Had a potential customer that asked about blocking all .eu domains, and of course not something we would like to recommend. However, we get it. Lately spammers (to call them email marketers might be too polite) have been aggressively using .eu domains, with randomized host names to send spam. And when then fire up, the results are seen right away at hundreds of ISP’s and email servers. For instance, in the last couple of days..

181.214.56.71        :       mkbepqe.cellute.eu
181.214.56.72        :      bj8opod8.chasela.eu
181.214.56.73        :        9ecz88d.clayer.eu
181.214.56.74        :     o2u5z0rkk.condust.eu
181.214.56.75        :         0aj2l.corniso.eu
181.214.56.76        :          9aswn.digini.eu
181.214.56.77        :         ewfrv.driebro.eu
181.214.56.78        :     y9gnaasa.dualmoth.eu
181.214.56.79        :        ju5o4f9.elschu.eu

Ranges like that started up, in this case on /27’s listed as being operated by ‘Digital Energy Technologies Ltd’, reallocated from ‘HOST1PLUS hosting services. Brazil’
181.214.56.0/27
181.214.56.32/27
181.214.56.64/27
181.214.56.96/27
181.214.56.128/27
181.214.56.160/27
181.214.56.192/27
181.214.56.224/27

(Might want to search the rest of the Host1Plus /16)

So we have a Brazilian Hosting Company, and American operator, and .eu domain names.. interesting.. But in this case, you have to think the operator is well aware of the activity. Why is this? Because they are cheap to register.  3 months ago it was .cc, before that .ru, before that .info.  There are other ways to catch these guys, but since it will change again in 3 months, don’t penalize the registrar and the good people using .eu.