From owner-freebsd-questions@FreeBSD.ORG Tue Apr 29 03:03:23 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8776E5C5 for ; Tue, 29 Apr 2014 03:03:23 +0000 (UTC) Received: from mx1.rpsol.net (mx1.rpsol.net [74.206.97.74]) by mx1.freebsd.org (Postfix) with ESMTP id 62F0063D for ; Tue, 29 Apr 2014 03:03:23 +0000 (UTC) Received: from [172.16.1.100] (wsip-72-215-202-18.ph.ph.cox.net [72.215.202.18]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.rpsol.net (Postfix) with ESMTPSA id 46D2CFFE072 for ; Mon, 28 Apr 2014 20:03:04 -0700 (MST) Message-ID: <535F1667.1050406@soliddataservices.com> Date: Mon, 28 Apr 2014 20:03:03 -0700 From: Matt Lager User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Spam to list participants (from openhosting.com & softcom.com) References: <73354.1398734218@server1.tristatelogic.com> In-Reply-To: <73354.1398734218@server1.tristatelogic.com> X-RPS-MailScanner-Information: Please contact the ISP for more information X-RPS-MailScanner-ID: 46D2CFFE072.A04E3 X-RPS-MailScanner: Found to be clean X-RPS-MailScanner-From: matt@soliddataservices.com X-Spam-Status: No Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2014 03:03:23 -0000 Thanks for putting in this legwork and reporting back... I received a few of these today after replying to a thread, and my daughter commonly uses my computer. I was lucky to not have my E-mail sitting open, as they all contained inappropriate pictures. I must pose the question, do these spam messages work, ever? They must for people to be sending them. But what's more interesting, is my spam messages didn't contain any links to go somewhere else, although I'm sure if I replied, those links would be on their way. Anyway, thanks again. On 4/28/2014 6:16 PM, Ronald F. Guilmette wrote: > > As many of you will have already learned, in recent days it has > come to pass that if you post to this mailing list, then in short > order you will receive a set of spam e-mail messages, all attempting > to entice you into signing up (with your credit card #) for one or > another "dating" web site. I myself have received three such spams > now. Verbatim full text copies of these spams may be viewed here: > > ftp://ftp.tristatelogic.com/pub/cases/413978/spam.0 > ftp://ftp.tristatelogic.com/pub/cases/413978/spam.1 > ftp://ftp.tristatelogic.com/pub/cases/413978/spam.2 > > (Please note that the final one of these contains a pornographic image > file that, I imagine, most parents with minor children would probably > prefer not to have them exposed to.) > > Unfortunately, these spams are slipping past all of the major public > blacklists at the present time. > > I have identified the spammer in question, a citizen of Bangladesh, > but that is not important now. What is important is that this same > spammer has been active and, until now, mostly targeting Craigslist > users since at least November 2012. Now however, with the help and > support of two specific and very obliging hosting companies (i.e. > openhosting.com and softcom.com), he is currently targeting the FreeBSD > community, and its mailing lists. > > Because the relevant automated spams are being sent directly to people > who _post_ to various FreeBSD mailing lists, and not to any of the > FreeBSD lists themselves, there isn't a lot that the FreeBSD.Org > postmasters can do about this issue/problem. They have no way of > directly blocking these spams. (They have however been notified of > the problem and are currently seeking solutions.) > > Based upon my own careful analysis and resarch, I have determined that > the set of domains and IPs that this spammer is spamming from are as > follows: > > 63.251.148.15 mx1.msgfresh.com > 63.251.153.74 mx1.streamtexts.com > 63.251.153.88 mx1.echatmail.com > 63.251.153.112 mx1.speedytxts.com > 66.151.32.131 mx1.msgtxts.com > 66.151.32.216 mx1.flirtymsgs.com > 66.151.36.105 mx1.friendstreaming.com > 66.151.36.115 mx1.volleymail.com > 66.151.36.117 mx1.blingymail.com > 69.25.178.46 mx1.chattersmeet.com > 69.25.178.59 mx1.justext.in > 168.144.155.60 mx1.mailingflow.com > 192.30.165.137 mx1.sweetiegram.com > 206.191.128.178 mx1.mailingbuddies.com > 206.191.128.250 mx1.txtmailing.com > 216.224.169.239 mx1.simptxts.com > > (Note that the above domains have all been registered via/through the > notoriously spam-friendly registrar http://www.internetbs.net/, they > have all been registered within the relatively recent past, and they > all have anonymized WHOIS records.) > > In each case, the relevant connectivity/hosting provider is helpfully > providing the spammer with matching reverse DNS for his IP addresses... > an essential property to enable the spammer to get past certain kinds of > anti-spam filters, including my own. The specific two providers who are > providing this excellent level of service to this specific snowshoe > spammer are: > > openhosting.com > softcom.com > > Assuming that these providers give the same weight to incoming complaints > about their paying customers as do most hosting companies these days... > which is to say zero... I would like to advise all readers of this > mailing list who may be spam-adverse that it is not necessary to wait for > the major public blacklists to get around to listing the above spam > sources. Rather, I suggest that all e-mail administrators reading this > message would be well advised to locally block incoming e-mail from all > of the following IP ranges (which contain all of the above current spam > sources): > > 63.251.148.0/23 > 63.251.153.0/25 > 66.151.32.128/25 > 66.151.36.64/26 > 69.25.178.0/26 > 168.144.0.0/16 > 192.30.160.0/20 > 206.191.128.128/25 > 216.224.169.0/24 > > > Regards, > rfg > > > P.S. In making a determination as to wether or not a given hosting provider > is or isn't "spammer friendly", in my personal opinion, actions speak louder > than words. As I have noted above, openhosting.com & softcom.com are both > helpfully providing matching reverse DNS for the snowshoe spammer in > question. Given that the spammer in question is currently sending > unsolicited pornographic images to anyone who posts to a mailing list... > including, most probably, minors... I personally feel that their actions > are nothing short of reprehensible. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- Solid Data Services Matt Lager / President *Office:* 480-351-5122 *Mobile:* 501-269-8606 www.SolidDataServices.com This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. Solid Data Services is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.