On Sunday 15 May 2005 00:02, List Mail User wrote: > >... > >On Saturday 14 May 2005 18:30, List Mail User wrote: > >[...] > > > >> Just to keep up; aeroseddicc. com is another multitrade group > >> domain. Note the contact email of "[EMAIL PROTECTED] com" - same as > >> for the domain multitrade-corp. com, and the telephone/fax numbers > >> match those of the domain sheenier. net. And, of course the name > >> servers' domain of aicstrungcb. biz is multitrade also. Oh, yes, > >> they also seem to have control of mail333. com. > >> > >> With enough pressure, they will run out of registrars, or be > >> forced to use the Chinese ones. > > > >Just to add to that, mail333.com addresses are used in the > > registration=20 of quite a lot of spamvertized domains - see=20 > ><http://groups.google.co.uk/groups?q=3Dgroup:news.admin.net-abuse.*+ > >mail333= =2Ecom&start=3D0&scoring=3Dd&> > > > >mail333.com itself is in whois.rfc-ignorant.org, as are most (all?) > > of=20 the related domains, and I'm getting promising results using > > that=20 blacklist as a URIbl: s/most/many/ then
[...] > Take a look at who made the submissions at rfci (try a lookup > on the IP address). Not all the releated domains are there - though > a dozen or so new ones went in today. Also look at Bugzilla #4104 > (though I have changed/evolved the rules which I currently use since > that submission to lower the scores for the individual rules, and use > meta-rules to add points back for multiple rule hits.). I wondered who that IP address was [yours presumably]... It's a pleasant surprise to see that someone has beaten me to it when a spamvertized domain with demonstrably fake whois data comes to my attention. BTW, do you have a good (English language) web resource for Russian addresses and postcodes (like those for aicstrungcb.biz), as the one linked to by <http://www.upu.int/> is in Russian? I haven't added any of the other mail RHSbls as URIBL rules, although many of them are in Exim ACLs. Looking at the scores you assigned for other RFCI zones, I think I may have made the right choice using whois for experimentation. -- Rob Skedgell <[EMAIL PROTECTED]>
pgp76uitZnZlC.pgp
Description: PGP signature
