Well, I'm pretty sure Endurance is a customer of CloudMark, not Amazon, hence why I was trying to reach them here.
They probably use Amazon IPs because they don't want their really high quality IPs tainted by these mail customers... Scott On Tuesday, 06/08/2024 at 12:37 Ken Simpson via mailop wrote: Hi Scott, webhostbox.net [1] is a domain name associated with the Endurance International Group [2] (now part of Newfold Digital). HostGator, Bluehost, Site5, and many other older hosting brands are incorporated under the EIG banner. These older hosts often run ancient installs of WordPress, Drupal, and other platforms that are easily exploited by spamming and phishing groups. The Cloudmark organization is generally responsive to abuse complaints; however, the cloudfilter.net [3] hosts seem to be owned by Amazon Web Services, so your best bet might be to send spam reports to AWS (honestly I'm surprised Proofpoint doesn't use their own IPs for this): # whois.arin.net [4] NetRange: 35.71.64.0 - 35.95.255.255 CIDR: 35.71.64.0/18 [5], 35.71.128.0/17 [6], 35.72.0.0/13 [7], 35.80.0.0/12 [8] NetName: AT-88-Z NetHandle: NET-35-71-64-0-1 Parent: NET35 (NET-35-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2019-04-15 Updated: 2024-02-01 Ref: https://rdap.arin.net/registry/ip/35.71.64.0 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2024-01-24 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z Regards, Ken On Tue, Aug 6, 2024 at 6:47 AM Scott Q. via mailop wrote: If anyone from CloudMark, or if not, ProofPoint is on the list. Your client webhostbox.net [1] is Spamming like crazy and getting through your outbound filters. Literally every day thousands and thousands of phishing messages. Here's another sample Received: from omta38.uswest2.a.cloudfilter.net [9] (omta38.uswest2.a.cloudfilter.net [9] [35.89.44.37]) by mx.emailarray.com [10] (Haraka) with ESMTPS id 0FCEA3A7-F363-4114-AABC-3E17D23B4849.1 envelope-from (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 verify=FAIL); Tue, 06 Aug 2024 09:15:04 -0400 Received: from eig-obgw-6003a.ext.cloudfilter.net [11] ([10.0.30.151]) by cmsmtp with ESMTPS id bDoksc7G2umtXbK1mssqkF; Tue, 06 Aug 2024 13:15:02 +0000 Received: from cp-in-20.webhostbox.net [12] ([216.10.240.60]) by cmsmtp with ESMTPS id bK1jsXHUdV2ivbK1ks7EwD; Tue, 06 Aug 2024 13:15:01 +0000 Maybe up the filtering for this particular client of yours ? They appear to get compromised easily and don't do much about it. Thank you! Scott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Ken Simpson CEO, MailChannels [13] Facebook [14] | Twitter [15] | LinkedIn [16] | Help Center [17] Our latest case study video: watch here! [18] Links: ------ [1] http://webhostbox.net [2] https://en.wikipedia.org/wiki/Endurance_International_Group [3] http://cloudfilter.net [4] http://whois.arin.net [5] http://35.71.64.0/18 [6] http://35.71.128.0/17 [7] http://35.72.0.0/13 [8] http://35.80.0.0/12 [9] http://omta38.uswest2.a.cloudfilter.net [10] http://mx.emailarray.com [11] http://eig-obgw-6003a.ext.cloudfilter.net [12] http://cp-in-20.webhostbox.net [13] https://www.mailchannels.com/?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Website [14] http://bit.ly/2dnoP3K [15] http://bit.ly/2ehoWni [16] http://bit.ly/2dw87lU [17] https://mailchannels.zendesk.com/hc/en-us?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Help%20Center [18] https://www.youtube.com/watch?v=psb41xDIL9k
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
