While in our case all of these connections are marked as spam, today’s logs showed a good example while the idea of an anonymous ‘ocean’ of IP(s) is not really a good idea. A small ‘digital pool’ at least where the operator is clearly defined, that is the goal of ARIN/RIPE and concepts like ‘rwhois’ etc.

But when a very large ocean has an issue, what do you do? Is the whole ocean the same?

Especially when all the domains are also protected by ‘whoisguard’.  Now in this case, these were pretty easy to notice, since they triggered reporting tools because of all the invalid email addresses that they were attempting to send to.  Not a very clean ‘marketing list’ that they are using.

Oh, and don’t try to load the URL’s there isn’t anything associated with them.

45.55.39.211 (M) 1 mta-wk-4.mk2.rushitect.com
45.55.45.60 (M) 1 mta-wk-7.mk0.rushitect.com
45.55.63.129 (M) 1 mta-wk-5.mk0.ratitect.com
82.196.0.83 (M) 1 mta-wk-5.mk1.shockineer.com
82.196.0.93 (M) 1 mta-wk-7.mk1.shockineer.com
82.196.0.103 (M) 1 mta-wk-4.mk2.shockineer.com
82.196.0.107 (M) 1 mta-wk-6.mk2.shockineer.com
82.196.0.112 (M) 1 mta-wk-5.mk3.shockineer.com
104.131.2.58 (M) 1 mta-wk-5.mk2.rushitect.com
104.131.150.194 (M) 1 mta-wk-5.mk0.gigamiller.com
104.131.178.14 (M) 1 mta-wk-2.mk2.ratilizer.com
104.131.180.91 (M) 1 mta-wk-1.mk2.rushitect.com
104.236.81.153 (M) 1 mta-wk-3.mk3.ratitect.com
104.236.96.22 (M) 1 mta-wk-2.mk2.ratitect.com
104.236.128.180 (M) 1 mta-wk-4.mk2.gigaitect.com
104.236.224.201 (M) 1 mta-wk-0.mk3.rushitect.com
104.236.225.154 (M) 1 mta-wk-1.mk0.chumpitect.com
104.236.229.71 (M) 1 mta-wk-2.mk3.ratitect.com
104.236.231.166 (M) 1 mta-wk-2.mk0.chumpitect.com
107.170.198.135 (M) 1 mta-wk-1.mk2.chumpineer.com
107.170.205.18 (M) 1 mta-wk-3.mk0.gigaitect.com
107.170.209.28 (M) 1 mta-wk-3.mk1.chumpineer.com
107.170.209.132 (M) 1 mta-wk-3.mk2.chumpineer.com
107.170.210.150 (M) 1 mta-wk-2.mk1.gigaitect.com
107.170.210.244 (M) 1 mta-wk-3.mk2.gigaitect.com
159.203.164.2 1 mta-wk-6.mk1.rushitect.com
159.203.164.56 1 mta-wk-6.mk2.ratitect.com
159.203.175.20 1 mta-wk-7.mk0.ratitect.com
162.243.0.160 (M) 1 mta-wk-2.mk3.enchantineer.com
162.243.1.96 (M) 1 mta-wk-0.mk1.gigainator.com
162.243.2.57 (M) 1 mta-wk-6.mk2.gigainator.com
162.243.3.177 (M) 1 mta-wk-1.mk0.enchantineer.com
192.34.60.29 (M) 1 mta-wk-6.mk0.ratilizer.com
192.34.60.137 (M) 1 mta-wk-1.mk3.shockilizer.com
192.34.60.193 (M) 1 mta-wk-1.mk2.gigaineer.com
192.34.61.200 (M) 1 mta-wk-2.mk0.shockilizer.com
192.34.62.146 (M) 1 mta-wk-2.mk1.gigaineer.com
192.34.62.157 (M) 1 mta-wk-0.mk2.gigaineer.com
192.241.200.225 (M) 1 mta-wk-0.mk2.gigamiller.com
192.241.243.64 (M) 1 mta-wk-3.mk3.gigainator.com
192.241.255.47 (M) 1 mta-wk-2.mk3.gigainator.com
198.199.119.240 (M) 1 mta-wk-0.mk0.gigamiller.com
198.199.126.171 (M) 1 mta-wk-6.mk2.digializer.com
198.199.127.53 (M) 1 mta-wk-4.mk2.codeitect.com
198.199.127.62 (M) 1 mta-wk-7.mk3.codeitect.com
198.199.127.80 (M) 1 mta-wk-4.mk1.codeitect.com
198.199.127.157 (M) 1 mta-wk-5.mk0.digializer.com
198.199.127.199 (M) 1 mta-wk-6.mk0.digializer.com
198.199.127.251 (M) 1 mta-wk-7.mk0.digializer.com
198.211.118.151 (M) 1 mta-wk-5.mk1.digializer.com
198.211.125.132 (M) 1 mta-wk-0.mk1.dataineer.com
198.211.125.197 (M) 1 mta-wk-3.mk1.digializer.com
198.211.125.235 (M) 1 mta-wk-3.mk2.digializer.com
198.211.126.6 (M) 1 mta-wk-0.mk0.dataineer.com
198.211.126.51 (M) 1 mta-wk-1.mk3.dataineer.com104.131.48.92
198.211.126.238 (M) 1 mta-wk-3.mk3.dataineer.com
208.68.38.127 (M) 1 mta-wk-4.mk2.ratilizer.com

host rushitect.com
;; Truncated, retrying in TCP mode.
rushitect.com mail is handled by 10 mta-wk-3.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-4.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-4.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-4.mk2.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-4.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-5.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-5.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-5.mk2.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-5.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-6.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-6.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-6.mk2.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-6.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-7.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-7.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-7.mk2.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-7.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-0.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-0.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-0.mk2.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-0.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-1.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-1.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-1.mk2.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-1.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-2.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-2.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-2.mk2.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-2.mk3.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-3.mk0.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-3.mk1.rushitect.com.
rushitect.com mail is handled by 10 mta-wk-3.mk2.rushitect.com

(Oh, thanks for forcing heavy(er) DNS queries on everyone as well)

The ‘digital ocean’ should put all of these guys in a clearly labeled ‘digital pool’ IMHO