1# SB-BLOCKOOL.RC 2# 3# Recipes to check for spam from otherwise legitimate companies 4# that spam, spamming ESPs and ISPs with severe spam problems 5# or spam tolerant practices. 6# 7 8# AccelerateBiz 9# 10# Data files last updated: 4/16/2013 11# 12# Other Relevant Info: 13# 14# 8/03/2011: 15# Major hoster of snowshoe spam operations. I've never seen 16# non-spam from this outfit. 17# 18# Status: Spam ISP 19# 20:0 21* ! OPTOUT ?? ^NONE$ 22{ 23 LOCALDESCRIPTION='Snowshoe Spam Host' 24 TESTNAME='AccelerateBiz' 25 TESTDOMAINS=${SBDIR}/pinkisp/acceleratebiz-domains.txt 26 TESTIPS=${SBDIR}/pinkisp/acceleratebiz-ips.rc 27 TESTPATTERNS=${SBDIR}/optpinkispout/acceleratebiz-patterns.rc 28 TESTLAST=20110803 29 TESTUPDATED=20110803 30 TESTTYPE=ALL 31 32 :0 33 * OPTOUT ?? ^BLOCK$ 34 { TESTSCORE=${BLOCKLEVEL} } 35 36 :0 37 * OPTOUT ?? ^SPAM$ 38 { TESTSCORE=${SPAMLEVEL} } 39 40 INCLUDERC=${SBDIR}/functions/spammer-check.rc 41} 42 43# Adknowledge (formerly Virtumundo, etc.) 44# 45# Data files last updated: 8/03/2011 46# 47# Other Relevant Info: 48# 49# 10/02/2010: 50# Long-time spammer from the past that has morphed into a 51# spammer-supporting ESP. Runs affiliate programs 52# that provide the cash that keeps many snowshoe 53# spammers alive and spamming, but hasn't been 54# sending spam directly from their IPs for some 55# time. 56# 57# Status: Spam-Friendly ESP 58# 59:0 60* ! OPTOUT ?? ^NONE$ 61{ 62 LOCALDESCRIPTION='Spammy Affiliate/URI Network' 63 TESTNAME='Adknowledge' 64 TESTDOMAINS=${SBDIR}/optout/adknowledge-domains.txt 65 TESTIPS=${SBDIR}/optout/adknowledge-ips.rc 66 TESTPATTERNS=${SBDIR}/optout/adknowledge-patterns.rc 67 TESTLAST=20110217 68 TESTUPDATED=20110217 69 TESTTYPE=ALL 70 71 :0 72 * OPTOUT ?? ^BLOCK$ 73 { TESTSCORE=${BLOCKLEVEL} } 74 75 :0 76 * OPTOUT ?? ^SPAM$ 77 { TESTSCORE=${SPAMLEVEL} } 78 79 INCLUDERC=${SBDIR}/functions/spammer-check.rc 80} 81 82# Boca Networks 83# 84# Data files last updated: 2/18/2011 85# 86# Other Relevant Info: 87# 88# Long-time spammer-friendly ISP. 89# 90# Status: Spam ISP 91# 92:0 93* ! PINKISP ?? ^NONE$ 94{ 95 LOCALDESCRIPTION='Spam ISP' 96 TESTNAME='Boca Networks' 97 TESTDOMAINS=${SBDIR}/pinkisp/bocanetworks-domains.txt 98 TESTIPS=${SBDIR}/pinkisp/bocanetworks-ips.rc 99 TESTPATTERNS=${SBDIR}/pinkisp/bocanetworks-patterns.rc 100 TESTLAST=20110218 101 TESTUPDATED=20110218 102 TESTTYPE=ALL 103 104 :0 105 * PINKISP ?? ^BLOCK$ 106 { TESTSCORE=${BLOCKLEVEL} } 107 108 :0 109 * PINKISP ?? ^SPAM$ 110 { TESTSCORE=${SPAMLEVEL} } 111 112 INCLUDERC=${SBDIR}/functions/spammer-check.rc 113} 114 115# Carolinanet (Guilford Communications) 116# 117# Last reported spam: 3/22/2010 118# Data files last updated: 3/22/2010 119# 120# Other Relevant Info: 121# 122# Years-long spammer hosting. 123# 124# Status: Spam ISP 125# 126:0 127* ! PINKISP ?? ^NONE$ 128{ 129 LOCALDESCRIPTION='Spam ISP' 130 TESTNAME='Carolinanet' 131 TESTDOMAINS=${SBDIR}/pinkisp/carolinanet-domains.txt 132 TESTIPS=${SBDIR}/pinkisp/carolinanet-ips.rc 133 TESTPATTERNS=${SBDIR}/pinkisp/carolinanet-patterns.rc 134 TESTLAST=20100322 135 TESTUPDATED=20100322 136 TESTTYPE=ALL 137 138 :0 139 * PINKISP ?? ^BLOCK$ 140 { TESTSCORE=${BLOCKLEVEL} } 141 142 :0 143 * PINKISP ?? ^SPAM$ 144 { TESTSCORE=${SPAMLEVEL} } 145 146 INCLUDERC=${SBDIR}/functions/spammer-check.rc 147} 148 149# Conru, Andrew ("Friendfinder") 150# 151# Last reported spam: 1/01/2010 152# Data files last updated: 3/22/2010 153# 154# Other Relevant Info: 155# 156# 2/20/03: 157# New burst of spam to mailing lists and Usenet. :/ 158# 159# 1/13/05: 160# Evidence that Andrew Conru has quit spamming and 161# deliberately turned to legitimate marketing methods. 162# Cool! :) I hope this turns out to be true. 163# 164# 3/10/05: 165# Chinese language FriendFinder spam sent to role 166# addresses. :/ 167# 168# 6/19/05: 169# Chinese spam still being sent to role addresses 170# and spamtraps. 171# 172# Status: Active Spammer 173# 174:0 175* ! MAINSLEAZE ?? ^NONE$ 176{ 177 LOCALDESCRIPTION='Mainsleaze Spammer' 178 TESTNAME='Friendfinder' 179 TESTDOMAINS=${SBDIR}/mainsleaze/friendfinder-domains.txt 180 TESTIPS=${SBDIR}/mainsleaze/friendfinder-ips.rc 181 TESTPATTERNS=${SBDIR}/mainsleaze/friendfinder-patterns.rc 182 TESTLAST=20100101 183 TESTUPDATED=20100322 184 TESTTYPE=ALL 185 186 :0 187 * MAINSLEAZE ?? ^BLOCK$ 188 { TESTSCORE=${BLOCKLEVEL} } 189 190 :0 191 * MAINSLEAZE ?? ^SPAM$ 192 { TESTSCORE=${SPAMLEVEL} } 193 194 INCLUDERC=${SBDIR}/functions/spammer-check.rc 195} 196 197# Ecatel (Iqarus) 198# 199# Data files last updated: 7/21/2010 200# 201# Other Relevant Info: 202# 203# Major snowshoe spam hosting outfit. 204# 205# Status: Spam ISP 206# 207:0 208* ! PINKISP ?? ^NONE$ 209{ 210 LOCALDESCRIPTION='Spam ISP' 211 TESTNAME='Ecatel' 212 TESTDOMAINS=${SBDIR}/pinkisp/ecatel-domains.txt 213 TESTIPS=${SBDIR}/pinkisp/ecatel-ips.ips 214 TESTPATTERNS=${SBDIR}/pinkisp/ecatel-patterns.rc 215 TESTLAST=20100721 216 TESTUPDATED=20100721 217 TESTTYPE=ALL 218 219 :0 220 * PINKISP ?? ^BLOCK$ 221 { TESTSCORE=${BLOCKLEVEL} } 222 223 :0 224 * PINKISP ?? ^SPAM$ 225 { TESTSCORE=${SPAMLEVEL} } 226 227 INCLUDERC=${SBDIR}/functions/spammer-check.rc 228} 229 230# Epsilon Interactive (formerly Bigfoot Interactive, many others) 231# 232# Data files last updated: 3/22/2010 233# 234# Other Relevant Info: 235# 236# Big ESP with lax email gathering policies that 237# is hitting long-closed addresses that cannot have 238# opted in for its email. 239# 240:0 241* ! OPTOUT ?? ^NONE$ 242{ 243 LOCALDESCRIPTION='Opt-Out ESP' 244 TESTNAME='Epsilon Interactive' 245 TESTDOMAINS=${SBDIR}/optout/epsiloninteractive-domains.txt 246 TESTIPS=${SBDIR}/optout/epsiloninteractive-ips.rc 247 TESTPATTERNS=${SBDIR}/optout/epsiloninteractive-patterns.rc 248 TESTLAST=20100215 249 TESTUPDATED=20100322 250 TESTTYPE=HEADER 251 252 :0 253 * OPTOUT ?? ^BLOCK$ 254 { TESTSCORE=${BLOCKLEVEL} } 255 256 :0 257 * OPTOUT ?? ^SPAM$ 258 { TESTSCORE=${SPAMLEVEL} } 259 260 INCLUDERC=${SBDIR}/functions/spammer-check.rc 261} 262 263# Facebook 264# 265# Last reported spam: 9/01/2010 266# Data files last updated: 9/06/2010 267# 268# Other Relevant Info: 269# 270# The 2000 lb. grizzly bear of social networks. Not as bad as 271# some; you can unsubscribe an email address from Facebook and 272# no longer receive Facebook invitation emails to it. People 273# who don't use Facebook find the barrage of invitations highly 274# annoying, however, and should not have to receive it til they 275# decide to opt-out. :/ 276# 277# Status: Greyhat Social Networking Site 278# 279:0 280* ! SOCIALNETWORKING ?? ^NONE$ 281{ 282 LOCALDESCRIPTION="S/N Invitation:" 283 TESTNAME='Facebook' 284 TESTDOMAINS=${SBDIR}/socialnetworking/facebook-domains.txt 285 TESTIPS=${SBDIR}/socialnetworking/facebook-ips.rc 286 TESTPATTERNS=${SBDIR}/socialnetworking/facebook-patterns.rc 287 TESTLAST=20100901 288 TESTUPDATED=20100906 289 TESTTYPE=ALL 290 291 :0 292 * SOCIALNETWORKING ?? ^BLOCK$ 293 { TESTSCORE=${BLOCKLEVEL} } 294 295 :0 296 * SOCIALNETWORKING ?? ^SPAM$ 297 { TESTSCORE=${SPAMLEVEL} } 298 299 INCLUDERC=${SBDIR}/functions/spammer-check.rc 300} 301 302 303# FDCServers.net 304# 305# Last reported spam: 3/23/2010 306# Data files last updated: 3/23/2010 307# 308# Other Relevant Info: 309# 310# Major snowshoe spam hosting outfit. 311# 312# Status: Spam ISP 313# 314:0 315* ! PINKISP ?? ^NONE$ 316{ 317 LOCALDESCRIPTION='Spam ISP' 318 TESTNAME='FDCServers' 319 TESTDOMAINS=${SBDIR}/pinkisp/fdcservers-domains.txt 320 TESTIPS=${SBDIR}/pinkisp/fdcservers-ips.rc 321 TESTPATTERNS=${SBDIR}/pinkisp/fdcservers-patterns.rc 322 TESTLAST=20100323 323 TESTUPDATED=20100323 324 TESTTYPE=ALL 325 326 :0 327 * PINKISP ?? ^BLOCK$ 328 { TESTSCORE=${BLOCKLEVEL} } 329 330 :0 331 * PINKISP ?? ^SPAM$ 332 { TESTSCORE=${SPAMLEVEL} } 333 334 INCLUDERC=${SBDIR}/functions/spammer-check.rc 335} 336 337# Gevalia 338# 339# Last reported spam: 2/28/2010 340# Data files last updated: 3/22/2010 341# 342# Other Relevant Info: 343# 344# 8/16/03: 345# Swedish coffee company that has been hiring spam-for-hire 346# outfits to spam on their behalf for years. Its time the 347# spamming nitwits got complaints themselves about their 348# despicable behavior. 349# 350# 7/29/04: 351# Hired Scott Richter to spam on their behalf. 352# 353# 8/22/04: 354# Hired Josh Baer to spam on their behalf. 355# 356# 5/11/05: 357# Now hiring Eddie Marin to spam on their behalf. They 358# appear to going the rounds of the big spammers.... 359# 360# 4/26/06: 361# Now via a spammer that does pills'n'porn when he isn't 362# selling coffee. :/ Gevalia desperately needs to fire 363# everyone involved in making its Internet marketing 364# decisions, IMHO. 365# 366# 12/08/06: 367# Spamming via Virtumundo. 368# 369# 10/02/10: 370# Spamming via EVERY SNOWSHOE SPAMMER in the known universe. :/ 371# 372:0 373* ! MAINSLEAZE ?? ^NONE$ 374{ 375 LOCALDESCRIPTION='Mainsleaze Spammer' 376 TESTNAME='Gevalia' 377 TESTDOMAINS=${SBDIR}/mainsleaze/gevalia-domains.txt 378 TESTIPS=${SBDIR}/mainsleaze/gevalia-ips.ips 379 TESTPATTERNS=${SBDIR}/mainsleaze/gevalia-patterns.rc 380 TESTLAST=20100228 381 TESTUPDATED=20100322 382 TESTTYPE=ALL 383 384 :0 385 * MAINSLEAZE ?? ^BLOCK$ 386 { TESTSCORE=${BLOCKLEVEL} } 387 388 :0 389 * MAINSLEAZE ?? ^SPAM$ 390 { TESTSCORE=${SPAMLEVEL} } 391 392 INCLUDERC=${SBDIR}/functions/spammer-check.rc 393} 394 395# Gogax (formerly Exist Hosting, aka Interweb Media) 396# 397# Last reported spam: 3/22/2010 398# Data files last updated: 3/22/2010 399# 400# Other Relevant Info: 401# 402# 1/03/07: 403# Long-time spammer-friendly ISP. 404# 405# 3/22/2010: 406# Hosts snowshoe spammers. Lots and LOTS of snowshoe 407# spammers. :( 408# 409# Status: Spam ISP 410# 411:0 412* ! PINKISP ?? ^NONE$ 413{ 414 LOCALDESCRIPTION='Spam ISP' 415 TESTNAME='Gogax' 416 TESTDOMAINS=${SBDIR}/pinkisp/gogax-domains.txt 417 TESTIPS=${SBDIR}/pinkisp/gogax-ips.rc 418 TESTPATTERNS=${SBDIR}/pinkisp/gogax-patterns.rc 419 TESTLAST=20100322 420 TESTUPDATED=20100322 421 TESTTYPE=ALL 422 423 :0 424 * PINKISP ?? ^BLOCK$ 425 { TESTSCORE=${BLOCKLEVEL} } 426 427 :0 428 * PINKISP ?? ^SPAM$ 429 { TESTSCORE=${SPAMLEVEL} } 430 431 INCLUDERC=${SBDIR}/functions/spammer-check.rc 432} 433 434# Google Friend Connect 435# 436# Last reported spam: 9/06/2010 437# Data files last updated: 9/06/2010 438# 439# Other Relevant Info: 440# 441# The 2000 lb. grizzly bear of internet search engines has opened a 442# social networking site with *no* mechanism to unsubscribe an email 443# address from receiving "invitations", and no apparent limits on 444# how many email addresses a user can import. 445# 446# Status: Blackhat Social Networking Site 447# 448:0 449* ! SOCIALNETWORKING ?? ^NONE$ 450{ 451 LOCALDESCRIPTION="S/N Invitation:" 452 TESTNAME='Google Friend Connect' 453 TESTDOMAINS=${SBDIR}/socialnetworking/googlefriendconnect-domains.txt 454 TESTIPS=${SBDIR}/socialnetworking/googlefriendconnect-ips.rc 455 TESTPATTERNS=${SBDIR}/socialnetworking/googlefriendconnect-patterns.rc 456 TESTLAST=20100906 457 TESTUPDATED=20100906 458 TESTTYPE=ALL 459 460 :0 461 * SOCIALNETWORKING ?? ^BLOCK$ 462 { TESTSCORE=${BLOCKLEVEL} } 463 464 :0 465 * SOCIALNETWORKING ?? ^SPAM$ 466 { TESTSCORE=${SPAMLEVEL} } 467 468 INCLUDERC=${SBDIR}/functions/spammer-check.rc 469} 470 471# Grouply 472# 473# Last reported spam: 7/17/2010 474# Data files last updated: 7/17/2010 475# 476# Other Relevant Info: 477# 478# 7/17/2010 -- Lots of spammed invitations, with extremely inconvenient, 479# hoops-jumping confirmed opt-out. :/ The service has a poor 480# reputation in many quarters because of malware distribution issues 481# and general spam issues, as well. Best avoided. 482# 483# Status: Spammy/irresponsible social networking site. 484# 485:0 486* ! OPTOUT ?? ^NONE$ 487{ 488 LOCALDESCRIPTION="S/N Invitation:" 489 TESTNAME='Grouply' 490 TESTDOMAINS=${SBDIR}/socialnetworking/grouply-domains.txt 491 TESTIPS=${SBDIR}/socialnetworking/grouply-ips.rc 492 TESTPATTERNS=${SBDIR}/socialnetworking/grouply-patterns.rc 493 TESTLAST=20100717 494 TESTUPDATED=20100717 495 TESTTYPE=HEADER 496 497 :0 498 * OPTOUT ?? ^BLOCK$ 499 { TESTSCORE=${BLOCKLEVEL} } 500 501 :0 502 * OPTOUT ?? ^SPAM$ 503 { TESTSCORE=${SPAMLEVEL} } 504 505 INCLUDERC=${SBDIR}/functions/spammer-check.rc 506} 507 508# Krypt (formerly VPLS) 509# 510# Last reported spam: 3/23/2010 511# Data files last updated: 3/23/2010 512# 513# Other Relevant Info: 514# 515# Hosts lots of snowshoe spammers, and provides falsified 516# rDNS for those spammers. Doubt that there are legitimate 517# customers here. If there are, they need to move to a 518# better neighborhood. 519# 520# Status: Spam ISP 521# 522:0 523* ! PINKISP ?? ^NONE$ 524{ 525 LOCALDESCRIPTION='Spam ISP' 526 TESTNAME='Krypt' 527 TESTDOMAINS=${SBDIR}/pinkisp/krypt-domains.txt 528 TESTIPS=${SBDIR}/pinkisp/krypt-ips.rc 529 TESTPATTERNS=${SBDIR}/pinkisp/krypt-patterns.rc 530 TESTLAST=20100323 531 TESTUPDATED=20100323 532 TESTTYPE=ALL 533 534 :0 535 * PINKISP ?? ^BLOCK$ 536 { TESTSCORE=${BLOCKLEVEL} } 537 538 :0 539 * PINKISP ?? ^SPAM$ 540 { TESTSCORE=${SPAMLEVEL} } 541 542 INCLUDERC=${SBDIR}/functions/spammer-check.rc 543} 544 545# LinkedIn 546# 547# Data files last updated: 9/07/2010 548# 549# Other Relevant Info: 550# 551# Issues invitations to any email addresses that the user uploads, 552# including purchased lists. There is no way that I can find to 553# unsubscribe an email address or site from receiving them. 554# 555# Status: Blackhat Social Networking Site 556# 557:0 558* ! SOCIALNETWORKING ?? ^NONE$ 559{ 560 LOCALDESCRIPTION="S/N Invitation:" 561 TESTNAME='LinkedIn' 562 TESTDOMAINS=${SBDIR}/socialnetworking/linkedin-domains.txt 563 TESTIPS=${SBDIR}/socialnetworking/linkedin-ips.rc 564 TESTPATTERNS=${SBDIR}/socialnetworking/linkedin-patterns.rc 565 TESTLAST=20100907 566 TESTUPDATED=20100906 567 TESTTYPE=ALL 568 569 :0 570 * SOCIALNETWORKING ?? ^BLOCK$ 571 { TESTSCORE=${BLOCKLEVEL} } 572 573 :0 574 * SOCIALNETWORKING ?? ^SPAM$ 575 { TESTSCORE=${SPAMLEVEL} } 576 577 INCLUDERC=${SBDIR}/functions/spammer-check.rc 578} 579 580 581# Messagereach.com 582# 583# Data files last updated: 8/25/2005 584# 585# Other Relevant Info: 586# 587# 3/17/00 -- another "direct marketing" bulk email opt-out spamhaus. 588# 11/08/01 -- spamming for Looksmart, and found xpedite.com. :) 589# 590# Status: Opt-Out Provider 591# 592:0 593* ! OPTOUT ?? ^NONE$ 594{ 595 LOCALDESCRIPTION='Opt-Out ESP' 596 TESTNAME='MessageReach' 597 TESTDOMAINS=${SBDIR}/optout/messagereach-domains.txt 598 TESTIPS=${SBDIR}/optout/messagereach-ips.rc 599 TESTPATTERNS=${SBDIR}/optout/messagereach-patterns.rc 600 TESTLAST=20050825 601 TESTUPDATED=20050825 602 TESTTYPE=HEADER 603 604 :0 605 * OPTOUT ?? ^BLOCK$ 606 { TESTSCORE=${BLOCKLEVEL} } 607 608 :0 609 * OPTOUT ?? ^SPAM$ 610 { TESTSCORE=${SPAMLEVEL} } 611 612 INCLUDERC=${SBDIR}/functions/spammer-check.rc 613} 614 615 616# Survey Monkey 617# 618# Last reported spam: 4/16/2013 619# Data files last updated: 4/16/2013 620# 621# Other Relevant Info: 622# 623# 4/16/2013: 624# Low-end, highly automated surveys service used by lots of 625# small businessmen, including spammers, and in academia and 626# the non-profit world. Removes spammers when you do the 627# research and submit reports, but no proactive action and 628# so hits LOTS of email addresses that never asked for the 629# email. 630# 631:0 632* ! MAINSLEAZE ?? ^NONE$ 633{ 634 LOCALDESCRIPTION='Mainsleaze Spammer' 635 TESTNAME='Survey Monkey' 636 TESTDOMAINS=${SBDIR}/mainsleaze/surveymonkey-domains.txt 637 TESTIPS=${SBDIR}/mainsleaze/surveymonkey-ips.ips 638 TESTPATTERNS=${SBDIR}/mainsleaze/surveymonkey-patterns.rc 639 TESTLAST=20130416 640 TESTUPDATED=20130416 641 TESTTYPE=HEADER 642 643 :0 644 * MAINSLEAZE ?? ^BLOCK$ 645 { TESTSCORE=${BLOCKLEVEL} } 646 647 :0 648 * MAINSLEAZE ?? ^SPAM$ 649 { TESTSCORE=${SPAMLEVEL} } 650 651 INCLUDERC=${SBDIR}/functions/spammer-check.rc 652} 653 654# Syptec (Noah Case) 655# 656# Data files last updated: 3/25/2010 657# 658# Other Relevant Info: 659# 660# Snowshoe snowshoe. :/ 661# 662# Status: Spam ISP 663# 664:0 665* ! PINKISP ?? ^NONE$ 666{ 667 LOCALDESCRIPTION='Spam ISP' 668 TESTNAME='Syptec' 669 TESTDOMAINS=${SBDIR}/pinkisp/syptec-domains.txt 670 TESTIPS=${SBDIR}/pinkisp/syptec-ips.rc 671 TESTPATTERNS=${SBDIR}/pinkisp/syptec-patterns.rc 672 TESTLAST=20100325 673 TESTUPDATED=20100325 674 TESTTYPE=ALL 675 676 :0 677 * PINKISP ?? ^BLOCK$ 678 { TESTSCORE=${BLOCKLEVEL} } 679 680 :0 681 * PINKISP ?? ^SPAM$ 682 { TESTSCORE=${SPAMLEVEL} } 683 684 INCLUDERC=${SBDIR}/functions/spammer-check.rc 685} 686 687 688# Travail Systems 689# 690# Data files last updated: 5/06/2010 691# 692# Status: Snowshoe Spam ISP 693# 694:0 695* ! OPTOUT ?? ^NONE$ 696{ 697 LOCALDESCRIPTION='Spam ISP' 698 TESTNAME='Travail Systems' 699 TESTDOMAINS=${SBDIR}/pinkisp/travailsystems-domains.txt 700 TESTIPS=${SBDIR}/pinkisp/travailsystems-ips.rc 701 TESTPATTERNS=${SBDIR}/pinkisp/travailsystems-patterns.rc 702 TESTLAST=20100506 703 TESTUPDATED=20100506 704 TESTTYPE=HEADER 705 706 :0 707 * OPTOUT ?? ^BLOCK$ 708 { TESTSCORE=${BLOCKLEVEL} } 709 710 :0 711 * OPTOUT ?? ^SPAM$ 712 { TESTSCORE=${SPAMLEVEL} } 713 714 INCLUDERC=${SBDIR}/functions/spammer-check.rc 715} 716 717 718# Triple Aldo 719# 720# Last reported spam: 8/29/2006 721# Data files last updated: 8/29/2006 722# 723# Other Relevant Info: 724# 8/29/06: 725# Long-time, fairly low volume opt-out spammer with quasi- 726# legitimate mainsleaze spammer customers that include 727# lendingtree.com and realestate.com, among others. 728# 729# Status: *DIRTY* OOL provider 730# 731:0 732* ! OPTOUT ?? ^NONE$ 733{ 734 LOCALDESCRIPTION='Opt-Out ESP' 735 TESTNAME='Triple Aldo' 736 TESTDOMAINS=${SBDIR}/optout/triplealdo-domains.txt 737 TESTIPS=${SBDIR}/optout/triplealdo-ips.rc 738 TESTPATTERNS=${SBDIR}/optout/triplealdo-patterns.rc 739 TESTLAST=20060829 740 TESTUPDATED=20060829 741 TESTTYPE=HEADER 742 743 :0 744 * OPTOUT ?? ^BLOCK$ 745 { TESTSCORE=${BLOCKLEVEL} } 746 747 :0 748 * OPTOUT ?? ^SPAM$ 749 { TESTSCORE=${SPAMLEVEL} } 750 751 INCLUDERC=${SBDIR}/functions/spammer-check.rc 752} 753 754# Twitter 755# 756# Last updated: 2/18/2011 757# 758# Other Relevant Info: 759# 760# Status: Greyhat Social Networking Site 761# 762:0 763* ! SOCIALNETWORKING ?? ^NONE$ 764{ 765 LOCALDESCRIPTION="S/N Invitation:" 766 TESTNAME='Twitter' 767 TESTDOMAINS=${SBDIR}/socialnetworking/twitter-domains.txt 768 TESTIPS=${SBDIR}/socialnetworking/twitter-ips.rc 769 TESTPATTERNS=${SBDIR}/socialnetworking/twitter-patterns.rc 770 TESTLAST=20110218 771 TESTUPDATED=20110218 772 TESTTYPE=HEADER 773 774 :0 775 * SOCIALNETWORKING ?? ^BLOCK$ 776 { TESTSCORE=${BLOCKLEVEL} } 777 778 :0 779 * SOCIALNETWORKING ?? ^SPAM$ 780 { TESTSCORE=${SPAMLEVEL} } 781 782 INCLUDERC=${SBDIR}/functions/spammer-check.rc 783} 784 785# Webair 786# 787# Data files last updated: 3/23/2010 788# 789# Other Relevant Info: 790# 791# Hosts snowshoe spammers. Lots and LOTS of snowshoe 792# spammers. :( Not surprisingly, Webair does not provide 793# any SWIP information or the like for its customers, 794# either. If they've got legitimate customers, those 795# customers are too stupid to survive the Darwinian 796# Internet. 797# 798# Status: Spam ISP 799# 800:0 801* ! PINKISP ?? ^NONE$ 802{ 803 LOCALDESCRIPTION='Spam ISP' 804 TESTNAME='Webair' 805 TESTDOMAINS=${SBDIR}/pinkisp/webair-domains.txt 806 TESTIPS=${SBDIR}/pinkisp/webair-ips.rc 807 TESTPATTERNS=${SBDIR}/pinkisp/webair-patterns.rc 808 TESTLAST=20100323 809 TESTUPDATED=20100323 810 TESTTYPE=ALL 811 812 :0 813 * PINKISP ?? ^BLOCK$ 814 { TESTSCORE=${BLOCKLEVEL} } 815 816 :0 817 * PINKISP ?? ^SPAM$ 818 { TESTSCORE=${SPAMLEVEL} } 819 820 INCLUDERC=${SBDIR}/functions/spammer-check.rc 821} 822 823# What Counts, Inc. 824# 825# Data files last updated: 7/06/2004 826# 827# Other Relevant Info: 828# 829# 8/02/2004: 830# Bulk email sending provider that focuses on political and activist 831# concerns. Over the years, I've gotten onto a *bunch* of their 832# lists without in any way requesting to be added. :/ I assumed 833# they were a spamhaus, but after a false positive report found out 834# that they're not spammers, just an ESP with some customers that 835# aren't careful about who they put on their email lists. 836# 837# 12/26/2006: 838# Reported spamming for Costco, and I've seen the spam. It came 839# from them. Odd because they usually spam for political or activist 840# groups, not large apolitical companies. 841# 842# Status: Opt-Out ESP 843# 844:0 845* ! OPTOUT ?? ^NONE$ 846{ 847 LOCALDESCRIPTION='Opt-Out ESP' 848 TESTNAME='What Counts' 849 TESTDOMAINS=${SBDIR}/optout/whatcounts-domains.txt 850 TESTIPS=${SBDIR}/optout/whatcounts-ips.ips 851 TESTPATTERNS=${SBDIR}/optout/whatcounts-patterns.rc 852 TESTLAST=20050615 853 TESTUPDATED=20040706 854 TESTTYPE=HEADER 855 856 :0 857 * OPTOUT ?? ^BLOCK$ 858 { TESTSCORE=${BLOCKLEVEL} } 859 860 :0 861 * OPTOUT ?? ^SPAM$ 862 { TESTSCORE=${SPAMLEVEL} } 863 864 INCLUDERC=${SBDIR}/functions/spammer-check.rc 865} 866 867# Wholesale Internet 868# 869# Data files last updated: 3/23/2010 870# 871# Other Relevant Info: 872# 873# Spammer ISP. I see lots of spam from here. 874# 875# Status: Spam ISP 876# 877:0 878* ! PINKISP ?? ^NONE$ 879{ 880 LOCALDESCRIPTION='Spam ISP' 881 TESTNAME='Wholesale Internet' 882 TESTDOMAINS=${SBDIR}/pinkisp/wholesale-internet-domains.txt 883 TESTIPS=${SBDIR}/pinkisp/wholesale-internet-ips.rc 884 TESTPATTERNS=${SBDIR}/pinkisp/wholesale-internet-patterns.rc 885 TESTLAST=20100323 886 TESTUPDATED=20100323 887 TESTTYPE=ALL 888 889 :0 890 * PINKISP ?? ^BLOCK$ 891 { TESTSCORE=${BLOCKLEVEL} } 892 893 :0 894 * PINKISP ?? ^SPAM$ 895 { TESTSCORE=${SPAMLEVEL} } 896 897 INCLUDERC=${SBDIR}/functions/spammer-check.rc 898} 899 900 901# Yesmail 902# 903# Data files last updated: 3/29/2010 904# 905# Other Relevant Info: 906# 907# Long-time spammer-friendly ESP. 908# 909# Status: Opt-Out ESP 910# 911:0 912* ! OPTOUT ?? ^NONE$ 913{ 914 LOCALDESCRIPTION='Opt-Out ESP' 915 TESTNAME='Yesmail' 916 TESTDOMAINS=${SBDIR}/optout/yesmail-domains.txt 917 TESTIPS=${SBDIR}/optout/yesmail-ips.rc 918 TESTPATTERNS=${SBDIR}/optout/yesmail-patterns.rc 919 TESTLAST=20100329 920 TESTUPDATED=20100329 921 TESTTYPE=ALL 922 923 :0 924 * PINKISP ?? ^BLOCK$ 925 { TESTSCORE=${BLOCKLEVEL} } 926 927 :0 928 * PINKISP ?? ^SPAM$ 929 { TESTSCORE=${SPAMLEVEL} } 930 931 INCLUDERC=${SBDIR}/functions/spammer-check.rc 932} 933