Merlyn Posted January 8, 2005 Share Posted January 8, 2005 This is very interesting. We have blocked roving.com on our servers for a long time due to spam from them that we never requested. For those that don't know they are an Ironport bonded sender. Looks like they got themselves into Sorbs for spamming: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=63.251.135.96 for sending spam to spamtraps. I am not sure how they explain those to Ironport but they remain a non spamming bonded sender. Now it looks like Spamhause has reactivated their record: A snippet from Spamhaus <start snippet> "Spamming to spamtraps for Berklee Music. Not only did the spammed spamtrap never opt in, it was actually *opted out* from their lists well over a year ago...several times...but continually spammed over and over. Dirty lists - opt-outs keep getting re-added over and over and over again... It's time to permanently opt-out Roving software as a whole to solve this problem with continual spamming." <end snippet> Their record looks terrible, more here: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5133 This one will be fun to follow as they can surely not be in these spam lists and Ironports Boneded Sender whitelists at the same time. Link to comment Share on other sites More sharing options...
Wazoo Posted January 8, 2005 Share Posted January 8, 2005 Was just doing some catching up over in NANAE and note that this isn't the only oufit that seems to be straddling both sides of the fence, paying the fees for the Bonded Sender thing yet still listed on various bad-boy spam lists .. very strange .. Link to comment Share on other sites More sharing options...
Merlyn Posted January 8, 2005 Author Share Posted January 8, 2005 I wonder when Ironport will see their true colors? They are also listed in: WSFF, open relays and more: will-spam-for-food.eu.org -> 127.0.0.1 roving.com INTERSIL lists...spammers...who have pestered users at Intersil: blackholes.intersil.net -> roving.com.spam.blackholes.intersil.net. -> 127.0.0.2 roving.com.spam.blackholes.intersil.net. 2003Jan02; 63.251.135.96/27 pnap.net Roving Software Inc./Constant Contact idiots actually spammed blockme[at]relays.osirusoft.com 2002Jan13; 208.198.98/27 uunet 2002Jan13; 63.251.135.64/27 pnap 2002Oct30; 204.167.97.64/29 genuity SPAMBAG Spambags: blacklist.spambag.org -> pnap.blacklist.spambag.org. -> 127.0.0.2 pnap.blacklist.spambag.org. Blocked - see http://www.spambag.org/cgi-bin/spambag?mailfrom=pnap JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.2 AHBL The Abusive Hosts Blocking List: dnsbl.ahbl.org -> 127.0.0.4 1067181843 (Sun Oct 26 16:24:03 2003) bruns - spam Source - 63.251.135.0/24 - roving.com ISIPPIADB ISIPP Accreditation Database: iadb.isipp.com -> 127.0.2.1 -> 127.2.255.102 -> 127.3.100.7 -> 127.0.0.1 -> 127.0.0.2 ISIPPIADB2 ISIPP Accreditation Database different return type: iadb2.isipp.com -> 127.0.0.50 KROPKAALL Quite aggressive database, maintained by a few private persons: all.rbl.kropka.net -> 127.0.0.1 KROPKAIP kropka ip: ip.rbl.kropka.net -> 127.0.0.1 SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.6 spam Received See: http://www.dnsbl.sorbs.net/lookup.shtml?63.251.135.96 SORBSSPAM List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. : spam.dnsbl.sorbs.net -> 127.0.0.6 spam Received See: http://www.dnsbl.sorbs.net/lookup.shtml?63.251.135.96 SORBSSPEWS-L1 spam Prevention Early Warning System - Level 1 Mirror: l1.spews.dnsbl.sorbs.net -> 127.0.0.2 ! [1] roving/constantcontact, see http://spews.org/ask.cgi?S1641 SORBSSPEWS-L2 spam Prevention Early Warning System - Level 2 Mirror: l2.spews.dnsbl.sorbs.net -> 127.0.0.2 ! [1] roving/constantcontact, see http://spews.org/ask.cgi?S1641 DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2 63.251.135.96 See http://dnsbl.ahbl.org/ and http://dnsbl.net.au/lookup/?ip=63.251.135.96 see http://dnsbl.net.au/rmst/ and http://dnsbl.net.au/lookup/?63.251.135.96 DNSBLAURMST dnsbl.net.au Multiple spam Traps: rmst.dnsbl.net.au -> 127.0.0.2 see http://dnsbl.net.au/rmst/ and http://dnsbl.net.au/lookup/?63.251.135.96 DNSBLAUSPEWS spam Prevention Early Warning System: spews.dnsbl.net.au -> 127.0.0.2 63.251.135.96 See http://spews.org/ and http://www.dnsbl.net.au/spews/ DRBL-VOTE-GREMLIN Distributed RBL node: gremlin.ru: vote.drbl.gremlin.ru -> 127.0.0.2 spam source DRBL-WORK-GREMLIN Distributed RBL node: gremlin.ru: work.drbl.gremlin.ru -> 127.0.0.2 vote.drbl.gremlin.ru[at]ns.gremlin.ru:spam source BUSSPEWS spam Prevention Early Warning System: spews.blackholes.us -> 127.1.0.1 [1] roving/constantcontact, see http://spews.org/ask.cgi?S1641 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.