# Colocrossing Achieves Top 5 Rank



## drmike

(originally posted over on WebhostingTalk)

*ColoCrossing Achieves Top 5 Rank*
Places in Top 1% of all Networks Globally

FOR IMMEDIATE RELEASE

Buffalo, NY – June 11, 2014 -ColoCrossing.com, a leading provider of scalable internet hosting solutions, and an Inc. 5000 Honoree,  announced today their Top 5 Rank achievement. The Top 5 placement distinguishes ColoCrossing from all other ISPs and internet hosting companies, and places them in the top 1%.

ColoCrossing has outdone their competition by achieving 5th place on SpamHaus' distinguished list of the World's Worst Spam Support ISPs.  Currently, ColoCrossing is responsible for over 1% of all spam sent to inboxes globally on a daily basis.

Kevin Hillstrand, a representative of one of ColoCrossing's partner companies said, ”We are proud to help ColoCrossing grow in distinction and reach.  Being able to access the mailbox of every email holder on the planet remains important to us, and our customers.  Having a partner like ColoCrossing is key with their nearly inexhaustible supply of IP addresses.”

To celebrate ColoCrossing will be reducing prices on their line of throwaway burner IP addresses.  For as little as 25 cents per IP you can get join the big leagues of ROKSO.  ColoCrossing will include on one of it trademark bargain Intel Xeon E3-1240v2 Quad Core dedicated server rentals a free /24 IPv4 Allocation (253 Usable IPs).

“We understand people need IPs and they need them now.  Sometimes their use can run afoul of industry bullies like SpamHaus, resulting in dreaded IP blacklisting. To assist ColoCrossing has an active 'don't ask and don't tell' exchange policy.  We quickly work to get our customers back online with new IPs with our patent pending IP exchange automation.   We care about the planet so no IP goes wasted, the discards are sent to recycling and reissued to other unsuspecting customers in the future”, said Bilboh Faboz, marketing director.

ColoCrossing will continue to protect  customers from internet bullies by further embracing obfuscation services like Tor (to hide the identity of their customers) and BitCoin (to hide the money trail).


----------



## D. Strout

Really @drmike? We all dislike CC around here, but I'm a little surprised you wasted your time writing this.


----------



## drmike

I went, I looked, and I saw:


----------



## D. Strout

Yeah, I'm fully aware of that, but you could have said something like this:



> Wow, ColoCrossing is now the number 5 spammer on Spamhaus' "world's worst" list:
> 
> [image]


----------



## DomainBop

I posted the news of their inclusion on the "world's worst" list here yesterday on another thread...but they were "only" #6 yesterday.  Overnight they racked up another 8 SBLs, 5 of which were (repeat...Yair is back!) ROKSO's



> the number 5 spammer on Spamhaus' "world's worst" list:


Actually they're tied for 4th with Chinanet.

Velocity Servers Inc has a lot of IPs but in terms of revenues their projected $12 million this fiscal year makes them a small business by any definition.  They are the ONLY small business on that "worst" list which is quite an accomplishment since the others on that list are giants with hundreds of million (OVH) or billions in revenues (China Unicom) and  millions of users (even OVH is 1+ million users when you add in their ISP divisions).

Moving on to the next bit...I'm sure it's just a coincidence but less than 24 hours after Spamhaus added Velocity Servers to the "worst list" a new (joined June 4th) poster made his first post/thread on the Velocity Servers owned LowEndTalk.com forum accusing Spamhaus of being a bunch of corrupt criminals who practice blackmail, extortion, and tax evasion.  I think one of the daycare kids has a new sockpuppet ID http://lowendtalk.com/discussion/29055/spamhaus-tax-evasion-shell-companies-extortion-strategies-blackmail-and-much-much-more#latest


----------



## drmike

The LET thread grinding Spamhaus is curious.  Well written, but mostly blah, baseless. 


The merits of the arguments are dropboxes for mail and incorporation mills, which are entirely implication point for most hosting companies and a good chunk of incorporations in general.  Heck shining light on that issue implicates 8 out of 10 VPS companies I'd guess.

It's not say the OP over there on that thread isn't onto something.  Unsure where the meat of the issue is, if there is any in that info exploration.

Spamhaus gets a bad rap from misdoers.  No kidding. How many of the folks listed are serial pains in the asses?  How many are repeat offenders?  How many have ties to organized crime rings?  Folks they are SORT of policing with the blacklisting tend not to be upstanding normal people, but rather are law breakers.

To avoid being taken out by such criminals (and there surely are some certified dangerous folks getting listed amongst the heap) the operators of Spamhaus have to take steps to isolate themselves.  Just common sense or they'd get Anonymous'd and DDoS'd and SWATTED out of existence in a few months time.


----------



## HalfEatenPie

I thought this was a real press release.  

Then I actually read it and lol.


----------



## Enterprisevpssolutions

WOW doesn't surprise me.


----------



## GreenHostBox

ColoCrossing be like: Let's celebrate for being in top 5! Now you can buy 10 IPv4 for only $1/m! Get this awesome special promotion now!


----------



## Wintereise

Not this shit again.


----------



## Schultz

"We care about the planet so no IP goes wasted, the discards are sent to recycling and reissued to other unsuspecting customers in the future”

Died laughing.

Nonetheless, CC look like a quality DC to the unsuspecting customer - but given the reputation among the hosting industry, it doesn't really seem too good. Other DC providers can provide the same pricing with a much better IP reputation.

Great read.


----------



## DomainBop

The breakdown of the current Velocity Host SBL listings:

Hudson Valley Host 13 (4 ROKSO)
New Wave NetConnect 13 (1 ROKSO)
Dediserve 7
Unswipped 5 (1 ROKSO, 1 Malware)
Cloud Shards 5
Intercom Online 2
Hypernia Hosting 1
B2Net Solutions 1
VPS Ace 1
BlueVM 1
Fragnet Networks 1
org name: "individual" (LOL) 1



Wintereise said:


> Not this shit again.


When the shit stops spewing from CC's network and  stops filling people's mailboxes then people won't have any reason to start topics like this.  I find the $$ costs of dealing with SPAM sent from spam friendly hosts to be far more annoying than seeing a forum topic I don't like (the horror, someone posted a topic I don't want to read on a forum!.)  

======

ColoCrossing is also the #1 spam sending network in Cisco's Senderbase today both in terms of daily spam volume and number of domains sending spam http://www.senderbase.org/static/spam/.


----------



## drmike

DomainBop said:


> B2Net Solutions 1


 

B2Net = ServerMania.   It's similar dual name game with them like ColoCrossing/Velocity.  Just different operating names for units / over time.

 

Considering how tightly wound B2Net is with CC, it is funny seeing them broke out with other Spamhaus entries not on the CC list.

 

ServerMania currently has 6 other Spamhaus entries. All are on their ASN.  All are hosted on that lovely Buffalo ColoCrossing network.

 

Among that 6, a ROKSO entry for ---> http://www.spamhaus.org/rokso/spammer/SPM1324/3-elite-media  - That ROKSO spammer sure likes Buffalo 

 

Yeah, legit to break these out and not punch them into the CC pile.  But odds are other soiled IPs owned by CC aren't being counted under CC.  Saw CVPS soilage under their own entries in the recent past although they don't have their own ASN.

 

But... but... but...

 

I find it WEIRD that B2Net is soiling CC's IPs when they are sitting on 246k of their own.

 




> When the shit stops spewing from CC's network and  stops filling people's mailboxes then people won't have any reason to start topics like this



Like I've noted before, CC is pushing 1% of all spam worldwide on daily basis.  That's just what is caught and counted.   Likely is higher....

 

We can throw another moving metric at this issue, Cleantalk.org:

https://cleantalk.org/blacklists?record=AS36352

 

They list CC's spam rate at: 87.46%

9770 IPs detected sending mail

8545 detected sending spam.

 

Nah, they don't have spam issues and are responsible netizens


----------



## mtwiscool

I do not like how spamhaus list things they need an audit.

and ware is the maths?

They list CC's spam rate at: 87.46%
9770 IPs detected sending mail

something is not right with that number as colocrossing have more then 11k ip addresses.


----------



## HostUS-Alexander

drmike said:


> *They list CC's spam rate at: 87.46%*
> 
> *9770 IPs detected sending mail*
> 
> *8545 detected sending spam.*
> 
> 
> 
> Nah, they don't have spam issues and are responsible netizens





mtwiscool said:


> I do not like how spamhaus list things they need an audit.
> 
> and ware is the maths?
> 
> They list CC's spam rate at: 87.46%
> 
> 
> 9770 IPs detected sending mail
> 
> something is not right with that number as colocrossing have more then 11k ip addresses.


It's not total IP's, it's total ip's that have a mail server.


----------



## mtwiscool

HostUS-Alexander said:


> It's not total IP's, it's total ip's that have a mail server.


They would be more then that many mail servers as most websites use sendmail.


----------



## Aldryic C'boas

84% of statistics are blatantly fabricated from an utter lack of actual knowledge.


----------



## mtwiscool

Aldryic C said:


> 84% of statistics are blatantly fabricated from an utter lack of actual knowledge.


Wow,

This is the first thing i agree with you on.


----------



## HalfEatenPie

Wintereise said:


> Not this shit again.


It's a joke post in the Off Topics location.  Chill out dawg.


----------



## Aldryic C'boas

Let's try that again, shall we.



mtwiscool said:


> They would be more then that many mail servers as most websites use sendmail.





Aldryic C said:


> 84% of statistics are blatantly fabricated from an utter lack of actual knowledge.


Watch, I can do it too - "Most people that bitch about Spamhaus are spammers."

Now an elucidated reply, since you seem to keep interpreting blunt truth as 'mean'.  Historically, you have shown yourself to be punishingly uneducated in this field.  It's a reasonable assumption that you haven't actually researched the statistics on sendmail usage.  For example, I personally have a hand in the administration of several dozen independant websites - not a single one of those setups uses sendmail.  Just because *you* may have to rely on panels with pre-fab services doesn't make the same true of everyone.


----------



## mtwiscool

Aldryic C said:


> Let's try that again, shall we.
> 
> Watch, I can do it too - "Most people that bitch about Spamhaus are spammers."
> 
> Now an elucidated reply, since you seem to keep interpreting blunt truth as 'mean'.  Historically, you have shown yourself to be punishingly uneducated in this field.  It's a reasonable assumption that you haven't actually researched the statistics on sendmail usage.  For example, I personally have a hand in the administration of several dozen independant websites - not a single one of those setups uses sendmail.  Just because *you* may have to rely on panels with pre-fab services doesn't make the same true of everyone.


I do set up custom stuff but relays would get listed by spamhaus and yes that happend to me on my torrent website.

They seam to list relays with no spam even if its a private relay.


----------



## DomainBop

> For example, I personally have a hand in the administration of several dozen independant websites - not a single one of those setups uses sendmail.  Just because *you* may have to rely on panels with pre-fab services doesn't make the same true of everyone.





> most websites use sendmail.


A couple of mail server surveys from 2013 and 2010 put Sendmail's market share at a lowly 10%-12%

http://www.securityspace.com/s_survey/data/man.201212/mxsurvey.html

http://www.oreillynet.com/lpt/a/6849


----------



## drmike

... and CC's ranking continues to increase.

Officially up to 4th place now with 54 known spam issues.

CC's spam issues continue to ahh, amaze me.   The full spectrum of their spam enterprise still are graphically undocumented and I think that I am underselling both their capabilities and sheer volume so far.

Looking at cleantalk.org is rather, interesting.

For instance this example IP range taken therefrom:

23.95.20.0/22 = 1024 IPs, 1022 usable

346 of those IPs have been seen being active.

308 of the 346 IPs active, have been post spamming (this is HTTP comment spamming, not email)

308 / 346 = 89.02% of mail servers in said range are sending spam.

BUT....

Cleantalk is purely comment spam. Malicious HTTP posts to web based sites, forums, comments sections, etc.   This sort of activity is SPAMMING on top of the old school mail spamming CC is so well known for.,

Who is supposedly in control of that IP range?  VPS Ace.... A foolish company that has received attention in the past as being nothing more than an elaborate front for Servermania / B2Net...

See:



This sub-company was also hacked and their full database sent out to world.  Something they never seemed to have disclosed to public and customers.

Seeing some new, albeit ugly faces in soiled IPs spamming.  DigitalFyre a supposedly a Florida based company, and has quite a bit of current soiling.   Added them to research list.  Congrats.


----------



## DomainBop

> Cleantalk is purely comment spam. Malicious HTTP posts to web based sites, forums, comments sections, etc.   This sort of activity is SPAMMING on top of the old school mail spamming CC is so well known for.



Comment SPAM and other malicious web bots can be even more costly than email SPAM if left untreated...

The use of blocklists like Spamhaus, StopForum Spam etc make my life much easier, and our server loads went way down when we started using blocklists to block most of the crap.

In our firewalls/IPTables we're currently using the following blocklists:

Spamhaus Don't Route Or Peer List (DROP)

http://www.spamhaus.org/drop/drop.lasso


Spamhaus Extended DROP List (EDROP)

http://www.spamhaus.org/drop/edrop.lasso


DShield.org Recommended Block List

http://www.dshield.org/block.txt


Alternative TOR Exit Nodes List

http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv


BOGON list

http://www.cymru.com/Documents/bogon-bn-agg.txt


Project Honey Pot Directory of Dictionary Attacker IPs

http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1


BruteForceBlocker IP List

http://danger.rulez.sk/projects/bruteforceblocker/blist.php


OpenBL.org 30 day List

http://www.us.openbl.org/lists/base_30days.txt


Autoshun Shun List

http://www.autoshun.org/files/shunlist.csv


MaxMind GeoIP Anonymous Proxies

http://www.maxmind.com/en/anonymous_proxies


 On the application level we also use the StopForum Spam and HP Hosts (hosts-file.net) blacklists on many sites to block registrations, commenting, and /or access.


----------



## drmike

^--- now that's a list of lists to sanitize your network...

We need a sticky option for stuff like that.  Copying it to my notepad app.


----------



## drmike

CC lives on in the Spamhaus Top Bad ISP list....

I didn't expect them to cling onto the top 10 placement like they have.

Right now, CC/Velocity is commanding 2nd place.  You go guys, live the dream, be #1, GO TEAM USA ABUSERS!


1
softbank.co.jp Number of Current Known Spam Issues: 70

2
velocity-servers.net Number of Current Known Spam Issues: 58

3
unicom-bj Number of Current Known Spam Issues: 55

4
chinanet-hb Number of Current Known Spam Issues: 54

5
ovh.net Number of Current Known Spam Issues: 53

and over at Cisco's Senderbase, CC is in a threeway tie for first, with HostWinds and Quadranet...



Code:


Hostwinds LLC	7.9	-33.8% ↓	129
QuadraNet	7.9	-7.2% ↓	24
ColoCrossing	7.9	-29.4% ↓	349


----------



## drmike

So, as Burst unloads it's density of shit customers prone to abuse, and with taste for cheap networks that allow enough of their behavior....

It's clear that Hostwinds is going to be up on these lists as direct acquirer of Burst customers... Quadranet and CC will be turbo-charged by the defectors who got dropped by Burst or think it's time to take things elsewhere.

Absent some fundamental changes and penalties at these companies, expect them to be up on the naughty lists.


----------



## drmike

Group collective intelligence here.

Looking for known networks, services, etc. that block ColoCrossing due to nature of crap originating from their network.

Emphasis on this, now, is specifically on email service providers.

So far, pointed out as blocking CC's network:

0. Any email provider who uses Spamhaus for checking IPs

1. Zoho.com
2. Default spam program with cPanel / cPanel (Exim) actually has RBL checking disabled by default.
3. Gmail (randomly?),  blocks ColoCrossing 99.9999% of the time


----------



## D. Strout

drmike said:


> 3. Gmail (randomly)


Gmail is great for spam, I see maybe a half dozen spam e-mails make it through _per year_. More trouble with false positives, but again maybe once a month on those. And yes, I occasionally delve in to the spam pit and when I check the IPs, I get some ColoCrossing.

*TL;DR:* In my experience, Gmail effectively blocks ColoCrossing 99.9999% of the time.


----------



## DomainBop

> block ColoCrossing due to nature of crap originating from their network.


I got lightly reprimanded (no infraction) on WHT yesterday by a mod  for mentioning all the crap in an inappropriate thread (perhaps because it was the second straight day I directed a rant at Ernie and Biloh).  On the plus side, Ernie did null route the portscanner almost immediately after I posted my firewall logs. 

Back to topic:

4. Spamhaus (not an email provider, but many email providers use its block lists) blocking 41% of CC's 724K IPs now on its SBLs and recommending that users of its lists block emails from all 724K IPs.

Most email providers won't block an entire network they'll just block the dirty IPs.



> I see maybe a half dozen spam e-mails make it through _per year_.


We use catchall emails on a few domains with Google Apps (reason: customers are prone to typos and will blame you for not answering the email they sent to the wrong address).  On a bad DAY our GApps spam folder can fill up with 10K-15K spam emails.  For some reason Google doesn't block all of the shady penny stock emails, Fake DrOz weightloss emails, Fake employment emails, etc from huge spammers using massive botnets and so they end up in the spam folder.  On the other hand Google automatically bounces some emails like logwatch, rkhunter reports sent from a couple of my servers (all other emails from these servers are delivered, and the IPs are of course completely clean...how their filter could think a logwatch or rkhunter report is spam is beyond me).


----------



## Aldryic C'boas

I personally block all traffic out of CC - still trying to convince Fran to let me do the same on the company router :3

Not counting the CNs, I see more abuse out of CC IP space than any other provider, with the sole exception of Psychz.


----------



## nunim

Aldryic C said:


> I personally block all traffic out of CC - still trying to convince Fran to let me do the same on the company router :3
> 
> Not counting the CNs, I see more abuse out of CC IP space than any other provider, with the sole exception of Psychz.


Not DigitalOcean?  I've seen a huge spike in abuse coming from DO ips lately.



drmike said:


> ...2. Default spam program with cPanel...


cPanel (Exim) actually has RBL checking disabled by default.


----------



## Aldryic C'boas

Haven't seen very much (comparitavely) from DO yet.  But I'm sure I'll have to deal with them as well before too long.


----------



## Hxxx

Good thing Mail Chimp exist.


----------



## DomainBop

> 1    softbank.co.jp     Number of Current Known Spam Issues: 70
> 
> 2
> 
> velocity-servers.net     Number of Current Known Spam Issues: 58
> 
> 3
> 
> unicom-bj     Number of Current Known Spam Issues: 55


It's fairly understandable that giants like Softbank and China Unicom would end up near the top of a list that is based on the total number of SBL's because both companies literally have hundreds of million of customers.  Compare the top 3 companies on the Spamhaus list:

1. Softbank: $32.5 billion revenue, 63K employees, huge ISP in Japan, also owns Yahoo Japan, IDC Frontier DC, 80% of Sprint in US, 37% of Alibaba in China, and a shitload of other companies

2. ColoCrossing $12 million projected revenues, under 25 employees, number of customers is unknown but under 100,000 would be a good guess

3. China Unicom:  $26 billion revenues, over 210K employees. and over 260 million customers

If a small company ends up on that list there are really only 2 possible explanations: either the company is spam friendly and has lenient spam policies, or the company's abuse department is staffed by people who are incompetent idiots underqualified for the job.


----------



## Aldryic C'boas

DomainBop said:


> If a small company ends up on that list there are really only 2 possible explanations: either the company is spam friendly and has lenient spam policies, or the company's abuse department is staffed by people who are incompetent idiots underqualified for the job.


I'd say both, really.  With a good dose of "anything for a buck" thrown in.


----------



## D. Strout

drmike said:


> You go guys, live the dream, be #1, GO TEAM USA ABUSERS!


Well, ColoCrossing is down 70-58. That's quite a gap to bridge for the #1 spot. But don't worry Biloh, we all have 100% faith in your (in)ability!


----------



## DomainBop

On the positive side: the number of ColoCrossing Spamhaus SBL's is half of what it was a few days ago (29 vs 58) because a bunch of /32 and /31 SBL's were removed.

On the negative side: ColoCrossing is still #1 on Cisco's SenderBase (in terms of number of spamming domains) and despite the drop in Spamhaus SBL's the number of IP addresses blacklisted by Spamhaus is actually much higher than it was a few days ago because Spamhaus blacklisted a /16 today so 50.2% of all ColoCrossing IP addresses are now blacklisted by Spamhaus.

CC Spamhaus SBL blocks:

2 x /15 =262,144

1 x /16 =65,534

1 x /17=32,768

1 x /22 =1,024

7 x /24 =1,778

1 x /26=64

2 x /26=64

14 x /32=32

------------------------

363,408 blacklisted IPs = 363,408/724,480 =50.2%

What this means for existing customers who use a provider whose upstream is ColoCrossing: there'a a 50% chance your IP is blacklisted by Spamhaus.  For new customers it means they can flip a coin: heads they get a clean IP, tails they get a dirty IP.

Best advice: run like hell if you see an offer that says Buffalo.


----------



## drmike

I love it!

Congrats to CC for getting ranges cleaned.... But as DomainBOP pointed out (and did the math) they have 2 /15's and a /16 and a /17 on the naughty list.

With half the IPs blocked, there must be drama among the customers and ticketing about bouncing emails.

Saw on an WHT thread recently that HVH was pushing paid mail services to customers.  All that adds to bottom line of el cheapo hosting and makes it not so cheap when you conquer the technical integration and setup and cost...

Only way CC is going to stop is if someone like Spamhaus continues to hold their filthy feet to the fire.   Some of these ranges - the /16 especially has been on the naughty list several times in part, this year.

Right now CC is lagging slightly on Senderbase.. Interesting competitors for the top dirty list:


Network Owner Daily Volume ↓ Help Volume Change Domains
Query Foundry, LLC	8.0	155.4% ↑	2
Hostwinds LLC	7.9	27.3% ↑	130
QuadraNet	7.8	78.6% ↑	24
ColoCrossing	7.8	30.1% ↑	350

Query Foundry, pfft, noticing more of them on bad behavior lists    A CC customer you know...

Hostwinds - inheriting Bursts shit customers

Quadranet - CC partner.... trouble magnet network for eons.

Then the grand puhba - CC....


----------



## D. Strout

DomainBop said:


> Best advice: run like hell if you see an offer that says Buffalo.


...As if we don't already.


----------



## DomainBop

Time for a quick update because Spamhaus escalated another /17 today.  That makes 3 x /15 and 2 x /17 on SBL's.  A total of 459,984 of ColoCrossing's 724,480 IP addresses are now blacklisted by Spamhaus.  That is 63.5%.

Biloh's slimy salesman spiel excuses for the SPAM and blacklistings (the _"they just don't understand the commodity VPS cloud market"_ bullshit)  that he has been using to try to explain the blacklistings might fool some of his puppy dogs like mpkossen but it isn't fooling Spamhaus, and rumor has it the likelihood of more large blocks being blacklisted and if necessary the entire AS 36352 is very real. Spamhaus is also still advising its users to block all SMTP traffic coming from ColoCrossing IP space. 

With 63.5% of IPs now blacklisted Biloh may need to revise downward his $12 million revenue projection for the current fiscal year...and if the entire ASN gets whacked he may need to do a fire sale.

Biloh and his underlings have been feeding hosting providers on their network who are affected by the blacklistings a steaming pile of bullshit and telling them the SBL's will be cleaned up soon.  It won't be soon. The large blocks aren't going to be removed until the CC IP space has been cleaned and CC shows it is fighting SPAM proactively and has implemented measures to reduce the volume of SPAM coming from its network, rather than only making token gestures (i.e. lying to Spamhaus) after an IP gets placed on an SBL. .

Since Biloh and Vial seem rather  dense, I'll repeat what Spamhaus has told them repeatedly:

1. implement rate limiting on outbound SMTP traffic

2. require ID verification of all new users on the CC network until ColoCrossing has proven that they are working to proactively fight SPAM.

Implementing those 2 steps isn't an option any more...it's a requirement if CC wants to get out of the doghouse.


----------



## drmike

And CC knew what DomainBOP just said before  (rate limit + IDs) that oh so timely new user went to posting on LET -- saying

Spamhaus = BULLY, Spamhaus = organized racketeers.

Way I see it, Velocity Servers operate a RICO - racketeering organization and has for multiple years.

*Since Biloh and Vial seem rather  dense*

No they play retarded while pursuing more cashola.   They are free of budensome ethics and couldn't care less  about speed bumps to get to the next big pay day.  Not like their network has in recent history a sterling reputation.  More dirt bags, hackers, malicious traffic, comment spammers, email spammers, etc. than anyone realizes.

Big picture CC will whine and cry this is all unfair.  They can't ID customers, cause those are their customers ehh customers.. Privacy yo!  But they neglect to mention they may be passing said downstream customer info to ARIN and who knows who else to justify away those IPs...  never disclosed... just ahh necessary blah blah...

Anyone who buys on CC's network at this point is either a newbie, a child playing or purely buying only for crazy deals...  Providers jumping into their bed of sin, you deserve all the wasted time with pissed customers... You deserve what befalls you.  You are harming your own business by being cheap and non-logical.

Multiple downstream providers have told me of their horrors for months now getting clean IPs issued from CC.  Small ranges too.  Of course those providers are getting slapped by their customers too via ticket complaints about broken/blacklisted IPs....

More bread and CC circuses!


----------



## DomainBop

> Not like their network has in recent history a sterling reputation.  More dirt bags, hackers, malicious traffic, comment spammers, email spammers, etc. than anyone realizes.


The web based threats coming from their network can be easily reduced...

CSF firewall rules (/etc/csf/csf.deny) to block about 80% of their IPs



> 198.23.128.0/17 # do not delete
> 192.210.128.0/17 # do not delete
> 
> 
> 23.94.0.0/15 # do not delete
> 
> 
> 107.172.0.0/14 # do not delete
> 
> 
> 192.227.128.0/17 # do not delete
> 
> 
> 206.217.128.0/20 # do not delete
> 
> 
> 172.245.56.0/21 # do not delete
> 
> 
> 162.221.180.0/23 # do not delete
> 
> 
> 107.161.144.0/20 # do not delete
> 
> 
> 192.3.0.0/16 # do not delete
> 
> 
> 23.254.0.0/17 # do not delete
> 
> 
> 198.12.64.0/18 # do not delete
> 
> 
> 96.8.112.0/20 # do not delete


.



> Of course those providers are getting slapped by their customers too via ticket complaints about broken/blacklisted IPs....


The providers' added support costs and increased customer turnover is probably eating up most of the savings from those "crazy deals" they got on the servers.


----------



## drmike

DomainBop said:


> The providers' added support costs and increased customer turnover is probably eating up most of the savings from those "crazy deals" they got on the servers.


Honestly,  big picture and look around the room....

Noticed the nastygrams by customers on various sites in past couple of months for CVPS, 123Systems, BlueVM? About laggy to no support.....

Imagine thousands of customers at each --- and imagine IPs getting blacklisted by big blocks - a few /15's some /17's... and things breaking....  Now imagine those poor Indians in ticketing, drowning in curry laced sweat from that mass ticketing wave. Imagine if same team was across a slew of CC companies... Break-it-down.   Certainly has some relationship to the threads and overall ill feelings that the tiny minority that gets to posting is feeling....


----------



## drmike

Yeah I am on vacation time...  But, my little friends at ColoCrossing are up to their hair-brained shit again.

This symphony routine where CC ratchets up the spam payloads while trolling their own forum with anti-Spamhaus fake-sentiments is getting rather special-needs aka RETARDED.

Colocrossing a/k/a Velocity Servers is back up on the top of the perch at Spamhaus with a DISGRACEFUL 42 Spamhaus entries.

*7 *​ 

velocity-servers.net

Number of Current Known Spam Issues: *42*
See: http://www.spamhaus.org/statistics/networks/

In the past 24 hours, Colocrossing has been flagged for *SEVEN ROKSO spam listings*.

Just look at the horror (sunglasses recommended because of all that yellow):

http://www.spamhaus.org/sbl/listings/velocity-servers.net


----------



## DomainBop

drmike said:


> In the past 24 hours, Colocrossing has been flagged for *SEVEN ROKSO spam listings*.


They've also been busted again by Spamhaus for claiming they terminated a ROKSO spammer when in reality they just rotated him to a new IP range. 



> spammer claimed removed from 23.95.112.69 ( SBL228519 ) 4 days ago; actually simply moved around the network:


http://www.spamhaus.org/sbl/query/SBL228934


----------



## drmike

CC will claim they did no such moving... That the bad behavior is from a customer of a VPS provider...  and they have no control over such end customers...

Funny thing is, this one looks to be ChicagoVPS.  Which isn't just some random CC VPS downstream.  CVPS = CC.  Folks can debate the finer points until the coffin nails arrive once and for all.   But those two are so friendly that they share the very same office space, use the same IPs in the past, etc.

Spamhaus starts getting more info from our direction and tying the loose ends in proper knots and CC is going to get MASS listed.

The whack-a-mole game CC is playing is going to hurt them.


----------



## HalfEatenPie

drmike said:


> Funny thing is, this one looks to be ChicagoVPS.


Haha I remember the time when Chris used to say "You'll NEVER get spam from CVPS!"


----------



## DomainBop

Their abuse department is apparently staffed by kids from the daycare center >> https://twitter.com/colocrossing/status/488936468425867264


----------



## drmike

DomainBop said:


> Their abuse department is apparently staffed by kids from the daycare center >> https://twitter.com/colocrossing/status/488936468425867264



Unsure what they are targetting with that billboard ad... But it is money tossed out the window on fire.

Last thing BUSINESSES want to deal with is some infant/child or a company with the maturity thereof.

Perhaps mom's daycare ad got mixed with the ColoCrossing ad?


----------



## HalfEatenPie

drmike said:


> Unsure what they are targetting with that billboard ad... But it is money tossed out the window on fire.
> 
> Last thing BUSINESSES want to deal with is some infant/child or a company with the maturity thereof.
> 
> Perhaps mom's daycare ad got mixed with the ColoCrossing ad?


Two birds with one stone! They're going halfsies!


----------



## drmike

HalfEatenPie said:


> Two birds with one stone! They're going halfsies!


To me it seems more playing up the child exploitation card.  Same youthful distortion crap played out in local zoning / town hearings where their Real Estate person described ColoCrossing as being started by a 10 year old Jon Biloh, rather than the more truthful 16 year old.

Doesn't it seem "cuter" and less threatening to have a 10 year impressed upon minds? (and for all they know in that town hearing - perhaps Jon is a still 10 years old)....  Instead of an often problematic, trouble making teenager....

Even by corporate year, Velocity Servers (their parent company) is about 11 years old (2003 start date).

So a sub 2 year old, fat headed infant, is totally out of place.

Definitely not marketing to their local market like their corporate lives depended on it.


----------



## Aldryic C'boas

That banner is essentially the Fabozzi approach - take a meme and run with it.  Only instead of attempting to emulate the drug-addled washed up Estévez, they went with another image known in the more... youthful circles.

I've got a great slogan to go with it, too - really matches their mentality:  _ColoCrossing - still trying to slide our hands into kids' pockets._


----------



## drmike

No idea why the billboard didn't include, it....

#WINNING


----------



## DomainBop

Anyone want to take bets on when the next large block gets whacked or the entire ASN?

Spamhaus comment on today's latest ROKSO listing:



> Yet another Ryan Gillies spamcannon gently provided by ColoCrossing


http://www.spamhaus.org/sbl/query/SBL229147


----------



## drmike

Damn, just looked at Spamhaus for CC...

Today the 25th = 6 entries so far. Of the 6,  one is a Botnet controller.

4 are ROKSO spammers.

All 4 ROKSO clowns are on ChicagoVPS/BlueVM IPs.



Code:


SBL229449 	
CHICAGOVPS
STILL ONLINE
198.23.227.192/26 	velocity-servers.net
25-Jul-2014 19:49 GMT 	
Davi Junior / Email-Master
Spam source - marketingmonalisa.info 	


SBL229445 	
BLUEVM
OFFLINE
23.95.103.132/31 	velocity-servers.net
25-Jul-2014 18:19 GMT 	
Ryan Gillies
Snowshoe spam source 	


SBL229425
BLUEVM
STILL ONLINE
23.95.103.134/32 	velocity-servers.net
25-Jul-2014 14:48 GMT 	
Ryan Gillies
Snowshoe spam source 	


SBL229424 
CHICAGOVPS	
STILL ONLINE
23.95.112.9/32 	velocity-servers.net
25-Jul-2014 14:47 GMT 	
Ryan Gillies
Snowshoe spam source


----------



## DomainBop

drmike said:


> Damn, just looked at Spamhaus for CC...
> 
> Today the 25th = 6 entries so far. Of the 6,  one is a Botnet controller.
> 
> 4 are ROKSO spammers.
> 
> All 4 ROKSO clowns are on ChicagoVPS/BlueVM IPs.



Not all of today's SBL's are on CVPS/BlueVM IPs.  Jon Nguyen and GreenValueHost received an SBL today from Spamhaus for renting an entire /27 block to snowshoe spammers. 

*SBL229388* *108.174.62.64/27* *velocity-servers.net* 25-Jul-2014 09:08 GMT Snowshoe netblock

Network

NetRange 108.174.62.64 - 108.174.62.95 CIDR 108.174.62.64/27 Name GREENVALUEHOST Handle NET-108-174-62-64-1 Parent CC-04 (NET-108-174-48-0-1) Net Type Reallocated Origin AS AS36352 Organization Green Value Hosting, Inc. (GVH-7) Registration Date 2013-12-16 Last Updated 2013-12-16 Comments   RESTful Link http://whois.arin.net/rest/net/NET-108-174-62-64-1 See Also Related organization's POC records. See Also Related delegations. Organization Name Green Value Hosting, Inc. Handle GVH-7 Street 200 W NORTH ST PO BOX 972 City Normal State/Province IL Postal Code 61761 Country US Registration Date 2013-07-15 Last Updated 2013-12-11 Comments   RESTful Link http://whois.arin.net/rest/org/GVH-7 Function Point of Contact NOC JONAT8-ARIN (JONAT8-ARIN) Admin JONAT8-ARIN (JONAT8-ARIN) Tech JONAT8-ARIN (JONAT8-ARIN) Abuse JONAT8-ARIN (JONAT8-ARIN) Point of Contact Name Jonathan , Nguyen Handle JONAT8-ARIN Company Green Value Hosting, Inc. Street 200 W NORTH ST PO BOX 972 City Normal State/Province IL Postal Code 61761 Country US Registration Date 2013-07-13 Last Updated 2014-02-22 Comments   Phone +1-312-436-2204 (Office) Email [email protected]******************

[email protected]******************

[email protected]****************** RESTful Link http://whois.arin.net/rest/poc/JONAT8-ARIN

*edited post* to provide an updated set of CSF firewall ColoCrossing block rules.  Stick these in  /etc/csf/csf.deny

198.23.128.0/17 # do not delete    


192.210.128.0/17 # do not delete


23.94.0.0/15 # do not delete


107.172.0.0/14 # do not delete


192.227.128.0/17 # do not delete


206.217.128.0/20 # do not delete


172.245.56.0/21 # do not delete


162.221.180.0/23 # do not delete


107.161.144.0/20 # do not delete


192.3.0.0/16 # do not delete


23.254.0.0/17 # do not delete


198.12.64.0/18 # do not delete


96.8.112.0/20 # do not delete


138.128.112.0/20 # do not delete


108.174.48.0/20 # do not delete


----------



## D. Strout

I just ran ten times for the top ten worst SpamHaus networks. The result:



> SpamHaus records 89,732 IP addresses marked as spam under 70 SBLs assigned to softbank.co.jp.
> 
> SpamHaus records 117,942 IP addresses marked as spam under 61 SBLs assigned to hostnoc.net.
> 
> SpamHaus records 314 IP addresses marked as spam under 59 SBLs assigned to chinanet-fj.
> 
> SpamHaus records 66,618 IP addresses marked as spam under 59 SBLs assigned to chinanet-hb.
> 
> SpamHaus records 56 IP addresses marked as spam under 56 SBLs assigned to unicom-bj.
> 
> SpamHaus records 460,040 IP addresses marked as spam under 43 SBLs assigned to velocity-servers.net.
> 
> SpamHaus records 49 IP addresses marked as spam under 41 SBLs assigned to technorail.com.
> 
> SpamHaus records 109 IP addresses marked as spam under 39 SBLs assigned to dti.ad.jp.
> 
> SpamHaus records 42 IP addresses marked as spam under 39 SBLs assigned to unifiedlayer.com.
> 
> SpamHaus records 43,264 IP addresses marked as spam under 39 SBLs assigned to jet.ne.jp.


Or, sorted numerically:



> SpamHaus records 460,040 IP addresses marked as spam under 43 SBLs assigned to velocity-servers.net.
> 
> SpamHaus records 117,942 IP addresses marked as spam under 61 SBLs assigned to hostnoc.net.
> 
> SpamHaus records 89,732 IP addresses marked as spam under 70 SBLs assigned to softbank.co.jp.
> 
> SpamHaus records 66,618 IP addresses marked as spam under 59 SBLs assigned to chinanet-hb.
> 
> SpamHaus records 43,264 IP addresses marked as spam under 39 SBLs assigned to jet.ne.jp.
> 
> SpamHaus records 314 IP addresses marked as spam under 59 SBLs assigned to chinanet-fj.
> 
> SpamHaus records 109 IP addresses marked as spam under 39 SBLs assigned to dti.ad.jp.
> 
> SpamHaus records 56 IP addresses marked as spam under 56 SBLs assigned to unicom-bj.
> 
> SpamHaus records 49 IP addresses marked as spam under 41 SBLs assigned to technorail.com.
> 
> SpamHaus records 42 IP addresses marked as spam under 39 SBLs assigned to unifiedlayer.com.


ColoCrossing has almost 4 times as many individual bad IPs as it's "next closest competitor", and over 5 times as many bad IPs as SpamHaus' "worst" network. Crazy.


----------



## drmike

^--- that script @D.Strout  is the boss... Great work.  Keep it up..


----------



## concerto49

D. Strout said:


> I just ran ten times for the top ten worst SpamHaus networks. The result:
> 
> Or, sorted numerically:
> 
> ColoCrossing has almost 4 times as many individual bad IPs as it's "next closest competitor", and over 5 times as many bad IPs as SpamHaus' "worst" network. Crazy.


Isn't hostnoc BurstNet etc who's literally dead? A lot of the others are real ISPs, so I wouldn't count them in. It's a totally different scenario.


----------



## BrianHarrison

HostUS-Alexander said:


> It's not total IP's, it's total ip's that have a mail server.


Given that a massive percentage of CC's IPs are perma-blacklisted, I'd imagine that no one who needs to send legitimate e-mail would ever consider hosting with them.


----------



## concerto49

BrianHarrison said:


> Given that a massive percentage of CC's IPs are perma-blacklisted, I'd imagine that no one who needs to send legitimate e-mail would ever consider hosting with them.


Unfortunately not so. Otherwise you wouldn't see the threads about people trying to send email ask for help.


----------



## DomainBop

concerto49 said:


> A lot of the others are real ISPs, so I wouldn't count them in. It's a totally different scenario.


The company at the top of the list Softbank would fit that description of "a real ISP" perfectly: one of the largest telecoms//mobile providers/ISPs in the world (not to mention one of the largest data center owners/operators).  $64.8 billion (6.6 trillion Yen) revenue in FY2013 and projections are for $71 billion this year.  They have literally over 100 million customers (they also own 80% of Sprint in the US).  It's not surprising that they (or companies like China Unicom/China Telecom) would rank near the top in Spamhaus' worst list which ranks  by total SBLs.

What is surprising is that a tiny little company from the sticks  with a (self)projected $12 million in revenues has over 5 times more total IP addresses blacklisted than a giant like Softbank. 

edited to add:

Biloh has been whining that Spamhaus doesn't understand the "commodity budget cloud VPS market bla bla bla" so here's a comparison: ColoCrossing vs Hetzner (Hetzner is a budget dedi provider that counts many VPS providers among its customers, its server prices not counting IPs are cheaper than CC, Hetzner's size makes CC look like a fleaspeck, etc.)

ColoCrossing 43 SBL's totalling 460K blacklisted IPs (oldest open SBL is from February)

Hetzner  1 SBL totalling 1 blacklisted IP http://www.spamhaus.org/sbl/listings/hetzner.de (oldest open SBL is from today.)


----------



## DomainBop

Bumping because Spamhaus escalated a pair of /17's today..so:

3 x /15 and 3 x 17 +...=494612/759,808 = 65.0%= you're f*cked!

*107.172.0.0/15*

*23.94.0.0/15*

*107.174.0.0/15*

*192.210.128.0/17*

*198.46.128.0/17*

*192.227.128.0/17*


----------



## drmike

Same shit, different day... Shame.... You'd think they'd cut the comedy, lock down the circus clowns, nut stomp their downstream shit operations.  Nah,  instead they continue to shit their pants in public.

Time to change the soiled diapers on the toddlers in Buffalo.

This:

http://www.spamhaus.org/sbl/query/SBL235654

Says, in part:

_*"Colocrossing/VelocityServer has been for many, many months a continuous and unstoppable source of spam for massive and well-known (often ROKSO) spam operations.

We strongly invite Spamhaus users to distrust any SMTP connection coming from this and any other network allocation controlled by this entity.


The following is a transcript of one of the latest communications exchanged with this ISP, after months and months during which massive spam sources on their network have been listed, notified and claimed removed by the ISP, only to pop up again on another portion of their network.

We're reporting it here as we believe it synthesizes the problem quite clearly:"*_


----------



## Francisco

DomainBop said:


> Bumping because Spamhaus escalated a pair of /17's today..so:
> 
> 3 x /15 and 3 x 17 +...=494612/759,808 = 65.0%= you're f*cked!
> 
> *107.172.0.0/15*
> 
> *23.94.0.0/15*
> 
> *107.174.0.0/15*
> 
> *192.210.128.0/17*
> 
> *198.46.128.0/17*
> 
> *192.227.128.0/17*


I had a bet with someone about the latest /17 listings. I mentioned that since the /15's went in place that we'd see an increase in spam from new ranges and sure enough, /24's, /22's, etc, have been leased out of the 192's.

They've already had spam on some very legacy space like their 75.x range (that range was fresh/virgin when Buffalo turned up since I had a /30 in there). They even had spam on some non CC owned IP space which is very iffy. I'm hoping the non CC space was just a dedi getting rooted but that's just bad luck.

Francisco


----------



## drmike

Francisco said:


> They've already had spam on some very legacy space like their 75.x range (that range was fresh/virgin when Buffalo turned up since I had a /30 in there). They even had spam on some non CC owned IP space which is very iffy. I'm hoping the non CC space was just a dedi getting rooted but that's just bad luck.


I did notice at least ONE Spamhaus entry for ServerCentral that was due to ColoCrossing / Velocity / from IPs delegated to them.

It's so bad at CC.... (joke)... How bad is is it?  It's so bad that ChicagoVPS is resorting to using ServerCentral's IPs:

From a recent shill-a-rama email sales offer:

Received: from [66.225.195.186] (port=54529 helo=www.chicagovps.net)


    by 1317cc-xeon.colocrossing.com with esmtpa (Exim 4.82)


    (envelope-from <[email protected]>)

*whois 66.225.195.186  ?????*



Code:


NetRange:       66.225.192.0 - 66.225.255.255
CIDR:           66.225.192.0/18
OriginAS:       
NetName:        SCN-2
NetHandle:      NET-66-225-192-0-1
Parent:         NET-66-0-0-0-0
NetType:        Direct Allocation
RegDate:        2003-06-10
Updated:        2012-03-02
Ref:            http://whois.arin.net/rest/net/NET-66-225-192-0-1

OrgName:        Server Central Network
OrgId:          SCN-18
Address:        111 W. Jackson Blvd.
Address:        Suite 1600
City:           Chicago
StateProv:      IL
PostalCode:     60604
Country:        US
RegDate:        2002-03-05
Updated:        2013-03-25
Ref:            http://whois.arin.net/rest/org/SCN-18

ReferralServer: rwhois://rwhois.servercentral.net:4321

OrgAbuseHandle: ABUSE1669-ARIN
OrgAbuseName:   Abuse Department
OrgAbusePhone:  +1-312-829-1111 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE1669-ARIN

OrgTechHandle: NETWO1779-ARIN
OrgTechName:   Network Operations
OrgTechPhone:  +1-312-829-1111 
OrgTechEmail:  [email protected]
OrgTechRef:    http://whois.arin.net/rest/poc/NETWO1779-ARIN

OrgNOCHandle: NETWO1779-ARIN
OrgNOCName:   Network Operations
OrgNOCPhone:  +1-312-829-1111 
OrgNOCEmail:  [email protected]
OrgNOCRef:    http://whois.arin.net/rest/poc/NETWO1779-ARIN

RTechHandle: NETWO1779-ARIN
RTechName:   Network Operations
RTechPhone:  +1-312-829-1111 
RTechEmail:  [email protected]
RTechRef:    http://whois.arin.net/rest/poc/NETWO1779-ARIN

RNOCHandle: NETWO1779-ARIN
RNOCName:   Network Operations
RNOCPhone:  +1-312-829-1111 
RNOCEmail:  [email protected]
RNOCRef:    http://whois.arin.net/rest/poc/NETWO1779-ARIN

RAbuseHandle: ABUSE1669-ARIN
RAbuseName:   Abuse Department
RAbusePhone:  +1-312-829-1111 
RAbuseEmail:  [email protected]
RAbuseRef:    http://whois.arin.net/rest/poc/ABUSE1669-ARIN

# end


# start

NetRange:       66.225.194.0 - 66.225.195.255
CIDR:           66.225.194.0/23
OriginAS:       AS36352
NetName:        SCNET-66-225-194-0-23
NetHandle:      NET-66-225-194-0-1
Parent:         NET-66-225-192-0-1
NetType:        Reallocated
RegDate:        2010-06-09
Updated:        2010-06-09
Ref:            http://whois.arin.net/rest/net/NET-66-225-194-0-1

OrgName:        ColoCrossing
OrgId:          VGS-9
Address:        8469 Sheridan Drive
Address:        ATTN: ARIN
City:           Williamsville
StateProv:      NY
PostalCode:     14221
Country:        US
RegDate:        2005-06-20
Updated:        2012-01-10
Ref:            http://whois.arin.net/rest/org/VGS-9

OrgAbuseHandle: ABUSE3246-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-800-518-9716 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE3246-ARIN

OrgTechHandle: NETWO882-ARIN
OrgTechName:   Network Operations
OrgTechPhone:  +1-800-518-9716 
OrgTechEmail:  [email protected]
OrgTechRef:    http://whois.arin.net/rest/poc/NETWO882-ARIN

OrgNOCHandle: VIALA-ARIN
OrgNOCName:   Vial, Alex 
OrgNOCPhone:  +1-716-335-9628 
OrgNOCEmail:  [email protected]
OrgNOCRef:    http://whois.arin.net/rest/poc/VIALA-ARIN

# end



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#



Found a referral to rwhois.servercentral.net:4321.

%rwhois V-1.5:002080:00 rwhois.servercentral.net (Reflected::RWhoisD 0.0.2)
network:Class-Name:network
network:Auth-Area:66.225.192.0/18
network:ID:NET-66-225-194-0-1579
network:Handle:NET-66-225-194-0-1579
network:IP-Network:66.225.194.0/23
network:IP-Network-Block:66.225.194.0 - 66.225.195.255
network:Name:Velocity Servers
network:Street-Address:8185 Sheridan Dr
network:City:Williamsville
network:State:NY
network:Country-Code:US
network:Tech-Email:[email protected]
network:Tech-Phone:800-518-9716 x101
network:Abuse-Email:[email protected]
network:Abuse-Phone:800-518-9716 x101
network:Created:20090319
network:Updated:20130809


----------



## Francisco

I'm not sure why they'd use their own mailservers still when delivery rates are poor unless you spend the time/cash to get whitelisted.

If you push a lot of mail it's worth it to just get Amazon SES. They charge by the GB and since it's purely text you'll get a serious amount of email out for super cheap (< $10/m).

Fran


----------



## DomainBop

> Received: from [66.225.195.186] (port=54529 helo=www.chicagovps.net)


That IP is clean but in the same /23 range there are Spamhaus XBL's (xbl - infected with  worms, trojans, etc and part of a botnet) and barracuda blocks.  http://rbls.org/66.225.195.194

edit: CVPS is sending email to their customers from a friggin' game server? There are several Google listings for various games on different ports on that IP.



> GOOGLE
> 
> Call of Duty 5 Server Info - (66.225.195.186:28960)
> 
> 
> battletracker.com/cod5server/66.225.195.186:28960/
> 
> 
> Call of Duty 5 - Server Info - 66.225.195.186. Watch Server Settings, Details, History and join the server directly from or website!





> /dnstools/mx/chicagovps/net/
> Export: Type, Hostname, Record, Search. TXT, chicagovps.net, v=spf1 +a +mx +ip4:66.225.195.186 +ip4:199.83.50.42 ?all, Blacklists - SMTP - WHOIS - ARIN


----------



## drmike

Francisco said:


> If you push a lot of mail it's worth it to just get Amazon SES. They charge by the GB and since it's purely text you'll get a serious amount of email out for super cheap (< $10/m).


But all the young boys love Man-drill.   

Unsure why Faboozle is using said upstream mail server directly.   Cause I suspect something changed in July-August.

Back in July such spamtastic offers were NOT being brodcast from ServerCentral directly:

*Received: from pmta05.wdc01.mailchimp.com (127.0.0.1) by mail6.wdc04.mandrillapp.com id hqrp721*

Path I see simply was mailchimp through July, then suddenly these offers going via ServerCentral on IP issued to CC with no SWiP to CVPS.

Guess I should presume that's when Biloh booted Fab and started directly sending the offers out.


----------



## Francisco

Would make sense since that's around the time that he took the fall for UGVPS' _cluster_fuck.

Francisco


----------



## Amitz

Would love to know what happened to the real Fapozzi. Do they keep him gagged in the basement? Or did he return to the grocery store?


----------

