On Mar 8, 2014, at 6:52 AM, Gary Gendel <[email protected]> wrote:
> Almost all of my uncaught spam comes from two domains:
>
> colocrossing.com
> hostnoc.net
Color me unsurprised. I even think I know which spammer you're referring to.
HostNoc/BurstNet has long had a reputation of being a spam-friendly hosting
service. Lately, they seem to be the preferred provider for one of the most
prolific and effective spammers I've seen. This particular spammer is
exploiting 'syndicated marketing' programs on a massive scale, and they make a
point of varying every possible aspect of their messages to systematically work
around filtering - From lines, Subject lines, hostnames, message text, even
their URL schemes are heavily randomized and changing constantly. Every single
feature of the message that could be the target for a filter is changed
continuously. Their hosting services (something like 50% of their domains were
in HostNoc space, last time I looked) further facilitate things by letting them
constantly switch IPs ("snowshoe spamming"). These guys have put some real
thought into getting past filters and blacklists, and it works.
So I'd bet that when you talk about "uncaught spam", it's theirs. HostNoc also
host other similar spam operations, but this outfit is both the most prolific
and the hardest to filter.
Incidentally, I have a personal axe to grind with HostNoc. I used to be a
BurstNet customer until one of their tame spammers moved into the IP block
where I had my IPs and pumped out so much crap that the entire block got
blacklisted. I spent a few weeks trying to get BurstNet to do something, such
as simply allocate me new IPs in a non-contaminated block. They stalled me for
a while with vague responses, then took to ignoring me completely, so I
switched to a new provider.
It sounds like hyperbole, but I really now believe that HostNoc care more about
supporting the spammers (who apparently rent a _lot_ of servers) than their
legitimate customers.
TL;DR: if you null-route every IP that HostNoc owns, it will make a dramatic
difference to the amount of spam you see.
Angus
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
