Jump to content

In the pink - spam unlimited


Farelf

Recommended Posts

Just received my latest spam from terra.cl (201.223.137.96) of which I think I have had more than my fair share due to corresponding with many .cl addresses over the years.

I just noticed from the SenderBase display that every one of the 50 other IP address on the "Addresses in 201.223.137.0/24 used to send email" list was "pink" in the right-hand column, signifying hits in one or more of the few bls SB reports about - for each and every address there - http://www.senderbase.org/senderbase_queri...=201.223.137.96. And the next page and the next ... Ok, SB knows about 3563 "Addresses in Terra Networks Chile S.A. used to send email (limited)" The (limited) bit is explained "For large networks only hosts with a monthly magnitude of at least 3.0 are shown." Ok, I exported those 3563 and, so far (random sampling), have not found a *single* address that is not "in the pink", that being a BAD thing in this context.

Is this a benchmark of dreadfulness amongst providers? To stay functional they must have a veritable hoard of addresses to keep rotating. Or maybe Latin America simply boycotts all blocklists (invención maldecida del yanqui)? Terra can't be noticeably worse than other providers there or it wouldn't survive. In any event the infection/compromise rate must be huge. How do they function at all? Gotta wonder how come the concept of cleaning up and protecting PCs just evidently doesn't get through - or are the AV and NS solutions offered in those parts somehow less effective than the "Anglo" varieties? I suppose it's similar/worse in Brazil. It just doesn't make sense to me.

Link to comment
Share on other sites

I note that these all seem to have, as a minimum, listings in dnsbl.sorbs.net and pbl.spamhaus.org. That is no problem for dynamic IP addresses, in fact I could imagine the *owner* might even nominate block listings in one or both of those bls to prevent improper use of the address direct to the internet. It isn't stopping improper use but I could imagine the owner maybe wanting tp minimize damage by self-listing (I think that can be done with both - sorbs via dul.dnsbl.sorbs.net thence the aggregate dnsbl.sorbs.net). Dunno, that would sort of make sense except it is so evidently ineffective. Still struggling to understand so many bl listings.

Link to comment
Share on other sites

I don't find it strange. I don't know whether all the kindergartens in Korea are still spewing spam, but that was a problem a few years ago. In fact, there was a problem with US schools in the summer time for a while. As long as most of their customers are not communicating with someone in another country, why would they care what blocklists they are on? And maybe they still have the mindset that no email should be discarded - though they must provide some kind of filtering or maybe the spammers using those machines don't target them.

Miss Betsy

Link to comment
Share on other sites

I note that these all seem to have, as a minimum, listings in dnsbl.sorbs.net and pbl.spamhaus.org.

[snip]

Dunno, that would sort of make sense except it is so evidently ineffective. Still struggling to understand so many bl listings.

A lot do not get listed because many like Brazil sensibly just get blocked and not seen or reported

SpamCop email does not dump blocked email and leaves it available for reporting

SpamCop email is slipping a bit with the Brazils blocklist again though some starting to get through?

http://www.spamcop.net/sc?id=z2088603956z7...1d6204004f7a73z

Link to comment
Share on other sites

SpamCop email is slipping a bit with the Brazils blocklist again though some starting to get through?

The message source IP from your TU was [72.249.145.121], which is at a colo facility in Texas, not Brazil. The first hop tried to fool you into thinking it came from Brazil.

Also, the "Brazil blocklist" offered in the SpamCop email system is from www.blackholes.us, a "headless horseman" of a site that hasn't been touched/updated in years. I'm sure I've explained that before.

DT

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...