I have several hosts that connect several times a day, all targeting one single user hosted in my server.
They have in common:
- they are using dedicated hosts
- they set-up correctly their host name, and reverse, their MX and even their SPF
- their hostname is named ssl.*
- they send from an address within their domain. Didn't check whether the user part in the address is valid.
- they send thru real MTA's, that defeat greylisting
- the message itself is either in plaintext, html, or both (multipart/alternative)
- all the links contain tracking data
- usually, they have an unsubscribe link which is highly suspect.
Here is the lists of hosts seen in the last 7 days:
QUOTE
ssl.moinchtail.com [208.110.69.190]
ssl.amazillypretty.info [64.187.120.83]
ssl.arcfinal.info [64.187.120.85]
ssl.armsideways.com [64.187.120.87]
ssl.waspinger.com [64.187.120.89]
ssl.asponnilia.com [64.187.120.91]
ssl.buyournest.com [64.187.126.156]
ssl.bullish-commerce.com [64.187.127.72]
ssl.svcsources.info [64.187.127.73]
ssl.illetrades.info [64.187.127.74]
ssl.theboatsail.biz [64.187.127.79]
ssl.rebollo.biz [64.187.127.80]
ssl.deacorntrail.com [64.187.127.85]
ssl.undrawnera.com [64.187.127.89]
ssl.bumaspring.com [66.63.168.130]
ssl.onlinesequoiatypes.com [66.63.168.98]
ssl.rush-trades-now.com [66.63.188.167]
ssl.scarduaconsulting.com [67.205.113.241]
ssl.thebecksourcer.com [67.205.113.244]
ssl.thebacksorter.com [67.205.113.248]
ssl.autoprofilesearch.info [67.205.113.249]
ssl.bagthorr.com [67.205.113.250]
ssl.bailtired.com [67.205.113.251]
ssl.bakerwildy.com [67.205.113.252]
ssl.fardilla.com [69.42.97.17]
ssl.warayson.com [69.42.97.18]
ssl.suarkovery.com [69.42.97.19]
ssl.benger16.com [69.42.97.25]
ssl.amazillypretty.info [64.187.120.83]
ssl.arcfinal.info [64.187.120.85]
ssl.armsideways.com [64.187.120.87]
ssl.waspinger.com [64.187.120.89]
ssl.asponnilia.com [64.187.120.91]
ssl.buyournest.com [64.187.126.156]
ssl.bullish-commerce.com [64.187.127.72]
ssl.svcsources.info [64.187.127.73]
ssl.illetrades.info [64.187.127.74]
ssl.theboatsail.biz [64.187.127.79]
ssl.rebollo.biz [64.187.127.80]
ssl.deacorntrail.com [64.187.127.85]
ssl.undrawnera.com [64.187.127.89]
ssl.bumaspring.com [66.63.168.130]
ssl.onlinesequoiatypes.com [66.63.168.98]
ssl.rush-trades-now.com [66.63.188.167]
ssl.scarduaconsulting.com [67.205.113.241]
ssl.thebecksourcer.com [67.205.113.244]
ssl.thebacksorter.com [67.205.113.248]
ssl.autoprofilesearch.info [67.205.113.249]
ssl.bagthorr.com [67.205.113.250]
ssl.bailtired.com [67.205.113.251]
ssl.bakerwildy.com [67.205.113.252]
ssl.fardilla.com [69.42.97.17]
ssl.warayson.com [69.42.97.18]
ssl.suarkovery.com [69.42.97.19]
ssl.benger16.com [69.42.97.25]
Some are operating since months ago. 67.205.64.0/18 (hosted by iWeb) is blocked here since 4 months...
Here is the e-mail addresses they have used (in the RFC_2821 envelope) , also during the 7 last days
QUOTE
123Inkjets[at]amazillypretty.info
123Inkjets[at]onlinesequoiatypes.com
24HourSaleonprinter_inkcartridges[at]amazillypretty.info
24HourSaleonprinter_inkcartridges[at]svcsources.info
AbRocket[at]armsideways.com
AbRocket[at]theboatsail.biz
BusinessCards[at]bagthorr.com
CashFinder[at]bakerwildy.com
CashFinder[at]fardilla.com
CherylTiegs[at]amazillypretty.info
CherylTiegs[at]fardilla.com
CherylTiegs[at]undrawnera.com
ChurchDating[at]arcfinal.info
ChurchDating[at]bumaspring.com
Clarisonic[at]theboatsail.biz
Collectiblestoday[at]arcfinal.info
Collectiblestoday[at]bumaspring.com
CreditReportSpecialists[at]amazillypretty.info
DIRECTSatelliteTV[at]arcfinal.info
Dollars4Gold.com[at]bullish-commerce.com
Dollars4Gold.com[at]onlinesequoiatypes.com
EndurRxSpecialOffer[at]autoprofilesearch.info
EndurRxSpecialOffer[at]deacorntrail.com
ENSupport[at]armsideways.com
ENSupport[at]buyournest.com
ENSupport[at]theboatsail.biz
FederalGrantAdvisors[at]buyournest.com
FoodSampleSurvey[at]bumaspring.com
FoodSampleSurvey[at]moinchtail.com
GiftDepotDirect[at]bumaspring.com
Glycogone[at]benger16.com
Glycogone[at]deacorntrail.com
Glycogone[at]illetrades.info
GrantsOnline[at]amazillypretty.info
GrantsOnline[at]buyournest.com
GrantsOnline[at]fardilla.com
GrassSeed[at]asponnilia.com
GrassSeed[at]benger16.com
GrassSeed[at]buyournest.com
GrassSeed[at]svcsources.info
GroceryCoupons[at]rush-trades-now.com
HealthyCredit[at]armsideways.com
HealthyLegs[at]theboatsail.biz
HomeownersInsurance[at]theboatsail.biz
HumanResources[at]bakerwildy.com
HumanResources[at]bumaspring.com
HumanResources[at]fardilla.com
InsuranceCompany[at]fardilla.com
InsuranceCompany[at]rush-trades-now.com
JohnCummuta[at]autoprofilesearch.info
JohnCummuta[at]thebecksourcer.com
MightyPutty[at]arcfinal.info
Moneyisavailable[at]autoprofilesearch.info
Moneyisavailable[at]deacorntrail.com
noreply[at]amazillypretty.info
noreply[at]arcfinal.info
noreply[at]armsideways.com
noreply[at]autoprofilesearch.info
noreply[at]bailtired.com
noreply[at]bakerwildy.com
noreply[at]benger16.com
noreply[at]bumaspring.com
noreply[at]buyournest.com
noreply[at]deacorntrail.com
noreply[at]fardilla.com
noreply[at]illetrades.info
noreply[at]moinchtail.com
noreply[at]onlinesequoiatypes.com
noreply[at]rush-trades-now.com
noreply[at]svcsources.info
noreply[at]thebecksourcer.com
noreply[at]theboatsail.biz
noreply[at]undrawnera.com
noreply[at]warayson.com
noreply[at]waspinger.com
ParkRoyalCancun[at]autoprofilesearch.info
ParkRoyalCancun[at]deacorntrail.com
PCServiceNews[at]armsideways.com
PCServiceNews[at]bakerwildy.com
PCServiceNews[at]illetrades.info
PCServiceNews[at]undrawnera.com
PDFSolution[at]amazillypretty.info
PDFSolution[at]svcsources.info
PerfectSmile[at]armsideways.com
PerfectSmile[at]bakerwildy.com
quotes[at]armsideways.com
quotes[at]theboatsail.biz
RobertAllen[at]deacorntrail.com
RobertAllen[at]illetrades.info
RobertAllen[at]undrawnera.com
SellTimeshare[at]amazillypretty.info
SellTimeshare[at]buyournest.com
SellTimeshare[at]fardilla.com
SmokeFreeIn30Days[at]svcsources.info
SmokeFreeIn30Days[at]theboatsail.biz
StopForeclosureOption[at]illetrades.info
SuperFoodsRxMessage[at]illetrades.info
SuperGreenTeaPatch[at]bailtired.com
SuperGreenTeaPatch[at]fardilla.com
SuperGreenTeaPatch[at]theboatsail.biz
swimmingpoolquotes[at]amazillypretty.info
swimmingpoolquotes.com[at]bagthorr.com
swimmingpoolquotes.com[at]waspinger.com
TimeshareCash[at]armsideways.com
TimeshareCash[at]bakerwildy.com
Trade-In[at]amazillypretty.info
Trade-In[at]onlinesequoiatypes.com
UnlimitedInternetMovieDownloadCenter[at]arcfinal.info
UnlimitedInternetMovieDownloadCenter[at]thebecksourcer.com
Vegas4Free[at]illetrades.info
Vegas4Free[at]warayson.com
Victoria[at]moinchtail.com
Victoria[at]waspinger.com
VitalAcai[at]autoprofilesearch.info
Weightloss[at]autoprofilesearch.info
WorldSeriesOfPokerSeatOpportunity[at]arcfinal.info
WorldSeriesOfPokerSeatOpportunity[at]thebecksourcer.com
WRF[at]svcsources.info
WRF[at]thebacksorter.com
YourDebtSource[at]benger16.com
YourDebtSource[at]onlinesequoiatypes.com
123Inkjets[at]onlinesequoiatypes.com
24HourSaleonprinter_inkcartridges[at]amazillypretty.info
24HourSaleonprinter_inkcartridges[at]svcsources.info
AbRocket[at]armsideways.com
AbRocket[at]theboatsail.biz
BusinessCards[at]bagthorr.com
CashFinder[at]bakerwildy.com
CashFinder[at]fardilla.com
CherylTiegs[at]amazillypretty.info
CherylTiegs[at]fardilla.com
CherylTiegs[at]undrawnera.com
ChurchDating[at]arcfinal.info
ChurchDating[at]bumaspring.com
Clarisonic[at]theboatsail.biz
Collectiblestoday[at]arcfinal.info
Collectiblestoday[at]bumaspring.com
CreditReportSpecialists[at]amazillypretty.info
DIRECTSatelliteTV[at]arcfinal.info
Dollars4Gold.com[at]bullish-commerce.com
Dollars4Gold.com[at]onlinesequoiatypes.com
EndurRxSpecialOffer[at]autoprofilesearch.info
EndurRxSpecialOffer[at]deacorntrail.com
ENSupport[at]armsideways.com
ENSupport[at]buyournest.com
ENSupport[at]theboatsail.biz
FederalGrantAdvisors[at]buyournest.com
FoodSampleSurvey[at]bumaspring.com
FoodSampleSurvey[at]moinchtail.com
GiftDepotDirect[at]bumaspring.com
Glycogone[at]benger16.com
Glycogone[at]deacorntrail.com
Glycogone[at]illetrades.info
GrantsOnline[at]amazillypretty.info
GrantsOnline[at]buyournest.com
GrantsOnline[at]fardilla.com
GrassSeed[at]asponnilia.com
GrassSeed[at]benger16.com
GrassSeed[at]buyournest.com
GrassSeed[at]svcsources.info
GroceryCoupons[at]rush-trades-now.com
HealthyCredit[at]armsideways.com
HealthyLegs[at]theboatsail.biz
HomeownersInsurance[at]theboatsail.biz
HumanResources[at]bakerwildy.com
HumanResources[at]bumaspring.com
HumanResources[at]fardilla.com
InsuranceCompany[at]fardilla.com
InsuranceCompany[at]rush-trades-now.com
JohnCummuta[at]autoprofilesearch.info
JohnCummuta[at]thebecksourcer.com
MightyPutty[at]arcfinal.info
Moneyisavailable[at]autoprofilesearch.info
Moneyisavailable[at]deacorntrail.com
noreply[at]amazillypretty.info
noreply[at]arcfinal.info
noreply[at]armsideways.com
noreply[at]autoprofilesearch.info
noreply[at]bailtired.com
noreply[at]bakerwildy.com
noreply[at]benger16.com
noreply[at]bumaspring.com
noreply[at]buyournest.com
noreply[at]deacorntrail.com
noreply[at]fardilla.com
noreply[at]illetrades.info
noreply[at]moinchtail.com
noreply[at]onlinesequoiatypes.com
noreply[at]rush-trades-now.com
noreply[at]svcsources.info
noreply[at]thebecksourcer.com
noreply[at]theboatsail.biz
noreply[at]undrawnera.com
noreply[at]warayson.com
noreply[at]waspinger.com
ParkRoyalCancun[at]autoprofilesearch.info
ParkRoyalCancun[at]deacorntrail.com
PCServiceNews[at]armsideways.com
PCServiceNews[at]bakerwildy.com
PCServiceNews[at]illetrades.info
PCServiceNews[at]undrawnera.com
PDFSolution[at]amazillypretty.info
PDFSolution[at]svcsources.info
PerfectSmile[at]armsideways.com
PerfectSmile[at]bakerwildy.com
quotes[at]armsideways.com
quotes[at]theboatsail.biz
RobertAllen[at]deacorntrail.com
RobertAllen[at]illetrades.info
RobertAllen[at]undrawnera.com
SellTimeshare[at]amazillypretty.info
SellTimeshare[at]buyournest.com
SellTimeshare[at]fardilla.com
SmokeFreeIn30Days[at]svcsources.info
SmokeFreeIn30Days[at]theboatsail.biz
StopForeclosureOption[at]illetrades.info
SuperFoodsRxMessage[at]illetrades.info
SuperGreenTeaPatch[at]bailtired.com
SuperGreenTeaPatch[at]fardilla.com
SuperGreenTeaPatch[at]theboatsail.biz
swimmingpoolquotes[at]amazillypretty.info
swimmingpoolquotes.com[at]bagthorr.com
swimmingpoolquotes.com[at]waspinger.com
TimeshareCash[at]armsideways.com
TimeshareCash[at]bakerwildy.com
Trade-In[at]amazillypretty.info
Trade-In[at]onlinesequoiatypes.com
UnlimitedInternetMovieDownloadCenter[at]arcfinal.info
UnlimitedInternetMovieDownloadCenter[at]thebecksourcer.com
Vegas4Free[at]illetrades.info
Vegas4Free[at]warayson.com
Victoria[at]moinchtail.com
Victoria[at]waspinger.com
VitalAcai[at]autoprofilesearch.info
Weightloss[at]autoprofilesearch.info
WorldSeriesOfPokerSeatOpportunity[at]arcfinal.info
WorldSeriesOfPokerSeatOpportunity[at]thebecksourcer.com
WRF[at]svcsources.info
WRF[at]thebacksorter.com
YourDebtSource[at]benger16.com
YourDebtSource[at]onlinesequoiatypes.com
Most of these messages bear a postal address, e.g.
Entertainment Publications, Inc.,
1414 East Maple Road,
Troy, MI 48083
1-866-826-1619
Pedi Paws is located at P.O Box 600991 San Diego, CA 92160
6965 El Camino Real
Suite 105 - 698
La Costa, CA 92009
Consumer Service 9-334 Queen Street South, Suite 200, Bolton, Ontario, Canada L7E-2N9
Technical Support
30 East 23 rd. St. New York, NY 10010
Pure Play, 660 4TH Street, Ste 294, San Francisco, CA 94107[color=#999999]
Sorry for this long post. But I would be glad to have your advice.
Frédéric
Problem solved.