"We'd like to use your IP address reputation to bypass spam filters by
spreading our footprint out as much as possible and spam a few million
people into the ground because we've ruined the reputation of every
other IP address we've ever used.
no. you misunderstand.
The value proposition is not spam: that works with unallocated space.
The value proposition is gaming google page rank, by using widely spread and legitimately routed IPs to force your paying customers page rank high, by hits and references. This is a very high value business: one customer paying you big bucks, to have their web high in google pagerank. Not attacking a million mailboxes.
In this model, the 'target' is google. The IPS need to come from classic, widespread IPs because google now count the source IP and can tell if you use a virtually hosted single IP to try and do this.
I have a question: are we actually able to state this consumption of address is 'illegal' ? I personally judge it to be unethical, but that is not the same thing.
-George
PS since this goes to address policy, I need to declare that I work for an RIR but I am posting in a personal capacity and nothing I say is a reflection of any RIR address policy. I work in the research department, not in registry/allocations
The value proposition is not spam: that works with unallocated space.
You may well be right that their plan is to fake out page rank, but
spammers also like address space that's been allocated for a long
time. Spreading spam around to try to sneak under the radar is so
common that it has a name, snowshoe spamming.
R's,
John
Of course, we declined. I just thought it was worth posting so others might be alerted that this was going on.
Hadn't known about the google page ranking SEO, but it makes sense
Seems this is not the first request for this "company" for space.
http://lists.arin.net/pipermail/arin-ppml/2012-January/023891.html
Fred
If that's all they want, why not get dedi/vp/cloud servers distributed all around the globe and use those for hosting the sites used to drive up page rank?
because by renting others space, they get the benefit of hiding in their otherwise normal traffic? plausible denyability?
I don't know. I used over-pejorative language. this is probably not ALL they want to do, but I don't think the primary driver is spam, because spam generates a lower income stream, and has higher risks of being RBL or otherwise blocked, and can be achieved quickly by use of unrouted space.
Also, what makes you think they aren't renting VPS? Or (for that matter) founding Virtual Hosting companies, and acquiring address for this purpose?
Surely a wise strategy in this space is to have many strategies?
-G
PS same: since this goes to address policy, I need to declare that I work for an RIR but I am posting in a personal capacity and nothing I say is a reflection of any RIR address policy. I work in the research department, not in registry/allocations
This tactic is extremely well known by spammers. Either sending from the blocks or hosting questionable client web (usually spammed URLs).
There really isn't much else people try with this stuff.
Yes, the space quickly goes on *BLs. They don't care; they get more and leave you holding the poop.
do, but I don't think the primary driver is spam, because spam generates a lower
income stream, and has higher risks of being RBL or otherwise blocked, and can be
achieved quickly by use of unrouted space.
I think you overestimate how technically sophisticated snowshoers are.
I just don't see a lot of spam from hit and run route announcements.
R's,
John
The GRE tunnels part of it, together with email marketing, makes this
likely to be a snowshoe spam operation.
Sure it could be pagerank gaming, blog spamming etc. But on the balance
it smells like snowshoe to me.
--srs
More like, they're as sophisticated as they need to be in their routing.
All their sophistication goes into figuring out ISP spam filtering and
bypassing it.
Those phantom route incidents are more often than not associated with bot
traffic, ddos etc rather than snowshoe spam.
It's not as if those activities are mutually exclusive.
Owen
No. And often you find "dirty" blocks reused by a few ISPs for other, non
email purposes - like once they finally boot a snowshoer off, they take on
a blog spammer or something of the sort.
Thank you George. Not SMTP but HTTP.
I expect exact match string (as brand) marketers, and also
partial match string (as brand typo-squatter) marketers, to exploit
this asset class ("widely spread and legitimately routed IPs").
#include <string/metric.h>
#include <icann/udrp.h>
#include <seo/ppc.h>
Eric
hmmmmm..
no. you misunderstand.
The value proposition is not spam: that works with unallocated space.
The value proposition is gaming google page rank, by using widely spread and
legitimately routed IPs to force your paying customers page rank high, by
hits and references. This is a very high value business: one customer paying
you big bucks, to have their web high in google pagerank. Not attacking a
million mailboxes.
In this model, the 'target' is google. The IPS need to come from classic,
widespread IPs because google now count the source IP and can tell if you
use a virtually hosted single IP to try and do this.
I have a question: are we actually able to state this consumption of address
is 'illegal' ? I personally judge it to be unethical, but that is not the
same thing.
-George
PS since this goes to address policy, I need to declare that I work for an
RIR but I am posting in a personal capacity and nothing I say is a
reflection of any RIR address policy. I work in the research department, not
in registry/allocations
George,
I would figure Google would check AS path / BGP announcements ? If
they are checking source address why not routing too ?
-Jim