Hotmail spam stats revised

March 28, 2006

It turns out I made a mistake in my Hotmail stats for this week that missed some Hotmail rejections that were for @sympatico.ca addresses. There were actually 11 messages refused due to their IP origin, from six different IP addresses:

Count IP In (Size) Listed since Owned by
4 62.166.232.22 SBL15419 March 6th Versatel (Netherlands)
3 81.199.172.231 SBL31484 (/23) January 21st Gilat Satcom (Israel)
1 62.59.36.122 SBL34115 (/22) February 10th Versatel (Netherlands)
1 62.59.40.138 SBL33051 October 4th, 2005 Versatel (Netherlands)
1 192.116.119.195 The CBL Gilat Satcom (Israel)
1 194.151.147.178 SBL35447 (/29) December 2nd, 2005 KPN Internet / 'Comminication Center Osdorp' (Netherlands)

As you might expect from the name, Gilat Satcom's customers are actually located all over; they appear to resell satellite Internet access widely, especially across Africa, and as a result are the source of a lot of advance fee fraud. Unfortunately they don't show any sub-delegations.

'Comminication Center Osdorp' [sic] is a /29 subnet under KPN Internet (and thus completely listed by the SBL). According to the RIPE WHOIS information, its admin and technical contacts are a Hotmail address (which at least still exists). The whole thing doesn't exactly inspire confidence that they're going to deal with the problems any time soon; at the worst, they may be part of the problem.

Other interesting things:

  • five of the six IP addresses (everything except 81.199.172.231) are also in bl.spamcop.net.
  • the three Versatel IP addresses are also in SPEWS. 62.166.232.22 is additionally in the AHBL (since April 8th 2004), the NJABL (since November 2002, listed for advance fee fraud), and SORBS's 'spam' subzone (since April 26th 2004).
  • 81.199.172.231 is in SORBS's spam subzone (since October 16th 2005).

SBL34115 has nasty things to say about Versatel's continued tolerance of advance fee fraud spammers. I'm actually surprised that so many of our problems come from Versatel; it had not previously made my list of places to watch out for. Live and learn, apparently.

Written on 28 March 2006.
« Using threading to implement a 'busy' cursor (a tale from long ago)
Easier Solaris patch management with pca »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Mar 28 15:12:21 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.