Jump to content

[Resolved] OVH.Net spam


honeybee

Recommended Posts

I've used SPAMCOP for reporting for years with my various email accounts.

For months, this one email account has been flamed with spam that I suspect is from one person/group. They bounce me with dozens of spam for a few weeks and then die off while they find new sites to use.

This time, they are using ovh.net, who apparently is ignoring the reporting. After several weeks of seeing ovh.net as the recipient for the reports, I looked them up. There are webhosting forums dated in 2007 that warn about the abuse with ovh.net and the lack of diligence in keeping the site from spam or warez.

My question... is there anything else that can be done?

I don't understand why ovh.net isn't on the blacklist?

While I'm thinking of it, acceleratebiz.com seems to have the same type of trouble.

~Melissa

Link to comment
Share on other sites

Hi, Melissa,

...Here are two resources for you to peruse:

  • SpamCop FAQ (links to which appear near the top left of each SpamCop Forum page) article labeled "What is on the list?"
  • Senderbase listing for OHV.net.

Three of OVH.net's 154 servers, 213.186.39.43 (ns3563.ovh.net), 91.121.153.121 (ns358693.ovh.net) and 94.23.16.21 (ns366463.ovh.net), are on the SpamCop blacklist and there are a few on other lists.

Link to comment
Share on other sites

Hi, Melissa,

...Here are two resources for you to peruse:

  • SpamCop FAQ (links to which appear near the top left of each SpamCop Forum page) article labeled "What is on the list?"
  • Senderbase listing for OHV.net.

Three of OVH.net's 154 servers, 213.186.39.43 (ns3563.ovh.net), 91.121.153.121 (ns358693.ovh.net) and 94.23.16.21 (ns366463.ovh.net), are on the SpamCop blacklist and there are a few on other lists.

Thank you!! I wouldn't have found these links if you hadn't pointed them out to me. I keep on the reporting page mostly.

The spammer is using 192.95.0.

I'll see if I can find the other site.

Thanks again!!!

Link to comment
Share on other sites

Every day I get a batch from ovh.net and spamvertized sites at xsserver.eu. The subjects always are "Your score has changed - view results for x," "An organic way to stop fat-production at the cellular level x" and "Attn: Your Auto Warranty Has Expired. #" where x is my email address and # is a hash. These ovh.net source IPs were reported this morning: 188.165.194.207, 178.33.74.68, 178.33.80.164.

The MO described above is exactly the MO used by my last pet spammer, though the "rackd" source has stopped.

There are seven SBL listings that have ovh.net in live evidence; as of 26 March ovh.net has the third worst ISP abuse record. They have a long history of supporting spammers.

Link to comment
Share on other sites

Every day I get a batch from ovh.net and spamvertized sites at xsserver.eu. The subjects always are "Your score has changed - view results for x," "An organic way to stop fat-production at the cellular level x" and "Attn: Your Auto Warranty Has Expired. #" where x is my email address and # is a hash. These ovh.net source IPs were reported this morning: 188.165.194.207, 178.33.74.68, 178.33.80.164.

The MO described above is exactly the MO used by my last pet spammer, though the "rackd" source has stopped.

There are seven SBL listings that have ovh.net in live evidence; as of 26 March ovh.net has the third worst ISP abuse record. They have a long history of supporting spammers.

I wish they would get taken down. I'm still getting spam through 192.95 all .info websites.

Link to comment
Share on other sites

  • 4 weeks later...

If they keep "snowshoeing" and unless there are multiple reporters seeing the same server at the same time (or unless they hit a spamtrap) there's not much likelihood they will be much listed on the SCbl. The SCbl is best for early warning of a major outbreak from a common source and for providing ISPs (should they want it) with pretty-much an unparalleled amount of evidence by which to pinpoint and stop the leak. "Reputation score" (various ones) may tell a different story about OVH, also the Spamhaus showshoe list (included in zen and sbl lists). "Horses for courses."

Link to comment
Share on other sites

If they keep "snowshoeing" and unless there are multiple reporters seeing the same server at the same time (or unless they hit a spamtrap) there's not much likelihood they will be much listed on the SCbl. The SCbl is best for early warning of a major outbreak from a common source and for providing ISPs (should they want it) with pretty-much an unparalleled amount of evidence by which to pinpoint and stop the leak. "Reputation score" (various ones) may tell a different story about OVH, also the Spamhaus showshoe list (included in zen and sbl lists). "Horses for courses."

Not that I had any luck with it but one might try if its a problem their Web page?

http://www.ovh.com/fr/support/documents_le...nu_illicite.cgi

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...