR=${SBDIR}/retired/friesner-ips.cidr TESTPATTERNS=${SBDIR}/retired/friesner-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20041103 TESTUPDATED=20041107 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # FutureVision Communication (BTP Group) # # Last reported spam: 3/01/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=FutureVision%20Communication%20/%20sncsi.net # # 12/10/03: # Spewing away, listed by SBL, etc. # # 1/16/04: # VERY interesting post on news.admin.net-abuse.email, # by David Ramalho, indicates that this is probably a stolen # netblock. Lots of chicanery.... (Forwarded the post to # SpamHaus.org for their investigation.) # # 7/09/2004: # Southern Network Consolidated with FutureVision Communication # record/ROKSO spammers. # # Status: Unknown # TESTNAME='FutureVision Communication' TESTDOMAINS=${SBDIR}/retired/futurevision-domains.txt TESTCIDR=${SBDIR}/retired/futurevision-ips.cidr TESTPATTERNS=${SBDIR}/retired/futurevision-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050301 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Gandhi, Husein # # Last reported spam: 2/11/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Husein%20Gandhi # # Status: Unknown # TESTNAME='Husein Gandhi' TESTDOMAINS=${SBDIR}/retired/huseingandhi-domains.txt TESTCIDR=${SBDIR}/retired/huseingandhi-ips.cidr TESTPATTERNS=${SBDIR}/retired/huseingandhi-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 NCLUDERC=${SBDIR}/functions/identify-spammer.rc # Garavaglia, Juan (Super-Zonda) # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Juan%20Garavaglia%20aka%20Super-Zonda # # 6/19/05: # I suspect Garavaglia is still spamming, but you couldnt # prove it by me. :/ Hes an old-time user of DNS tricks, # etc. # # Status: Active Spammer # TESTNAME='Juan Garavaglia' TESTDOMAINS=${SBDIR}/retired/garavaglia-domains.txt TESTCIDR=${SBDIR}/retired/garavaglia-ips.cidr TESTPATTERNS=${SBDIR}/retired/garavaglia-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=BODY INCLUDERC=${SBDIR}/functions/identify-spammer.rc # GetPaidForum # # Last reported spam: 1/16/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 1/16/04: # Spamming email forged to appear to be a Mailer Daemon/ # bounce, directing people to an IP that redirects to # getpaidforum.com. Slimeballs. # # Status: Unknown # TESTNAME='GetPaidForum' TESTDOMAINS=${SBDIR}/retired/getpaidforum-domains.txt TESTCIDR=${SBDIR}/retired/getpaidforum-ips.cidr TESTPATTERNS=${SBDIR}/retired/getpaidforum-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # GetResponse.com # # Last reported spam: 7/21/05 # Data files last updated: 9/10/04 # # Other Relevant Info: # # 2/20/03: # Spammer offering autoresponders, etc. # # Status: Unknown # TESTNAME='GetResponse' TESTDOMAINS=${SBDIR}/retired/getresponse-domains.txt TESTCIDR=${SBDIR}/retired/getresponse-ips.cidr TESTPATTERNS=${SBDIR}/retired/getresponse-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050721 TESTUPDATED=20040910 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Giantrewards # # Last reported spam: 8/10/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Giantrewards' TESTDOMAINS=${SBDIR}/retired/giantrewards-domains.txt TESTCIDR=${SBDIR}/retired/giantrewards-ips.cidr TESTPATTERNS=${SBDIR}/retired/giantrewards-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # GiantWeb porn nest # # Last reported spam: 8/23/05 # Data files last updated: 5/11/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Giantweb # # 8/17/02: # Porn spammers, use throwaway dial-ups, email handled through # separate place. Spamming assholes. :( # # 11/05/02: # Still at it. # # 12/11/02: # New netblocks. # # 2/20/04: # Have grown quieter in their old age, but still spamming, usually # via open proxies, etc., advertising web sites they host in their # own IP space. # # 3/03/04: # First non-porn Giantweb spam Ive seen -- mortgage spam. # # Status: unknown # TESTNAME='GiantWeb' TESTDOMAINS=${SBDIR}/retired/giantweb-domains.txt TESTCIDR=${SBDIR}/retired/giantweb-ips.cidr TESTPATTERNS=${SBDIR}/retired/giantweb-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050823 TESTUPDATED=20050511 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Global Internic # # Last reported spam: 11/13/05 # Data files last updated: 11/13/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL20178 # # Status: Unknown # TESTNAME='Global Internic' TESTDOMAINS=${SBDIR}/retired/globalinternic-domains.txt TESTCIDR=${SBDIR}/retired/globalinternic-ips.cidr TESTPATTERNS=${SBDIR}/retired/globalinternic-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20051113 TESTUPDATED=20051113 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Global Submit (Mardox) # # Last reported spam: 1/17/05 # Data files last updated: 1/31/04 # # Other Relevant Info: # # Status: Active Spammer # TESTNAME='Global Submit' TESTDOMAINS=${SBDIR}/retired/globalsubmit-domains.txt TESTCIDR=${SBDIR}/retired/globalsubmit-ips.cidr TESTPATTERNS=${SBDIR}/retired/globalsubmit-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050117 TESTUPDATED=20040131 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Glowing Edge # # Last reported spam: 7/29/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Glowing Edge' TESTDOMAINS=${SBDIR}/retired/glowingedge-domains.txt TESTCIDR=${SBDIR}/retired/glowingedge-ips.cidr TESTPATTERNS=${SBDIR}/retired/glowingedge-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Godino, Bob (LK Marketing/LLC Technologies) # # Last reported spam: 5/08/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Bob Godino' TESTDOMAINS=${SBDIR}/retired/godino-domains.txt TESTCIDR=${SBDIR}/retired/godino-ips.cidr TESTPATTERNS=${SBDIR}/retired/godino-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Goldman, Marc (goldbar.net) # # Last reported spam: 6/30/05 # Data files last updated: 11/07/04 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL20178 # # Status: Unknown # TESTNAME='Marc Goldman' TESTDOMAINS=${SBDIR}/retired/marcgoldman-domains.txt TESTCIDR=${SBDIR}/retired/marcgoldman-ips.cidr TESTPATTERNS=${SBDIR}/retired/marcgoldman-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050630 TESTUPDATED=20041107 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Goldstein, Jeffrey P. (Gregory Greenstein/Impulse Marketing) # # Last reported spam: 10/20/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Jeffrey%20P%20Goldstein%20/%20Gregory%20Greenstein%20-%20emailhello.com%20/%20%20impulse%20marketing # # 8/07/05: # Long-time spammer, at one time partnered with Eric # Reinertsen and I had their listings combined. Now # broken out. # # Status: Unknown # TESTNAME='Jeffrey Goldstein' TESTDOMAINS=${SBDIR}/retired/goldstein-domains.txt TESTCIDR=${SBDIR}/retired/goldstein-ips.cidr TESTPATTERNS=${SBDIR}/retired/goldstein-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20051020 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Gorlach, Alexander (mailutilities/massmail) # # Last reported spam: 8/24/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=mailutilities/massmail%20/%20Alexander%20Gorlach # # Status: Unknown # TESTNAME='Alexander Gorlach' TESTDOMAINS=${SBDIR}/retired/gorlach-domains.txt TESTCIDR=${SBDIR}/retired/gorlach-ips.cidr TESTPATTERNS=${SBDIR}/retired/gorlach-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Goudreault, Steve (Ryan Pitylak/Mart Trotter) # # Last reported spam: 7/08/05 # Data files last updated: 3/09/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Ryan%20Pitylak%20/%20Steve%20Goudreault%20/%20Mart%20Trotter # # Status: Unknown # TESTNAME='Steve Goudreault' TESTDOMAINS=${SBDIR}/retired/goudreault-domains.txt TESTCIDR=${SBDIR}/retired/goudreault-ips.cidr TESTPATTERNS=${SBDIR}/retired/goudreault-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050708 TESTUPDATED=20050309 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Grandinetti, John (321send.com) # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=John%20Grandinetti%20/%20321send.com # # Status: Unknown # TESTNAME='John Grandinetti' TESTDOMAINS=${SBDIR}/retired/grandinetti-domains.txt TESTCIDR=${SBDIR}/retired/grandinetti-ips.cidr TESTPATTERNS=${SBDIR}/retired/grandinetti-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # GraviComm Webhosting # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 10/01/03: Apparent huge spam nest spewing away like crazy. # # Status: Unknown # TESTNAME='GraviComm' TESTDOMAINS=${SBDIR}/retired/gravicomm-domains.txt TESTCIDR=${SBDIR}/retired/gravicomm-ips.cidr TESTPATTERNS=${SBDIR}/retired/gravicomm-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Gregorios, Kristoffer # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Kristoffer Gregorios' TESTDOMAINS=${SBDIR}/retired/gregorios-domains.txt TESTCIDR=${SBDIR}/retired/gregorios-ips.cidr TESTPATTERNS=${SBDIR}/retired/gregorios-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Haberli, Ernesto # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Cyrunner%20/%20Ernesto%20Haberli%20aka%20Eduardo%20Warren # # Last reported spam: 4/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Ernesto Haberli' TESTDOMAINS=${SBDIR}/retired/haberli-domains.txt TESTCIDR=${SBDIR}/retired/haberli-ips.cidr TESTPATTERNS=${SBDIR}/retired/haberli-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Hage, Mohamed (BlueRockDove) # # Last reported spam: 2/28/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=BlueRock%20Dove%20/%20Mohamed%20Hage # # 10/01/03: Loooonnggg time spammer/spamhaus. # # Status: Unknown # TESTNAME='BlueRockDove' TESTDOMAINS=${SBDIR}/retired/bluerockdove-domains.txt TESTCIDR=${SBDIR}/retired/bluerockdove-ips.cidr TESTPATTERNS=${SBDIR}/retired/bluerockdove-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050228 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Hannifin, Glen # # Last reported spam: 8/24/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Glen%20Hannifin # # Status: Unknown # TESTNAME='Glen Hannifin' TESTDOMAINS=${SBDIR}/retired/hannifin-domains.txt TESTCIDR=${SBDIR}/retired/hannifin-ips.cidr TESTPATTERNS=${SBDIR}/retired/hannifin-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Hirsch, Scott (Edirect/Naviant) # # Last reported spam: 7/16/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Scott%20Hirsch%20-%20edirect%20/%20naviant # # Status: Unknown # TESTNAME='Scott Hirsch' TESTDOMAINS=${SBDIR}/retired/hirsch-domains.txt TESTCIDR=${SBDIR}/retired/hirsch-ips.cidr TESTPATTERNS=${SBDIR}/retired/hirsch-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Ho, Calvin (Optin Global, Inc.) # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Calvin%20Ho%20/%20Optin%20Global%20Inc # # Last reported spam: 3/13/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Calvin Ho' TESTDOMAINS=${SBDIR}/retired/calvinho-domains.txt TESTCIDR=${SBDIR}/retired/calvinho-ips.cidr TESTPATTERNS=${SBDIR}/retired/calvinho-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # H&R Block # # Last reported spam: 12/12/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 12/12/03: # Hired spam-for-hire outfit Vertical Response to spam # on its behalf. No mention of H&R Block web site in # spam, *very* carefully done. But its still spamming. # :0 * ! MAINSLEAZE ?? NONE { TESTNAME='H&R Block' TESTDOMAINS=${SBDIR}/retired/hrblock-domains.txt TESTCIDR=${SBDIR}/retired/hrblock-ips.cidr TESTPATTERNS=${SBDIR}/retired/hrblock-patterns.rc TESTTYPE=ALL :0 * MAINSLEAZE ?? BLOCK { TESTSCORE=${BLOCKLEVEL} } :0 * MAINSLEAZE ?? SPAM { TESTSCORE=${SPAMLEVEL} } INCLUDERC=${SBDIR}/functions/identify-spammer.rc } # iexpect.com # # Last reported spam: 1/06/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Iexpect' TESTDOMAINS=${SBDIR}/retired/iexpect-domains.txt TESTCIDR=${SBDIR}/retired/iexpect-ips.cidr TESTPATTERNS=${SBDIR}/retired/iexpect-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Imagine2020.com # # Last reported spam: 1/13/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Imagine2020' TESTDOMAINS=${SBDIR}/retired/imagine2020-domains.txt TESTCIDR=${SBDIR}/retired/imagine2020-ips.cidr TESTPATTERNS=${SBDIR}/retired/imagine2020-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Impact Consulting # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL18126 # # Status: Unknown # TESTNAME='Impact Consulting' TESTDOMAINS=${SBDIR}/retired/impactconsulting-domains.txt TESTCIDR=${SBDIR}/retired/impactconsulting-ips.cidr TESTPATTERNS=${SBDIR}/retired/impactconsulting-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Integratix # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 7/25/03: # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL6955 # # Status: Unknown # TESTNAME='Integratix' TESTDOMAINS=${SBDIR}/retired/integratix-domains.txt TESTCIDR=${SBDIR}/retired/integratix-ips.cidr TESTPATTERNS=${SBDIR}/retired/integratix-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Internet Laboratory Corporation # # Last reported spam: 2/23/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='ILCorp' TESTDOMAINS=${SBDIR}/retired/ilcorp-domains.txt TESTCIDR=${SBDIR}/retired/ilcorp-ips.cidr TESTPATTERNS=${SBDIR}/retired/ilcorp-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # InternetSeer # # Last reported spam: 7/28/04 # Data files last updated: 3/10/05 # # Other Relevant Info: # # 8/02/04: # Put people on their email lists, *never* remove them, but # apparently do so only after someone has been corresponding # with them or plugged an email address into a web site. # # Status: Active Spammer # :0 * ! MAINSLEAZE ?? NONE { TESTNAME='InternetSeer' TESTDOMAINS=${SBDIR}/retired/internetseer-domains.txt TESTCIDR=${SBDIR}/retired/internetseer-ips.cidr TESTPATTERNS=${SBDIR}/retired/internetseer-patterns.rc TESTLAST=20040728 TESTUPDATED=20040506 TESTTYPE=HEADERS :0 * MAINSLEAZE ?? BLOCK { TESTSCORE=${BLOCKLEVEL} } :0 * MAINSLEAZE ?? SPAM { TESTSCORE=${SPAMLEVEL} } INCLUDERC=${SBDIR}/functions/identify-spammer.rc } # James, Bennedict (Levelhost, Inc.) # # Last reported spam: 4/15/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # SBL11665 # # 3/13/04: # Apparently a fraudulent "hosting" operation that rips off customers, # if SpamHaus has the facts straight. (And they usually do.) # # Status: Unknown # TESTNAME='Bennedict James' TESTDOMAINS=${SBDIR}/retired/bennedictjames-domains.txt TESTCIDR=${SBDIR}/retired/bennedictjames-ips.cidr TESTPATTERNS=${SBDIR}/retired/bennedictjames-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Jaynes, Jeremy (Gaven Stubberfield) # # Last reported spam: 3/12/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Gaven%20Stubberfield # # Status: Unknown # TESTNAME='Jeremy Jaynes' TESTDOMAINS=${SBDIR}/retired/jaynes-domains.txt TESTCIDR=${SBDIR}/retired/jaynes-ips.cidr TESTPATTERNS=${SBDIR}/retired/jaynes-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050807 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # KLH Enterprises (scitx.com/xuptime.com) # # Last reported spam: 6/09/05 # Data files last updated: 6/26/05 # # Other Relevant Info: # # 2/24/04: # College Degree/Diploma spam, etc. # # Status: Unknown # TESTNAME='KLH Enterprises' TESTDOMAINS=${SBDIR}/retired/scitx-domains.txt TESTCIDR=${SBDIR}/retired/scitx-ips.cidr TESTPATTERNS=${SBDIR}/retired/scitx-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050609 TESTUPDATED=20050626 TESTTYPE=BODY INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Kokinos, George (Miles Marketing) # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=George%20Kokinos%20/%20Miles%20Marketing # # Status: Unknown # TESTNAME='George Kokinos' TESTDOMAINS=${SBDIR}/retired/kokinos-domains.txt TESTCIDR=${SBDIR}/retired/kokinos-ips.cidr TESTPATTERNS=${SBDIR}/retired/kokinos-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Lane, Trevor # # Last reported spam: 8/25/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Trevor Lane' TESTDOMAINS=${SBDIR}/retired/trevorlane-domains.txt TESTCIDR=${SBDIR}/retired/trevorlane-ips.cidr TESTPATTERNS=${SBDIR}/retired/trevorlane-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Lantz, Gordon and Gretchen Aitken (emailoffers.net) # # Last reported spam: 6/03/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Gordon%20Lantz%20&%20Gretchen%20Aitken%20/%20emailoffer.net # # Status: Unknown # TESTNAME='Gordon Lantz' TESTDOMAINS=${SBDIR}/retired/gordonlantz-domains.txt TESTCIDR=${SBDIR}/retired/gordonlantz-ips.cidr TESTPATTERNS=${SBDIR}/retired/gordonlantz-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050603 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Lin, Daniel # # Last reported spam: 8/24/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Daniel%20Lin # # Status: Unknown # TESTNAME='Daniel Lin' TESTDOMAINS=${SBDIR}/retired/daniellin-domains.txt TESTCIDR=${SBDIR}/retired/daniellin-ips.cidr TESTPATTERNS=${SBDIR}/retired/daniellin-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # link-builder.com # # Last reported spam: 10/03/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='LinkBuilder' TESTDOMAINS=${SBDIR}/retired/linkbuilder-domains.txt TESTCIDR=${SBDIR}/retired/linkbuilder-ips.cidr TESTPATTERNS=${SBDIR}/retired/linkbuilder-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Lusky, Fred (Scott Maslowe/Netbenders/Lakeshore Development) # # Last reported spam: 8/07/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Lin%20Hsien%20Ming%20/%20himailer.com,%20callin.net,%20yuya.com.tw # # Status: Unknown # TESTNAME='Fred Lusky' TESTDOMAINS=${SBDIR}/retired/fredlusky-domains.txt TESTCIDR=${SBDIR}/retired/fredlusky-ips.cidr TESTPATTERNS=${SBDIR}/retired/fredlusky-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050807 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Market Source, LLC (Brad Quinn/Spotlight Media, LLC) # # Last reported spam: 8/23/05 # Data files last updated: 10/18/04 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13709 # # Status: Unknown # TESTNAME='Market Source' TESTDOMAINS=${SBDIR}/retired/marketsource-domains.txt TESTCIDR=${SBDIR}/retired/marketsource-ips.cidr TESTPATTERNS=${SBDIR}/retired/marketsource-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050415 TESTUPDATED=20041018 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # McCausland, Glen & Stacey # # Last reported spam: 2/20/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Glen%20&%20Stacey%20McCausland # # Status: Unknown # TESTNAME='Glen McCausland' TESTDOMAINS=${SBDIR}/retired/mccausland-domains.txt TESTCIDR=${SBDIR}/retired/mccausland-ips.cidr TESTPATTERNS=${SBDIR}/retired/mccausland-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Meditay, LLC # # Last reported spam: 8/23/05 # Data files last updated: 11/08/04 # # Other Relevant Info: # # 3/08/04: # Closely affiliated with the rogue spamhaus Atriks, LLC. # However, some digging verified that Meditay was spamming # pre-Atriks: # # http://groups.google.com/groups?q=Meditay+group:news.admin.net-abuse.*&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=MfQ5b.44495%24Qy4.33318%40fed1read05&rnum=1 # # In addition, in the last couple of weeks Meditay appears # to be sending spam out via someone other than Atriks: # # http://groups.google.com/groups?q=Meditay+group:news.admin.net-abuse.*&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=b3b0d77e.0401200447.70e676fb%40posting.google.com&rnum=7 # # So Im separating the Atriks and Meditay recipes, although # I fully expect that, where you find Meditay, you will usually # find Atriks as well. # # Status: Unknown # TESTNAME='Meditay' TESTDOMAINS=${SBDIR}/retired/meditay-domains.txt TESTCIDR=${SBDIR}/retired/meditay-ips.cidr TESTPATTERNS=${SBDIR}/retired/meditay-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050823 TESTUPDATED=20041108 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Netcreations/PostmasterDirect # # Last reported spam: 12/11/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # Site that claimed/tried to go straight and failed. :( # 6/10/00 -- Try, try again. No spam from this source for a while. # 5/14/01 -- Unfortunately, they started spamming again. :( # 10/01/02 -- and hasnt stopped. # Status: Unknown # :0 * ! OPTOUT ?? NONE { TESTNAME='Netcreations' TESTDOMAINS=${SBDIR}/retired/netcreations-domains.txt TESTCIDR=${SBDIR}/retired/netcreations-ips.cidr TESTPATTERNS=${SBDIR}/retired/netcreations-patterns.rc TESTTYPE=HEADERS :0 * OPTOUT ?? BLOCK { TESTSCORE=${BLOCKLEVEL} } :0 * OPTOUT ?? SPAM { TESTSCORE=${SPAMLEVEL} } INCLUDERC=${SBDIR}/functions/identify-spammer.rc } # Net Nexus, Inc. # # Last reported spam: 3/13/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Net Nexus' TESTDOMAINS=${SBDIR}/retired/netnexus-domains.txt TESTCIDR=${SBDIR}/retired/netnexus-ips.cidr TESTPATTERNS=${SBDIR}/retired/netnexus-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # NetworkDNS.BIZ # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='NetworkDNS.BIZ' TESTDOMAINS=${SBDIR}/retired/networkdns-domains.txt TESTCIDR=${SBDIR}/retired/networkdns-ips.cidr TESTPATTERNS=${SBDIR}/retired/networkdns-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Network Solutions # # Last reported spam: 7/18/05 # Data files last updated: 8/21/05 # # Other Relevant Info: # # 7/13/99: # Network Solutions has started a new "mailing list" to which it has # apparently subscribed the listed technical contacts in its huge # database without asking them, requiring them to unsubscribe # themselves. This is opt-out bulk email, which is spam, plain # and simple. I am therefore including the Network Solutions # spamming machine here. I am not blacklisting the whole domain # because that could pose a problem for people with domains # registered through this monopoly. :( The *ssholes are # taking advantage of their monopoly to force a situation on # their customers which most of the customers would reject totally # if asked. # # 9/24/99: A few days ago NSI spammed every email address they had, # administrative and billing contacts as well as technical # contacts, through a third-party company as well, apparently to # avoid spam blocks. :( These are slimeballs. Ive blocked them # entirely -- Id suggest you inform them that they are to # communicate with you about your domain via postal mail only. # # 6/10/00: Contacted me via phone a few weeks ago to "follow up on my # recent request to opt-out of the .COM directory with a domain". That # request/demand was sent last fall. A few weeks later, got spammed by # them asking me to update my "incomplete" registration information for # that specific domain. These jerks simply DO NOT GET IT. # # 6/20/00: Yet another spam from these unbelievable slimeballs.... # # 11/01/01: Now theyre spamming on behalf of Verisign, a company # they own, via yet another spamhaus.... # # 4/30/02: They hired a small spamhaus to spam on their behalf, apparently # got tired of fielding their own complaints. :/ # # 9/06/02: New domain, nsi-direct.com, being used to spam now. They are # spamming people about domains that are not due to expire til next # year, urging them to sign on for a three-year contract. Desperate, # perhaps, because ICANN is threatening to deregister them? # # 10/01/03: SiteFinder. And more spam on its behalf. # # 6/30/04: Bunches of spam coming up with domains hosted by Network Solutions # itself, within its own name space. :/ # # 8/02/04: Enough people depend on Network Solutions that I cant simply # throw away their email, although they deserve it. Moved to # OOL, under protest. # # 7/19/05: Spammed a bunch of old whois domain contacts, some of # them not used for years, and several apparently non-existent # email addresses, via E-Dialog. At least they're sending # their spam via a spam-for-hire outfit and are separating it # from email to their customers. Perhaps getting rid of Verisign # is making a difference. # # Status: Active Spammer # :0 * ! MAINSLEAZE ?? NONE { TESTNAME='Network Solutions' TESTDOMAINS=${SBDIR}/mainsleaze/netsol-domains.txt TESTCIDR=${SBDIR}/mainsleaze/netsol-ips.cidr TESTPATTERNS=${SBDIR}/mainsleaze/netsol-patterns.rc TESTLAST=20050718 TESTUPDATED=20050821 TESTTYPE=HEADER :0 * MAINSLEAZE ?? BLOCK { TESTSCORE=${BLOCKLEVEL} } :0 * MAINSLEAZE ?? SPAM { TESTSCORE=${SPAMLEVEL} } INCLUDERC=${SBDIR}/functions/identify-spammer.rc } # Nowakowski, Greg (Chris Tibaldo/Racksource/Zacson) # # Last reported spam: 5/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Greg Nowakowski' TESTDOMAINS=${SBDIR}/retired/nowakowski-domains.txt TESTCIDR=${SBDIR}/retired/nowakowski-ips.cidr TESTPATTERNS=${SBDIR}/retired/nowakowski-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # OEM Warez Spammers # # Last reported spam: 10/30/05 # Data files last updated: 8/19/05 # # Other Relevant Info: # # 11/07/2005: It looks like the original OEM Warez/Soft OEM spammers # have morphed and their domains and IP blocks are being # used mostly by other spammers. That isn't enough to # "Identify" them as a specific spammer any more. # # Status: Unknown # TESTNAME='OEM Warez' TESTDOMAINS=${SBDIR}/retired/oemwarez-domains.txt TESTCIDR=${SBDIR}/retired/oemwarez-ips.cidr TESTPATTERNS=${SBDIR}/retired/oemwarez-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20051030 TESTUPDATED=20050819 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Omegalead.com # # Last reported spam: 8/09/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=omegalead.com # # Status: Unknown # TESTNAME='Omegalead.com' TESTDOMAINS=${SBDIR}/retired/omegalead-domains.txt TESTCIDR=${SBDIR}/retired/omegalead-ips.cidr TESTPATTERNS=${SBDIR}/retired/omegalead-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Oregon Processing Services # # Last reported spam: 12/21/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Oregon Processing Services' TESTDOMAINS=${SBDIR}/retired/opsvcs-domains.txt TESTCIDR=${SBDIR}/retired/opsvcs-ips.cidr TESTPATTERNS=${SBDIR}/retired/opsvcs-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Padborg, Kristin (WordOfMouth/ShareYourOpinion) # # Last reported spam: 5/23/05 # Data files last updated: 2/04/05 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19485 # # Status: Unknown # TESTNAME='Kristin Padborg' TESTDOMAINS=${SBDIR}/retired/padborg-domains.txt TESTCIDR=${SBDIR}/retired/padborg-ips.cidr TESTPATTERNS=${SBDIR}/retired/padborg-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050523 TESTUPDATED=20050204 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Parker, Dustin (E-Link Media) # # Last reported spam: 7/26/05 # Data files last updated: 7/26/05 # # Other Relevant Info: # # 7/26/05: # Long-time associate and employee of former ROKSO heavyweight # Scott Richter. There's some noise on NANAE that this might # *be* Richter spamming in an associate's name. I don't know how # seriously to take that claim, but the spam coming from here # is real spam. # # Status: Unknown # TESTNAME='Dustin Parker' TESTDOMAINS=${SBDIR}/retired/parker-domains.txt TESTCIDR=${SBDIR}/retired/parker-ips.cidr TESTPATTERNS=${SBDIR}/retired/parker-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050726 TESTUPDATED=20050726 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Peake Digital # # Last reported spam: 8/12/05 # Data files last updated: 8/12/05 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL20212 # # 8/12/05: # Spamming on behalf of Publishers Clearinghouse. :/ # # Status: Unknown # TESTNAME='Peake Digital' TESTDOMAINS=${SBDIR}/retired/peake-domains.txt TESTCIDR=${SBDIR}/retired/peake-ips.cidr TESTPATTERNS=${SBDIR}/retired/peake-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050812 TESTUPDATED=20050812 TESTTYPE=HEADER INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Penn Media/Pulse Direct # # Last reported spam: 12/11/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Penn Media' TESTDOMAINS=${SBDIR}/retired/pennmedia-domains.txt TESTCIDR=${SBDIR}/retired/pennmedia-ips.cidr TESTPATTERNS=${SBDIR}/retired/pennmedia-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Pexicom/Realtime Marketing/Global Hosting # # Last reported spam: 1/21/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 12/23/03: # Appears to have teamed up with or morphed into an outfit called # "Realtime Marketing" that inhabits the next /18 block over. Both # are on Above.net, and Pexicom hasnt moved in over a year. # Above.net evidently doesnt care about their customers spamming. :( # # 1/12/04: # Another morph, this time including new AboveNet IPs and a new name, # "Global Marketing". But its the same people. # # Status: Unknown # TESTNAME='Pexicom' TESTDOMAINS=${SBDIR}/retired/pexicom-domains.txt TESTCIDR=${SBDIR}/retired/pexicom-ips.cidr TESTPATTERNS=${SBDIR}/retired/pexicom-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # PostNote # # Last reported spam: 9/24/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='PostNote' TESTDOMAINS=${SBDIR}/retired/postnote-domains.txt TESTCIDR=${SBDIR}/retired/postnote-ips.cidr TESTPATTERNS=${SBDIR}/retired/postnote-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # PracticalOffers (CozyOffers/IncredibleMailOffers) # # Last reported spam: 8/24/05 # Data files last updated: 8/24/05 # # Other Relevant Info: # # 8/24/05: # Seen too many of these spams in the last few weeks. # Theyre getting listed. # # Status: Unknown # TESTNAME='PracticalOffers' TESTDOMAINS=${SBDIR}/retired/practicaloffers-domains.txt TESTCIDR=${SBDIR}/retired/practicaloffers-ips.cidr TESTPATTERNS=${SBDIR}/retired/practicaloffers-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050824 TESTUPDATED=20050824 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Rand, George (RandBad) # # Last reported spam: 6/11/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=George%20Rand%20-%20Randbad # # Status: Unknown # TESTNAME='George Rand' TESTDOMAINS=${SBDIR}/retired/georgerand-domains.txt TESTCIDR=${SBDIR}/retired/georgerand-ips.cidr TESTPATTERNS=${SBDIR}/retired/georgerand-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050611 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Reinertsen, Eric # # Last reported spam: 6/19/05 # Data files last updated: 8/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Eric%20Reinertsen # # Status: Unknown # TESTNAME='Eric Reinertsen' TESTDOMAINS=${SBDIR}/retired/reinertsen-domains.txt TESTCIDR=${SBDIR}/retired/reinertsen-ips.cidr TESTPATTERNS=${SBDIR}/retired/reinertsen-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050619 TESTUPDATED=20050807 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Roland, Sam # # Last reported spam: 10/15/05 # Data files last updated: 10/15/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Sam%20Roland%20/%20Innovasion%20/%20FT%20International # # Status: Unknown # TESTNAME='Sam Roland' TESTDOMAINS=${SBDIR}/retired/roland-domains.txt TESTCIDR=${SBDIR}/retired/roland-ips.cidr TESTPATTERNS=${SBDIR}/retired/roland-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20051015 TESTUPDATED=20051015 TESTTYPE=BODY INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Romero, Tim, Greg Williams and Jim Carbone (Franpro/gtwinc.com/azmalink.net) # # Last reported spam: 8/23/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Franpro%20/%20gtwinc.com%20/%20azmalink.net # # Status: Unknown # TESTNAME='Romero/Carbone' TESTDOMAINS=${SBDIR}/retired/romerocarbone-domains.txt TESTCIDR=${SBDIR}/retired/romerocarbone-ips.cidr TESTPATTERNS=${SBDIR}/retired/romerocarbone-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Rustinkov, Andrei # # Last reported spam: 5/18/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Andrei Rustinkov' TESTDOMAINS=${SBDIR}/retired/rustinkov-domains.txt TESTCIDR=${SBDIR}/retired/rustinkov-ips.cidr TESTPATTERNS=${SBDIR}/retired/rustinkov-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # SendPotential.com # # Last reported spam: 1/17/05 # Data files last updated: 8/14/04 # # Other Relevant Info: # # "Absolutefreesmut.com" signup information claim reminds # me unplesantly of spam from Joshua Baer -- this might be # a Baer morph, or might be a spammer that hired Baer in # the past. # # Status: Active Spammer # TESTNAME='SendPotential' TESTDOMAINS=${SBDIR}/retired/sendpotential-domains.txt TESTCIDR=${SBDIR}/retired/sendpotential-ips.cidr TESTPATTERNS=${SBDIR}/retired/sendpotential-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050117 TESTUPDATED=20040814 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Sheck Media # # Last reported spam: 8/26/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 6/01/2004: # Hugely prolific spamhaus that appears to focus its efforts on the # "Christian" market -- aka Evangelical Protestant market in the U.S. # Has been outspamming Ralsky two-to-one over the past week in the # SpamBouncer spamtrap. # # Status: Unknown # TESTNAME='Sheck Media' TESTDOMAINS=${SBDIR}/retired/sheckmedia-domains.txt TESTCIDR=${SBDIR}/retired/sheckmedia-ips.cidr TESTPATTERNS=${SBDIR}/retired/sheckmedia-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # ShopperMatrix # # Last reported spam: 12/20/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='ShopperMatrix' TESTDOMAINS=${SBDIR}/retired/shoppermatrix-domains.txt TESTCIDR=${SBDIR}/retired/shoppermatrix-ips.cidr TESTPATTERNS=${SBDIR}/retired/shoppermatrix-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # SiteProNews # # Last reported spam: 1/17/05 # Data files last updated: 2/05/04 # # Other Relevant Info: # # 9/18/02: # SiteProNews spammers, and probably other stuff. # # 10/08/02: # A complaint to the bypass address put me onto a bunch of # spammers that apparently arent associated with these # guys, but are definitely spamming. So there are a couple # of new recipes, and the domains below definitely all belong # to the same folks. # # 8/24/05: # SPAMIS cr*p. # # Status: Unknown # TESTNAME='SiteProNews' TESTDOMAINS=${SBDIR}/retired/sitepronews-domains.txt TESTCIDR=${SBDIR}/retired/sitepronews-ips.cidr TESTPATTERNS=${SBDIR}/retired/sitepronews-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050117 TESTUPDATED=20040205 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Smith, Chris ("John Rizler") # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Chris%20Smith%20/%20rizler.com # # Status: Unknown # TESTNAME='Chris Smith' TESTDOMAINS=${SBDIR}/retired/chrissmith-domains.txt TESTCIDR=${SBDIR}/retired/chrissmith-ips.cidr TESTPATTERNS=${SBDIR}/retired/chrissmith-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # SouthCityStreet/NetParkway # # Last reported spam: 1/26/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 12/18/03: # Absolutely *flooding* a couple of spamtraps. :( # # Status: Unknown # TESTNAME='SouthCityStreet' TESTDOMAINS=${SBDIR}/retired/southcitystreet-domains.txt TESTCIDR=${SBDIR}/retired/southcitystreet-ips.cidr TESTPATTERNS=${SBDIR}/retired/southcitystreet-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # SpamArrest # # Last reported spam: 6/30/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 1/18/04: # *STILL* spamming to advertise their spam filter. :( This is # hypocritical, obnoxious, and deserving of special notice. # Blocked and soon-to-be complained about automatically. # # 6/30/04: # Spamming via "affiliate" New Image Advertising. :/ # # Status: Unknown # :0 * ! MAINSLEAZE ?? NONE { TESTNAME='SpamArrest' TESTDOMAINS=${SBDIR}/retired/spamarrest-domains.txt TESTCIDR=${SBDIR}/retired/spamarrest-ips.cidr TESTPATTERNS=${SBDIR}/retired/spamarrest-patterns.rc TESTTYPE=ALL :0 * MAINSLEAZE ?? BLOCK { TESTSCORE=${BLOCKLEVEL} } :0 * MAINSLEAZE ?? SPAM { TESTSCORE=${SPAMLEVEL} } INCLUDERC=${SBDIR}/functions/identify-spammer.rc } # SpamSuckz.biz # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 6/16/04: # Prolific new spammers. SpamHaus SBL16217 indicates that this is # a Romanian/Chinese spam gang, but the IP block is Korean. # # Status: Unknown # TESTNAME='SpamSuckz.biz' TESTDOMAINS=${SBDIR}/retired/spamsuckz-domains.txt TESTCIDR=${SBDIR}/retired/spamsuckz-ips.cidr TESTPATTERNS=${SBDIR}/retired/spamsuckz-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # SpecialInboxDeliveries # # Last reported spam: 8/24/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 6/16/04: # Prolific new spammers. SpamHaus SBL16217 indicates that this is # a Romanian/Chinese spam gang, but the IP block is Korean. # # Status: Unknown # TESTNAME='SpecialInboxDeliveries' TESTDOMAINS=${SBDIR}/retired/specialinboxdeliveries-domains.txt TESTCIDR=${SBDIR}/retired/specialinboxdeliveries-ips.cidr TESTPATTERNS=${SBDIR}/retired/specialinboxdeliveries-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Sutter, Max # # Last reported spam: 12/14/05 # Data files last updated: 11/07/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Max%20Sutter%20/%20Petadoptions.com # # Status: Unknown # TESTNAME='Max Sutter' TESTDOMAINS=${SBDIR}/retired/maxsutter-domains.txt TESTCIDR=${SBDIR}/black/retired-ips.cidr TESTPATTERNS=${SBDIR}/black/retired-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20051214 TESTUPDATED=20051107 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Svadbik, John ("Christian Family Coalition"/"God Bless America"/MDCCC) # # Last reported spam: 12/25/03 # Data files last updated: 00/00/00 # # Other Relevant Info: # # 12/25/03: # This spammer is clearly trying to appear to be the much better # known, and as best I know non-spamming, group "Christian Coalition". # It appears to be one person in the Miami area with a few domain # names, though. And no shame, of course. :/ I got a rather # intemperate complaint from a SpamBouncer user whose politics are # left of center, and wondered, but then two spams from this guy # hit stealth spamtraps. # # Status: Unknown # TESTNAME='John Svadbik' TESTDOMAINS=${SBDIR}/retired/svadbik-domains.txt TESTCIDR=${SBDIR}/retired/svadbik-ips.cidr TESTPATTERNS=${SBDIR}/retired/svadbik-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Tasman, Larry (Greg Neumark/EvoClix) # # Last reported spam: 6/06/05 # Data files last updated: 6/06/05 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=EvoClix%20/%20Larry%20Tasman%20/%20Greg%20Numark # # Status: Unknown # TESTNAME='Larry Tasman' TESTDOMAINS=${SBDIR}/retired/larrytasman-domains.txt TESTCIDR=${SBDIR}/retired/larrytasman-ips.cidr TESTPATTERNS=${SBDIR}/retired/larrytasman-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050606 TESTUPDATED=20050606 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Total Guard Software Group # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # SBL: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL18468 # # 11/03/04: # These guys are all *OVER* the place. :/ Lots of alleged # "anti-spyware" and "anti-adware" spam that probably has # links to sites riddled with spyware and adware. # # Status: Unknown # TESTNAME='Total Guard' TESTDOMAINS=${SBDIR}/retired/totalguard-domains.txt TESTCIDR=${SBDIR}/retired/totalguard-ips.cidr TESTPATTERNS=${SBDIR}/retired/totalguard-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Topoligy, LLC # # Last reported spam: 2/05/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Topoligy' TESTDOMAINS=${SBDIR}/retired/topoligy-domains.txt TESTCIDR=${SBDIR}/retired/topoligy-ips.cidr TESTPATTERNS=${SBDIR}/retired/topoligy-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # TopSitez # # Last reported spam: 2/09/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='TopSitez' TESTDOMAINS=${SBDIR}/retired/topsitez-domains.txt TESTCIDR=${SBDIR}/retired/topsitez-ips.cidr TESTPATTERNS=${SBDIR}/retired/topsitez-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Trafficmagnet # # Last reported spam: 10/14/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Trafficmagnet # http://haystackinaneedle.com/news/200304_traffic_magnet.htm?gaw-tmsi # # Status: Unknown # TESTNAME='Trafficmagnet' TESTDOMAINS=${SBDIR}/retired/trafficmagnet-domains.txt TESTCIDR=${SBDIR}/retired/trafficmagnet-ips.cidr TESTPATTERNS=${SBDIR}/retired/trafficmagnet-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Tripac International, Ltd. # # Last reported spam: 9/18/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Tripac%20International%20Limited # # Status: Unknown # TESTNAME='Tripac International' TESTDOMAINS=${SBDIR}/retired/tripac-domains.txt TESTCIDR=${SBDIR}/retired/tripac-ips.cidr TESTPATTERNS=${SBDIR}/retired/tripac-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Tyler, Shay (Mleads/IQ Enterprises) # # Last reported spam: 6/16/05 # Data files last updated: 5/13/05 # # Other Relevant Info: # # (old) ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=radisp.net%20/%20IQ%20Enterprises # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Shay%20Tyler%20/%20MLeads.com # # Status: Unknown # TESTNAME='Shay Tyler' TESTDOMAINS=${SBDIR}/retired/shaytyler-domains.txt TESTCIDR=${SBDIR}/retired/shaytyler-ips.cidr TESTPATTERNS=${SBDIR}/retired/shaytyler-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050616 TESTUPDATED=20050513 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # UK Life League # # Last reported spam: 3/03/05 # Data files last updated: 3/03/05 # # Other Relevant Info: # # 10/26/03: # Pro-life organization that adds email addresses to their email lists # without confirming them, and ignores remove requests and complaints. # # Status: Unknown # TESTNAME='UK Life League' TESTDOMAINS=${SBDIR}/retired/uklifeleague-domains.txt TESTCIDR=${SBDIR}/retired/uklifeleague-ips.cidr TESTPATTERNS=${SBDIR}/retired/uklifeleague-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050303 TESTUPDATED=20050303 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Valued Client Marketing # # Last reported spam: 7/28/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # Status: Unknown # TESTNAME='Valued Client Marketing' TESTDOMAINS=${SBDIR}/retired/valuecc-domains.txt TESTCIDR=${SBDIR}/retired/valuecc-ips.cidr TESTPATTERNS=${SBDIR}/retired/valuecc-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Van Essen, Mike (Global Web Promotions) # # Last reported spam: 3/03/05 # Data files last updated: 7/31/04 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Mike%20Van%20Essen%20/%20Global%20Web%20Promotions # # 10/15/2005: # In jail, on trial. He's gone, Jim. ;) # # Status: Jailed Spammer # TESTNAME='Mike Van Essen' TESTDOMAINS=${SBDIR}/retired/vanessen-domains.txt TESTCIDR=${SBDIR}/retired/vanessen-ips.cidr TESTPATTERNS=${SBDIR}/retired/vanessen-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050303 TESTUPDATED=20040731 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Wagner, Robert (Stargate 2000) # # Last reported spam: 11/03/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Stargate2000%20/%20RW%20Management%20/%20Robert%20Wagner%20/%20Hector%20Sectzer # # Status: Unknown # TESTNAME='Robert Wagner' TESTDOMAINS=${SBDIR}/retired/robertwagner-domains.txt TESTCIDR=${SBDIR}/retired/robertwagner-ips.cidr TESTPATTERNS=${SBDIR}/retired/robertwagner-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Westby, Brian David (Married But Lonely) # # Last reported spam: 3/15/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Brian%20David%20Westby%20/%20Married%20But%20Lonely # # Status: Unknown # TESTNAME='Brian David Westby' TESTDOMAINS=${SBDIR}/retired/westby-domains.txt TESTCIDR=${SBDIR}/retired/westby-ips.cidr TESTPATTERNS=${SBDIR}/retired/westby-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Westmoreland, Andrew # # Last reported spam: 7/21/05 # Data files last updated: 5/22/05 # # Other Relevant Info: # # Formerly ROKSO-listed, now retired after six months of # nary a peep from the guy. He claims to have moved to # "double opt-in", and whatever he's done means his spam # isn't hitting anything here. # # Status: Gone Legitimate? # TESTNAME='Andrew Westmoreland' TESTDOMAINS=${SBDIR}/retired/westmoreland-domains.txt TESTCIDR=${SBDIR}/retired/westmoreland-ips.cidr TESTPATTERNS=${SBDIR}/retired/westmoreland-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=20050721 TESTUPDATED=20050522 TESTTYPE=HEADER INCLUDERC=${SBDIR}/functions/identify-spammer.rc # Whitcon/USWives # # Last reported spam: 2/18/04 # Data files last updated: 00/00/00 # # Other Relevant Info: # # ROKSO: http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Whitcon%20/%20uswives # # Status: Unknown # TESTNAME='Whitcon' TESTDOMAINS=${SBDIR}/retired/whitcon-domains.txt TESTCIDR=${SBDIR}/retired/whitcon-ips.cidr TESTPATTERNS=${SBDIR}/retired/whitcon-patterns.rc TESTSCORE=${SPAMLEVEL} TESTLAST=00000000 TESTUPDATED=00000000 TESTTYPE=ALL INCLUDERC=${SBDIR}/functions/identify-spammer.rc