xref: /dports/mail/spambnc/usr/local/sb/sb-blockool.rc

# SB-BLOCKOOL.RC
#
#  Recipes to check for spam from otherwise legitimate companies
#  that spam, spamming ESPs and ISPs with severe spam problems
#  or spam tolerant practices.
#

# AccelerateBiz
#
# Data files last updated: 4/16/2013
#
# Other Relevant Info:
#
#   8/03/2011:
#    Major hoster of snowshoe spam operations.  I've never seen
#    non-spam from this outfit.
#
# Status: Spam ISP
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Snowshoe Spam Host'
 TESTNAME='AccelerateBiz'
 TESTDOMAINS=${SBDIR}/pinkisp/acceleratebiz-domains.txt
 TESTIPS=${SBDIR}/pinkisp/acceleratebiz-ips.rc
 TESTPATTERNS=${SBDIR}/optpinkispout/acceleratebiz-patterns.rc
 TESTLAST=20110803
 TESTUPDATED=20110803
 TESTTYPE=ALL

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Adknowledge (formerly Virtumundo, etc.)
#
# Data files last updated: 8/03/2011
#
# Other Relevant Info:
#
#   10/02/2010:
#    Long-time spammer from the past that has morphed into a
#    spammer-supporting ESP.  Runs affiliate programs
#    that provide the cash that keeps many snowshoe
#    spammers alive and spamming, but hasn't been
#    sending spam directly from their IPs for some
#    time.
#
# Status: Spam-Friendly ESP
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Spammy Affiliate/URI Network'
 TESTNAME='Adknowledge'
 TESTDOMAINS=${SBDIR}/optout/adknowledge-domains.txt
 TESTIPS=${SBDIR}/optout/adknowledge-ips.rc
 TESTPATTERNS=${SBDIR}/optout/adknowledge-patterns.rc
 TESTLAST=20110217
 TESTUPDATED=20110217
 TESTTYPE=ALL

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Boca Networks
#
# Data files last updated: 2/18/2011
#
# Other Relevant Info:
#
#    Long-time spammer-friendly ISP.
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Boca Networks'
 TESTDOMAINS=${SBDIR}/pinkisp/bocanetworks-domains.txt
 TESTIPS=${SBDIR}/pinkisp/bocanetworks-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/bocanetworks-patterns.rc
 TESTLAST=20110218
 TESTUPDATED=20110218
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Carolinanet (Guilford Communications)
#
# Last reported spam: 3/22/2010
# Data files last updated: 3/22/2010
#
# Other Relevant Info:
#
#    Years-long spammer hosting.
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Carolinanet'
 TESTDOMAINS=${SBDIR}/pinkisp/carolinanet-domains.txt
 TESTIPS=${SBDIR}/pinkisp/carolinanet-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/carolinanet-patterns.rc
 TESTLAST=20100322
 TESTUPDATED=20100322
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Conru, Andrew ("Friendfinder")
#
# Last reported spam: 1/01/2010
# Data files last updated: 3/22/2010
#
# Other Relevant Info:
#
#  2/20/03:
#   New burst of spam to mailing lists and Usenet. :/
#
#  1/13/05:
#   Evidence that Andrew Conru has quit spamming and
#   deliberately turned to legitimate marketing methods.
#   Cool! :)  I hope this turns out to be true.
#
#  3/10/05:
#   Chinese language FriendFinder spam sent to role
#   addresses. :/
#
#  6/19/05:
#   Chinese spam still being sent to role addresses
#   and spamtraps.
#
# Status: Active Spammer
#
:0
* ! MAINSLEAZE ?? ^NONE$
{
 LOCALDESCRIPTION='Mainsleaze Spammer'
 TESTNAME='Friendfinder'
 TESTDOMAINS=${SBDIR}/mainsleaze/friendfinder-domains.txt
 TESTIPS=${SBDIR}/mainsleaze/friendfinder-ips.rc
 TESTPATTERNS=${SBDIR}/mainsleaze/friendfinder-patterns.rc
 TESTLAST=20100101
 TESTUPDATED=20100322
 TESTTYPE=ALL

 :0
 * MAINSLEAZE ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * MAINSLEAZE ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Ecatel (Iqarus)
#
# Data files last updated: 7/21/2010
#
# Other Relevant Info:
#
#   Major snowshoe spam hosting outfit.
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Ecatel'
 TESTDOMAINS=${SBDIR}/pinkisp/ecatel-domains.txt
 TESTIPS=${SBDIR}/pinkisp/ecatel-ips.ips
 TESTPATTERNS=${SBDIR}/pinkisp/ecatel-patterns.rc
 TESTLAST=20100721
 TESTUPDATED=20100721
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Epsilon Interactive (formerly Bigfoot Interactive, many others)
#
# Data files last updated: 3/22/2010
#
# Other Relevant Info:
#
#     Big ESP with lax email gathering policies that
#     is hitting long-closed addresses that cannot have
#     opted in for its email.
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Opt-Out ESP'
 TESTNAME='Epsilon Interactive'
 TESTDOMAINS=${SBDIR}/optout/epsiloninteractive-domains.txt
 TESTIPS=${SBDIR}/optout/epsiloninteractive-ips.rc
 TESTPATTERNS=${SBDIR}/optout/epsiloninteractive-patterns.rc
 TESTLAST=20100215
 TESTUPDATED=20100322
 TESTTYPE=HEADER

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Facebook
#
# Last reported spam:  9/01/2010
# Data files last updated: 9/06/2010
#
# Other Relevant Info:
#
#   The 2000 lb. grizzly bear of social networks.  Not as bad as
#   some; you can unsubscribe an email address from Facebook and
#   no longer receive Facebook invitation emails to it.  People
#   who don't use Facebook find the barrage of invitations highly
#   annoying, however, and should not have to receive it til they
#   decide to opt-out. :/
#
# Status: Greyhat Social Networking Site
#
:0
* ! SOCIALNETWORKING ?? ^NONE$
{
 LOCALDESCRIPTION="S/N Invitation:"
 TESTNAME='Facebook'
 TESTDOMAINS=${SBDIR}/socialnetworking/facebook-domains.txt
 TESTIPS=${SBDIR}/socialnetworking/facebook-ips.rc
 TESTPATTERNS=${SBDIR}/socialnetworking/facebook-patterns.rc
 TESTLAST=20100901
 TESTUPDATED=20100906
 TESTTYPE=ALL

 :0
 * SOCIALNETWORKING ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * SOCIALNETWORKING ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}


# FDCServers.net
#
# Last reported spam: 3/23/2010
# Data files last updated: 3/23/2010
#
# Other Relevant Info:
#
#   Major snowshoe spam hosting outfit.
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='FDCServers'
 TESTDOMAINS=${SBDIR}/pinkisp/fdcservers-domains.txt
 TESTIPS=${SBDIR}/pinkisp/fdcservers-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/fdcservers-patterns.rc
 TESTLAST=20100323
 TESTUPDATED=20100323
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Gevalia
#
# Last reported spam:  2/28/2010
# Data files last updated: 3/22/2010
#
# Other Relevant Info:
#
#    8/16/03:
#     Swedish coffee company that has been hiring spam-for-hire
#     outfits to spam on their behalf for years.  Its time the
#     spamming nitwits got complaints themselves about their
#     despicable behavior.
#
#    7/29/04:
#     Hired Scott Richter to spam on their behalf.
#
#    8/22/04:
#     Hired Josh Baer to spam on their behalf.
#
#    5/11/05:
#     Now hiring Eddie Marin to spam on their behalf. They
#     appear to going the rounds of the big spammers....
#
#    4/26/06:
#     Now via a spammer that does pills'n'porn when he isn't
#     selling coffee. :/  Gevalia desperately needs to fire
#     everyone involved in making its Internet marketing
#     decisions, IMHO.
#
#   12/08/06:
#     Spamming via Virtumundo.
#
#   10/02/10:
#     Spamming via EVERY SNOWSHOE SPAMMER in the known universe. :/
#
:0
* ! MAINSLEAZE ?? ^NONE$
{
 LOCALDESCRIPTION='Mainsleaze Spammer'
 TESTNAME='Gevalia'
 TESTDOMAINS=${SBDIR}/mainsleaze/gevalia-domains.txt
 TESTIPS=${SBDIR}/mainsleaze/gevalia-ips.ips
 TESTPATTERNS=${SBDIR}/mainsleaze/gevalia-patterns.rc
 TESTLAST=20100228
 TESTUPDATED=20100322
 TESTTYPE=ALL

 :0
 * MAINSLEAZE ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * MAINSLEAZE ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Gogax (formerly Exist Hosting, aka Interweb Media)
#
# Last reported spam: 3/22/2010
# Data files last updated: 3/22/2010
#
# Other Relevant Info:
#
#  1/03/07:
#    Long-time spammer-friendly ISP.
#
#  3/22/2010:
#    Hosts snowshoe spammers.  Lots and LOTS of snowshoe
#    spammers. :(
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Gogax'
 TESTDOMAINS=${SBDIR}/pinkisp/gogax-domains.txt
 TESTIPS=${SBDIR}/pinkisp/gogax-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/gogax-patterns.rc
 TESTLAST=20100322
 TESTUPDATED=20100322
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Google Friend Connect
#
# Last reported spam:  9/06/2010
# Data files last updated: 9/06/2010
#
# Other Relevant Info:
#
#   The 2000 lb. grizzly bear of internet search engines has opened a
#   social networking site with *no* mechanism to unsubscribe an email
#   address from receiving "invitations", and no apparent limits on
#   how many email addresses a user can import.
#
# Status: Blackhat Social Networking Site
#
:0
* ! SOCIALNETWORKING ?? ^NONE$
{
 LOCALDESCRIPTION="S/N Invitation:"
 TESTNAME='Google Friend Connect'
 TESTDOMAINS=${SBDIR}/socialnetworking/googlefriendconnect-domains.txt
 TESTIPS=${SBDIR}/socialnetworking/googlefriendconnect-ips.rc
 TESTPATTERNS=${SBDIR}/socialnetworking/googlefriendconnect-patterns.rc
 TESTLAST=20100906
 TESTUPDATED=20100906
 TESTTYPE=ALL

 :0
 * SOCIALNETWORKING ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * SOCIALNETWORKING ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Grouply
#
# Last reported spam: 7/17/2010
# Data files last updated: 7/17/2010
#
# Other Relevant Info:
#
#   7/17/2010 -- Lots of spammed invitations, with extremely inconvenient,
#     hoops-jumping confirmed opt-out.  :/  The service has a poor
#     reputation in many quarters because of malware distribution issues
#     and general spam issues, as well.  Best avoided.
#
# Status: Spammy/irresponsible social networking site.
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION="S/N Invitation:"
 TESTNAME='Grouply'
 TESTDOMAINS=${SBDIR}/socialnetworking/grouply-domains.txt
 TESTIPS=${SBDIR}/socialnetworking/grouply-ips.rc
 TESTPATTERNS=${SBDIR}/socialnetworking/grouply-patterns.rc
 TESTLAST=20100717
 TESTUPDATED=20100717
 TESTTYPE=HEADER

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Krypt (formerly VPLS)
#
# Last reported spam: 3/23/2010
# Data files last updated: 3/23/2010
#
# Other Relevant Info:
#
#   Hosts lots of snowshoe spammers, and provides falsified
#   rDNS for those spammers. Doubt that there are legitimate
#   customers here. If there are, they need to move to a
#   better neighborhood.
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Krypt'
 TESTDOMAINS=${SBDIR}/pinkisp/krypt-domains.txt
 TESTIPS=${SBDIR}/pinkisp/krypt-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/krypt-patterns.rc
 TESTLAST=20100323
 TESTUPDATED=20100323
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# LinkedIn
#
# Data files last updated: 9/07/2010
#
# Other Relevant Info:
#
#   Issues invitations to any email addresses that the user uploads,
#   including purchased lists.  There is no way that I can find to
#   unsubscribe an email address or site from receiving them.
#
# Status: Blackhat Social Networking Site
#
:0
* ! SOCIALNETWORKING ?? ^NONE$
{
 LOCALDESCRIPTION="S/N Invitation:"
 TESTNAME='LinkedIn'
 TESTDOMAINS=${SBDIR}/socialnetworking/linkedin-domains.txt
 TESTIPS=${SBDIR}/socialnetworking/linkedin-ips.rc
 TESTPATTERNS=${SBDIR}/socialnetworking/linkedin-patterns.rc
 TESTLAST=20100907
 TESTUPDATED=20100906
 TESTTYPE=ALL

 :0
 * SOCIALNETWORKING ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * SOCIALNETWORKING ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}


# Messagereach.com
#
# Data files last updated: 8/25/2005
#
# Other Relevant Info:
#
#    3/17/00 -- another "direct marketing" bulk email opt-out spamhaus.
#    11/08/01 -- spamming for Looksmart, and found xpedite.com. :)
#
# Status: Opt-Out Provider
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Opt-Out ESP'
 TESTNAME='MessageReach'
 TESTDOMAINS=${SBDIR}/optout/messagereach-domains.txt
 TESTIPS=${SBDIR}/optout/messagereach-ips.rc
 TESTPATTERNS=${SBDIR}/optout/messagereach-patterns.rc
 TESTLAST=20050825
 TESTUPDATED=20050825
 TESTTYPE=HEADER

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}


# Survey Monkey
#
# Last reported spam:  4/16/2013
# Data files last updated: 4/16/2013
#
# Other Relevant Info:
#
#    4/16/2013:
#     Low-end, highly automated surveys service used by lots of
#     small businessmen, including spammers, and in academia and
#     the non-profit world.  Removes spammers when you do the
#     research and submit reports, but no proactive action and
#     so hits LOTS of email addresses that never asked for the
#     email.
#
:0
* ! MAINSLEAZE ?? ^NONE$
{
 LOCALDESCRIPTION='Mainsleaze Spammer'
 TESTNAME='Survey Monkey'
 TESTDOMAINS=${SBDIR}/mainsleaze/surveymonkey-domains.txt
 TESTIPS=${SBDIR}/mainsleaze/surveymonkey-ips.ips
 TESTPATTERNS=${SBDIR}/mainsleaze/surveymonkey-patterns.rc
 TESTLAST=20130416
 TESTUPDATED=20130416
 TESTTYPE=HEADER

 :0
 * MAINSLEAZE ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * MAINSLEAZE ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Syptec (Noah Case)
#
# Data files last updated: 3/25/2010
#
# Other Relevant Info:
#
#    Snowshoe snowshoe. :/
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Syptec'
 TESTDOMAINS=${SBDIR}/pinkisp/syptec-domains.txt
 TESTIPS=${SBDIR}/pinkisp/syptec-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/syptec-patterns.rc
 TESTLAST=20100325
 TESTUPDATED=20100325
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}


# Travail Systems
#
# Data files last updated: 5/06/2010
#
# Status: Snowshoe Spam ISP
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Travail Systems'
 TESTDOMAINS=${SBDIR}/pinkisp/travailsystems-domains.txt
 TESTIPS=${SBDIR}/pinkisp/travailsystems-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/travailsystems-patterns.rc
 TESTLAST=20100506
 TESTUPDATED=20100506
 TESTTYPE=HEADER

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}


# Triple Aldo
#
# Last reported spam: 8/29/2006
# Data files last updated: 8/29/2006
#
# Other Relevant Info:
#    8/29/06:
#     Long-time, fairly low volume opt-out spammer with quasi-
#     legitimate mainsleaze spammer customers that include
#     lendingtree.com and realestate.com, among others.
#
# Status: *DIRTY* OOL provider
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Opt-Out ESP'
 TESTNAME='Triple Aldo'
 TESTDOMAINS=${SBDIR}/optout/triplealdo-domains.txt
 TESTIPS=${SBDIR}/optout/triplealdo-ips.rc
 TESTPATTERNS=${SBDIR}/optout/triplealdo-patterns.rc
 TESTLAST=20060829
 TESTUPDATED=20060829
 TESTTYPE=HEADER

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Twitter
#
# Last updated: 2/18/2011
#
# Other Relevant Info:
#
# Status: Greyhat Social Networking Site
#
:0
* ! SOCIALNETWORKING ?? ^NONE$
{
 LOCALDESCRIPTION="S/N Invitation:"
 TESTNAME='Twitter'
 TESTDOMAINS=${SBDIR}/socialnetworking/twitter-domains.txt
 TESTIPS=${SBDIR}/socialnetworking/twitter-ips.rc
 TESTPATTERNS=${SBDIR}/socialnetworking/twitter-patterns.rc
 TESTLAST=20110218
 TESTUPDATED=20110218
 TESTTYPE=HEADER

 :0
 * SOCIALNETWORKING ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * SOCIALNETWORKING ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Webair
#
# Data files last updated: 3/23/2010
#
# Other Relevant Info:
#
#    Hosts snowshoe spammers.  Lots and LOTS of snowshoe
#    spammers. :(  Not surprisingly, Webair does not provide
#    any SWIP information or the like for its customers,
#    either.  If they've got legitimate customers, those
#    customers are too stupid to survive the Darwinian
#    Internet.
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Webair'
 TESTDOMAINS=${SBDIR}/pinkisp/webair-domains.txt
 TESTIPS=${SBDIR}/pinkisp/webair-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/webair-patterns.rc
 TESTLAST=20100323
 TESTUPDATED=20100323
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# What Counts, Inc.
#
# Data files last updated: 7/06/2004
#
# Other Relevant Info:
#
#   8/02/2004:
#    Bulk email sending provider that focuses on political and activist
#    concerns.  Over the years, I've gotten onto a *bunch* of their
#    lists without in any way requesting to be added. :/  I assumed
#    they were a spamhaus, but after a false positive report found out
#    that they're not spammers, just an ESP with some customers that
#    aren't careful about who they put on their email lists.
#
#   12/26/2006:
#    Reported spamming for Costco, and I've seen the spam.  It came
#    from them.  Odd because they usually spam for political or activist
#    groups, not large apolitical companies.
#
# Status: Opt-Out ESP
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Opt-Out ESP'
 TESTNAME='What Counts'
 TESTDOMAINS=${SBDIR}/optout/whatcounts-domains.txt
 TESTIPS=${SBDIR}/optout/whatcounts-ips.ips
 TESTPATTERNS=${SBDIR}/optout/whatcounts-patterns.rc
 TESTLAST=20050615
 TESTUPDATED=20040706
 TESTTYPE=HEADER

 :0
 * OPTOUT ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * OPTOUT ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}

# Wholesale Internet
#
# Data files last updated: 3/23/2010
#
# Other Relevant Info:
#
#   Spammer ISP. I see lots of spam from here.
#
# Status: Spam ISP
#
:0
* ! PINKISP ?? ^NONE$
{
 LOCALDESCRIPTION='Spam ISP'
 TESTNAME='Wholesale Internet'
 TESTDOMAINS=${SBDIR}/pinkisp/wholesale-internet-domains.txt
 TESTIPS=${SBDIR}/pinkisp/wholesale-internet-ips.rc
 TESTPATTERNS=${SBDIR}/pinkisp/wholesale-internet-patterns.rc
 TESTLAST=20100323
 TESTUPDATED=20100323
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}


# Yesmail
#
# Data files last updated: 3/29/2010
#
# Other Relevant Info:
#
#    Long-time spammer-friendly ESP.
#
# Status: Opt-Out ESP
#
:0
* ! OPTOUT ?? ^NONE$
{
 LOCALDESCRIPTION='Opt-Out ESP'
 TESTNAME='Yesmail'
 TESTDOMAINS=${SBDIR}/optout/yesmail-domains.txt
 TESTIPS=${SBDIR}/optout/yesmail-ips.rc
 TESTPATTERNS=${SBDIR}/optout/yesmail-patterns.rc
 TESTLAST=20100329
 TESTUPDATED=20100329
 TESTTYPE=ALL

 :0
 * PINKISP ?? ^BLOCK$
 { TESTSCORE=${BLOCKLEVEL} }

 :0
 * PINKISP ?? ^SPAM$
 { TESTSCORE=${SPAMLEVEL} }

 INCLUDERC=${SBDIR}/functions/spammer-check.rc
}