wholesalebandwidth.com major sponsor of spammers refuses to accept email at abuse

Henry_Linneweh · March 12, 2004, 3:11am

I have received almost 200 different spam messages from domains hosted by this
provider from russain domains attempting to sell pharmacueticals and other unsolicited
services that I do not want tekmailer.com and moosq.com are 2 of the primary
abusers from this hosting company

-Henry

Message from yahoo.com.
Unable to deliver message to the following address(es).

<abuse@wholesalebandwidth.com>:
69.6.21.60 does not like recipient.
Remote host said: 550 5.7.1 <abuse@wholesalebandwidth.com>… Relaying
denied
Giving up on 69.6.21.60.

Brian_Bruns · March 12, 2004, 3:14am

Wholesalebandwidth is just a front-end for spammers. I've had them
blacklisted for a long time with no ill affects (and alot less spam).

Suresh_Ramasubraman1 · March 12, 2004, 3:28am

Henry Linneweh writes on 3/12/2004 8:41 AM:

I have received almost 200 different spam messages from domains
hosted by this provider from russain domains attempting to sell
pharmacueticals and other unsolicited services that I do not want
tekmailer.com and moosq.com are 2 of the primary abusers from this
hosting company

Wholesalebandwidth = Scott Richter.

http://groups.google.com/groups?q=scott+richter+wholesalebandwidth

You can safely nullroute 69.6.0.0/18

srs

william_at_elan.net · March 12, 2004, 4:37am

Don't forget to add 69.6.64.0/20 to your access list - they recently got
this addition and quickly moved quite some number of spam servers there.

Matt_Ghali · March 12, 2004, 6:59am

Wholesalebandwidth = Scott Richter.
http://groups.google.com/groups?q=scott+richter+wholesalebandwidth
You can safely nullroute 69.6.0.0/18

You can say that again. He's a strong third on my list:
http://mrtg.snark.net/nullstats.cgi

Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are!

matto

--matt@snark.net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>

Gudbjorn_Hreinsson · March 12, 2004, 10:33am

Are such networks maintained somewhere? SPEWS?
-GSH

Ricardo_G_Patara · March 12, 2004, 12:01pm

I'd say that it is not a wise thing to do, but it is up to you.

Inside this /8 block there are a lot allocation to important networks
in our region.
There is also, users that send spam from these IPs, but I see this all
the time from IP blocks of all over the world.

According to some statistics USA is one of the top in the list of
spammers.
Do you filter all American blocks in your network? I guess not. You
wisely filter only some, like this 69.6.0.0/18.
Do you filter all Asia blocks? I guess not...

regards,
Ricardo.

J.D_Falk4 · March 12, 2004, 4:09pm

http://www.spamhaus.org/ is always a good place to start.
They've got the most comprehensive public collection of
information about spammer operations.

Matt_Ghali · March 12, 2004, 6:03pm

I'd say that it is not a wise thing to do, but it is up to you.

  Inside this /8 block there are a lot allocation to important networks
  in our region.
  There is also, users that send spam from these IPs, but I see this all
  the time from IP blocks of all over the world.

It is an effective solution in my specific application, with my set of
users. I have a 100% hit rate with no false positives. I am not
suggesting other folks do the same unless their requirements are also
the same. I certainly wouldn't do this at my day job as
postmaster@sony.com, for example.

  According to some statistics USA is one of the top in the list of
  spammers.
  Do you filter all American blocks in your network? I guess not. You
  wisely filter only some, like this 69.6.0.0/18.

I filter the blocks that I see a 1:0 spam to ham ratio from, wherever
they are located. I also try to aggregate where I can. The LACNIC
blocks were a convenient place to do so.

Do you filter all Asia blocks? I guess not...

I certainly do filter abuseive asian networks, except for networks
that my users need connectivity to, or networks that I have not seen
abuse from:

http://mrtg.snark.net/blacklist.cgi

I think you'll see that there's no region singled out there. You might
also be forgetting that the reason I singled out the LACNIC blocks, is
that they are the third largest source of unwanted SMTP traffic I see.

I'm sorry if my actions have offended you, because there really is
nothing personal going on here, just pragmatism and a desire to
prevent as much spam as possible from reaching my users.

Matt Ghali
speaking as postmaster@snark.net only

--matt@snark.net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>

Alex_Clark · March 12, 2004, 7:04pm

--- hrlinneweh wrote:

tekmailer.com and moosq.com are 2 of the primary
abusers from this hosting company

Wholesale Bandwidth are spammers, the 4th worst in the
world according to spamhaus.org.

According to senderbase.org, those two domains are the
8th and 18th biggest sources of all Internet e-mail,
ahead of entire networks of worm ridden cable users.

also makes interesting reading.

--- gsh wrote:

Are such networks maintained somewhere? SPEWS?

Spamhaus has useful data. There was some talk of a
MAPS style BGP feed from Spamhaus which would be
ideal, but I don't know what the current situation is.
SBL data is available direct from Spamhaus or from
http://spfilter.sourceforge.net/data/sbl/

Ricardo_G_Patara · March 12, 2004, 8:13pm

Hello,

I also just want to make clear that there is nothing personal going on
neither from my side.

BTW, I tried to answer this directly to you, but as you block the whole
200/8, it was not possible.
Interestingly, this could be your your first "ham" message from LACNIC
region. Not this time...

I sent my message to the list just to make it clear that not everyone
in LACNIC region is spammer.

The way you said the following:

Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are!

sounded that you had no idea what LACNIC is, and don't even care.
To you it is just a bunch of spammer.

Other might had the wrong impression that really doesn't matter
what LACNIC is, and start to block the 200/8 because someone does so.

Just my thoughts,

Regards,
Ricardo.

Gudbjorn_Hreinsson · March 12, 2004, 8:54pm

--- hrlinneweh wrote:
> tekmailer.com and moosq.com are 2 of the primary
> abusers from this hosting company

Wholesale Bandwidth are spammers, the 4th worst in the
world according to spamhaus.org.

But 69.6.0.0/18 is not listed in
http://www.spamhaus.org/drop/

Is the Spamhaus BL different from the Drop? This network
is listed in the SBL...

-GSH

Petri_Helenius · March 12, 2004, 9:27pm

Ricardo G Patara wrote:

According to some statistics USA is one of the top in the list of
spammers. Do you filter all American blocks in your network? I guess not. You
wisely filter only some, like this 69.6.0.0/18.
Do you filter all Asia blocks? I guess not...

When this came up the previous time, I suggested that disconnecting Florida from the Internet would be a good start to reduce abuse.
However, since some people seem to care about the hardly measurable amount of legitimate traffic coming from there, this has not happened.

Pete

jpayne · March 12, 2004, 11:16pm

spam-l is over that way ->
google is also your friend

and do you have to keep sending multipart mail?