Re: this receive line only in spam

Fri, 15 Jul 2005 09:43:26 -0700 

>...
>
>FYI,
>I got another receive line here that occurs only in spam, with always the
>same ip-segment (not the ip-address that actually delivers the mail).
>First I tagged it with SA but now I block the mail in postfix, 15% less
>spam!.
>Maybe somebody recognizes these lines. It's the second receive line, and
>the envelope-sender ends at @punkass.com, @sexmagnet.com, @thoughguy.com
>etcetera.
>
>Regards
>Menno van Bennekom
>
>Received: from bonbon.net (mx2.bonbon.net [38.113.3.55])
>Received: from bonbon.net (mx3.bonbon.net [38.113.3.75])
>Received: from gamebox.net (mx1.gamebox.net [38.113.3.68])
>Received: from gamebox.net (mx2.gamebox.net [38.113.3.58])
>Received: from gamebox.net (mx3.gamebox.net [38.113.3.78])
>Received: from hotpop.com (mx1.hotpop.com [38.113.3.72])
>Received: from hotpop.com (mx2.hotpop.com [38.113.3.72])
>Received: from hotpop.com (mx4.hotpop.com [38.113.3.72])
>Received: from phreaker.net (mx1.phreaker.net [38.113.3.57])
>Received: from phreaker.net (mx2.phreaker.net [38.113.3.57])
>Received: from phreaker.net (mx3.phreaker.net [38.113.3.77])
>Received: from punkass.com (mx1.punkass.com [38.113.3.63])
>Received: from punkass.com (mx2.punkass.com [38.113.3.63])
>Received: from punkass.com (mx3.punkass.com [38.113.3.53])
>Received: from sexmagnet.com (mx1.sexmagnet.com [38.113.3.64])
>Received: from toughguy.net (mx1.toughguy.net [38.113.3.56])
>Received: from toughguy.net (mx2.toughguy.net [38.113.3.56])
>
>
>
>
>> [orginal post snipped]

        Those are all domain names a user can chose from hotpop.com,
a "free" mail provider who's accounts are both widely abused and forged.
Blocking them is probably not "a good thing".  They do have at least
tens of thousands or legitimate users (and I could easily be underestimating
by one or two orders of magnitude).

        You can check them at http://www.hotpop.com

        BTW.  hotpop is "white hat", so when it is abuse, not forgery
they do act (though like most companies, not a quick as I'd like).
Also, they even have a clause in their TOS which prohibits using them
for a "dropbox".


        Paul Shupak
        [EMAIL PROTECTED]

Reply via email to