Spam to list participants (from openhosting.com & softcom.com)

Matt Lager matt at soliddataservices.com
Tue Apr 29 03:03:23 UTC 2014 

Thanks for putting in this legwork and reporting back... I received a 
few of these today after replying to a thread, and my daughter commonly 
uses my computer. I was lucky to not have my E-mail sitting open, as 
they all contained inappropriate pictures. I must pose the question, do 
these spam messages work, ever? They must for people to be sending them. 
But what's more interesting, is my spam messages didn't contain any 
links to go somewhere else, although I'm sure if I replied, those links 
would be on their way.

Anyway, thanks again.

On 4/28/2014 6:16 PM, Ronald F. Guilmette wrote:
>
> As many of you will have already learned, in recent days it has
> come to pass that if you post to this mailing list, then in short
> order you will receive a set of spam e-mail messages, all attempting
> to entice you into signing up (with your credit card #) for one or
> another "dating" web site.  I myself have received three such spams
> now.  Verbatim full text copies of these spams may be viewed here:
>
>      ftp://ftp.tristatelogic.com/pub/cases/413978/spam.0
>      ftp://ftp.tristatelogic.com/pub/cases/413978/spam.1
>      ftp://ftp.tristatelogic.com/pub/cases/413978/spam.2
>
> (Please note that the final one of these contains a pornographic image
> file that, I imagine, most parents with minor children would probably
> prefer not to have them exposed to.)
>
> Unfortunately, these spams are slipping past all of the major public
> blacklists at the present time.
>
> I have identified the spammer in question, a citizen of Bangladesh,
> but that is not important now.  What is important is that this same
> spammer has been active and, until now, mostly targeting Craigslist
> users since at least November 2012.  Now however, with the help and
> support of two specific and very obliging hosting companies (i.e.
> openhosting.com and softcom.com), he is currently targeting the FreeBSD
> community, and its mailing lists.
>
> Because the relevant automated spams are being sent directly to people
> who _post_ to various FreeBSD mailing lists, and not to any of the
> FreeBSD lists themselves, there isn't a lot that the FreeBSD.Org
> postmasters can do about this issue/problem.  They have no way of
> directly blocking these spams.  (They have however been notified of
> the problem and are currently seeking solutions.)
>
> Based upon my own careful analysis and resarch, I have determined that
> the set of domains and IPs that this spammer is spamming from are as
> follows:
>
> 63.251.148.15 mx1.msgfresh.com
> 63.251.153.74 mx1.streamtexts.com
> 63.251.153.88 mx1.echatmail.com
> 63.251.153.112 mx1.speedytxts.com
> 66.151.32.131 mx1.msgtxts.com
> 66.151.32.216 mx1.flirtymsgs.com
> 66.151.36.105 mx1.friendstreaming.com
> 66.151.36.115 mx1.volleymail.com
> 66.151.36.117 mx1.blingymail.com
> 69.25.178.46 mx1.chattersmeet.com
> 69.25.178.59 mx1.justext.in
> 168.144.155.60 mx1.mailingflow.com
> 192.30.165.137 mx1.sweetiegram.com
> 206.191.128.178 mx1.mailingbuddies.com
> 206.191.128.250 mx1.txtmailing.com
> 216.224.169.239 mx1.simptxts.com
>
> (Note that the above domains have all been registered via/through the
> notoriously spam-friendly registrar http://www.internetbs.net/, they
> have all been registered within the relatively recent past, and they
> all have anonymized WHOIS records.)
>
> In each case, the relevant connectivity/hosting provider is helpfully
> providing the spammer with matching reverse DNS for his IP addresses...
> an essential property to enable the spammer to get past certain kinds of
> anti-spam filters, including my own.  The specific two providers who are
> providing this excellent level of service to this specific snowshoe
> spammer are:
>
> 	openhosting.com
> 	softcom.com
>
> Assuming that these providers give the same weight to incoming complaints
> about their paying customers as do most hosting companies these days...
> which is to say zero... I would like to advise all readers of this
> mailing list who may be spam-adverse that it is not necessary to wait for
> the major public blacklists to get around to listing the above spam
> sources.  Rather, I suggest that all e-mail administrators reading this
> message would be well advised to locally block incoming e-mail from all
> of the following IP ranges (which contain all of the above current spam
> sources):
>
> 63.251.148.0/23
> 63.251.153.0/25
> 66.151.32.128/25
> 66.151.36.64/26
> 69.25.178.0/26
> 168.144.0.0/16
> 192.30.160.0/20
> 206.191.128.128/25
> 216.224.169.0/24
>
>
> Regards,
> rfg
>
>
> P.S.  In making a determination as to wether or not a given hosting provider
> is or isn't "spammer friendly", in my personal opinion, actions speak louder
> than words.  As I have noted above, openhosting.com & softcom.com are both
> helpfully providing matching reverse DNS for the snowshoe spammer in
> question.  Given that the spammer in question is currently sending
> unsolicited pornographic images to anyone who posts to a mailing list...
> including, most probably, minors... I personally feel that their actions
> are nothing short of reprehensible.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

-- 

Solid Data Services <http://www.soliddataservices.com>

Matt Lager / President
*Office:* 480-351-5122
*Mobile:* 501-269-8606
www.SolidDataServices.com <http://www.soliddataservices.com>

This e-mail message may contain confidential or legally privileged 
information and is intended only for the use of the intended 
recipient(s). Any unauthorized disclosure, dissemination, distribution, 
copying or the taking of any action in reliance on the information 
herein is prohibited. E-mails are not secure and cannot be guaranteed to 
be error free as they can be intercepted, amended, or contain viruses. 
Anyone who communicates with us by e-mail is deemed to have accepted 
these risks. Solid Data Services is not responsible for errors or 
omissions in this message and denies any responsibility for any damage 
arising from the use of e-mail. Any opinion and other statement 
contained in this message and any attachment are solely those of the 
author and do not necessarily represent those of the company.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the freebsd-questions mailing list