It used to be the spammer’s favourite trick was to use virus’s, trojans etc to take over home computers to send spam, but spammers have found that often it is easier just to order IP Space. Some hosting companies look the other way, while some hosting companies don’t have the ability to audit usage, and others actively allow ‘any’ type of activity.

This is why using reputation services and RBL’s is so handy.

Over the last couple of days, one or two companies have really stood out, and they aren’t in some foreign country, they are right in the heart of North America.

The company to talk about today is “Allentown Tech” and their provider “SoftLayer”.

Allentown is REALLY aggressive, and triggers alarms at hundreds of ISP’s and Telco’s in just a couple of hours. And they use throw away domains, and randomized host names, to avoid domain reputation lists.

Starting small a couple of weeks ago, we saw that they were getting /28’s and it must have been financially good for them, as they quickly ramped up.

They found a friendly provider via SoftLayer, and we aren’t here to comment on their position on this, or IBM’s their parent company on bulk email marketers, but allowing this type of obvious activity does seem to stretch all of the purposes of the CAN-SPAM act.

# 208.43.79.160 30 jackpotfrenchbulldog.conradautodealer.com
#208.43.79.161 29 nserver.irwinforddealership.com
#208.43.79.162 28 bnw-tech.westonmotorco.com
#208.43.79.163 31 appliedsimulations.ecoboostdealers.com
#208.43.79.164 73 colorprinting.nunezmedicalbilling.com
#208.43.79.165 82 beararcheryproducts.middletonmedcoding.com
#208.43.79.166 82 olearydental.sampsoncodinginst.com
#208.43.79.167 67 faithministries.bridgesbusinessedu.com
#208.43.79.168 67 amherst-partners.mccoymbacourses.com
#208.43.79.169 68 cousinstevie.trwexcelmbacourse.com
#208.43.79.170 65 hoffmanhouse.nielsenmenscheck.com
#208.43.79.171 71 capitalrestorations.terrellphysicians.com
#208.43.79.172 65 cust10888-1.shepherdcruises.com
#208.43.79.173 64 grcomputing.vangvacations.com
#208.43.79.174 48 globalesg-com.clementsmesofacts.com
#208.43.79.175 50 arcturus-exhibits.guzmanmesoinfo.com
#208.43.102.192 58 hem.boonemenscheck.com
#208.43.102.193 60 madexconsulting.maddenmenshealth.com
#208.43.102.194 57 sbg-il.tresslemenscenter.com
#208.43.102.195 24 ddogbert.richardbusinessinstitute.com
#208.43.102.196 23 homesteadlandscaping.gatesmbadegrees.com
#208.43.102.197 25 kushlanproducts.rcamastersonline.com
#208.43.102.198 60 carswelloaks.huberbillingedu.com
#208.43.102.199 57 ibsainc.welchcodingcourses.com
#208.43.102.200 55 aryhomes.guerreroadhdinfo.com
#208.43.102.201 57 palocristi.levyadhdfacts.com
#208.43.102.202 64 cpope.carrmesorights.com
#208.43.102.203 64 mailxch.rodgersmesofacts.com
#208.43.102.204 64 excal.mullentreatementctrs.com
#208.43.102.205 66 acs.petersenwellnesscenters.com
#208.43.102.206 64 houstonmesafire.mcgratharmyperks.com
#208.43.102.207 66 lankfordauto.fraziermilitaryperks.com
#208.43.112.64 26 cust6533-2.shermanmbaprograms.com
#208.43.112.65 31 holly.suttonbusinessschool.com
#208.43.112.66 32 gilbert002.drakeacceleratedmba.com
#208.43.112.67 53 cust20020-1.partonmbaleaders.com
#208.43.112.69 65 gaylords.holtconversions.com
#208.43.112.70 69 emilyhanna.braxtonconversions.com
#208.43.112.71 63 godish.singletoncopdfacts.com
#208.43.112.72 64 headwestcatering.kruegercopdinfo.com
#208.43.112.73 59 davenportassoc-com.fletcherlungclinic.com
#208.43.112.74 19 mxc-00110801.bankslungspecialists.com
#208.43.112.75 22 mainttest.sheppardmedicalctr.com
#208.43.112.76 39 contactdallas.haneybillingedu.com
#208.43.112.77 44 larenaissance.powersmedicalcoding.com
#208.43.112.78 20 cehartman.bergautodeals.com
#208.43.112.79 20 fmx31.galvandiscountauto.com

And we could go on and on.. the number in the second column is how many ISP’s and Telco’s reported the email marketing/spam attacks over the same couple of hours..