We have been seeing seeing a new trend in unmanaged Colo Hosting with registration of smaller IP blocks. When we start to see trends of a new colo company amassing small IP blocks and allowing spammers on their networks, we do further research to find and block the evil overlords.

To say we deffer more mail than we deliver is an understatement on most days.
We currently block whole countries on most of our mail servers and spend hours a day filtering through mail logs tracking down abuse.

Contacting the abuse contacts rarely has any impact and it is very frustrating to spend time attempting to communicate with others.

Follow the Money

I get it – I really do. A small hosting company cannot compete on price with a large facility that has the bucks to have loss leaders on hosting – they can nickle and dime customers later. So these facilities try to cash in on volume out of desperation I guess.

While the abuse policy may state that they will not tolerate spam they are reluctant to remove services from anyone paying for service. Or they do not have the staff to follow up and take action on complaints.

What This Costs You

This trend costs you the consumer – the email user, and it costs companies – all of them – and they pass those losses on to their consumers – you again!

How is that? Think about the cost of an IT department to manage mail – or even just spam filters on a mail server or a single computer and think about the time it takes you to filter past the junk in your inbox. If you work for a company and you are “on the clock” you are doing something that is not really contributing to the profitability of the company you work for. And every time a machine gets infected it chews up more resources – this may sound like little stuff but added up it really gets costly and we all end up paying for it!

Today’s spam:

A new spam in my inbox this morning was from a send: “Easy Mole Removal” ip=198.144.182.104 rdns=host.colocrossing.com

A search of headers in my inbox for THAT IP address 198.144.182.104 rendered just that one spam. The spam was also bayes poison – meaning the content of the mail was predominately and image with rather innocuous text.

When I searched my inbox headers for 198.144.182. (removing the last set of numbers) I got 7 spam hits!

  • printer ink spam: ip=198.144.182.101 rdns=host.colocrossing.com
  • melt away fat spam: ip=198.144.182.101 rdns=host.colocrossing.com
  • High-Quality Printer Ink spam: ip=198.144.182.100 rdns=host.colocrossing.com
  • Latest DietCraze spam: ip=198.144.182.100 rdns=host.colocrossing.com
  • Mesh Implant complications spam: ip=198.144.182.98 rdns=host.colocrossing.com
  • 1 Fat Burner In A Bottle spam: ip=198.144.182.98 rdns=host.colocrossing.com

I got 13 more in my spam bucket:

  • MatchDatingAlerts spam: ip=198.144.182.104 rdns=host.colocrossing.com
  • NewStomachAcidStudy spam: ip=198.144.182.103 rdns=host.colocrossing.com
  • Need Cash Fast spam: ip=198.144.182.103 rdns=host.colocrossing.com
  • yet another NewStomachAcidStudy spam: ip=198.144.182.103 rdns=host.colocrossing.com
  • Get the funds you need in 1 hour spam: ip=198.144.182.103 rdns=host.colocrossing.com
  • You get the idea..
  • .

The links in the spam are NOT to the same IP address as the mail – not even close – they are on a different range altogether [74.112.168.0 – 74.112.175.255] – in this case most are from a hosting company called Jadase LLC and netriplex.com

Others are linking to profitdollars.com on 206.217.133.82
OH – look who that IP belongs to:
ColoCrossing CC-01 (NET-206-217-128-0-1) 206.217.128.0 – 206.217.143.255
End of Reality CHI CC-206-217-133-80-28 (NET-206-217-133-80-1) 206.217.133.80 – 206.217.133.95

So what do the spammers want?

They want you to click on the links in the spam of course. OR they want you to detect spam on poison so you poke holes in your spam filtering!

IT TAKES TIME to track all of this down!

So do I now make attempts to contact the hosts and have them shut the sites down? That does not often pay off.