To all of us in the spam protection and/or spam auditing game, want to wish everyone a happy 2017. Of course, I wish I had better news and that our jobs will be easier this year, but it looks like 2017 will start off being more of the same.
It looks like trends are shifting though slightly, with compromised email accounts taking a larger role again, however the same old problems from the IoT (Internet of Things) being compromised and bad hosting company practices still a major concern.
And to start the year off, we are calling out a known trouble spot again, which is ColoCrossing, and companies that operate on that network (NewWave Connect), haven’s for spammers.
This morning report includes:
18.104.22.168 23 23-95-53-215-host.colocrossing.com 22.214.171.124 26 23-95-53-216-host.colocrossing.com 126.96.36.199 13 23-95-53-219-host.colocrossing.com 188.8.131.52 24 23-95-53-223-host.colocrossing.com 184.108.40.206 8 107-175-56-151-host.colocrossing.com 220.127.116.11 14 107-175-56-155-host.colocrossing.com 18.104.22.168 10 107-175-56-156-host.colocrossing.com 22.214.171.124 12 107-175-56-157-host.colocrossing.com 126.96.36.199 2 107-175-56-158-host.colocrossing.com 188.8.131.52 6 107-175-147-133-host.colocrossing.com
But we see large swathes of IP(s) on WowRack and Joe’s Data Centre, both North American hosting companies activated for spamming activities as well.
Maybe this is the year that regulators will target those companies as also responsible for the activity on their networks.
184.108.40.206 3 streonilli.net 220.127.116.11 3 arach.streonilli.net 18.104.22.168 1 ptm.kil4.homika.win 22.214.171.124 3 ptm.kil22.homika.win 126.96.36.199 3 ptm.kil21.homika.win 188.8.131.52 2 a111.luxurybrandscollection.com 184.108.40.206 4 ptm.kil18.homika.win 220.127.116.11 3 ptm.kil17.homika.win 18.104.22.168 2 ptm.kil30.homika.win 22.214.171.124 70 ptm.kil29.homika.win 126.96.36.199 69 ptm.kil28.homika.win 188.8.131.52 72 ptm.kil27.homika.win 184.108.40.206 68 ptm.kil26.homika.win 220.127.116.11 71 ptm.kil25.homika.win 18.104.22.168 67 ptm.kil24.homika.win 22.214.171.124 67 ptm.kil23.homika.win 126.96.36.199 62 mx1.mightylk.biz 188.8.131.52 58 millo32.barsatinalawich.ml 184.108.40.206 65 us-s3-mta5.smtpcampaigns.com 220.127.116.11 62 millo31.barsatinalawich.ml 18.104.22.168 69 abc11.1band1.xyz 22.214.171.124 68 falait.preservevision.net 126.96.36.199 72 isproject.preservevision.net 188.8.131.52 69 niall.preservevision.net 184.108.40.206 3 ptm.kil32.homika.win 220.127.116.11 3 ptm.kil31.homika.win
Of course, those are easier to address as more and more companies simply resort to ‘blacklisting’ companies which allow, condone, or are unable to prevent such activity.
Sometimes that is the only way to elicit change in behaviors.
And again, we do hope providers this year will work on simple to fix things like operating ‘rwhois’ servers for their networks, work on PTR naming conventions that help all those involved in stopping spam, including those in the policing space.
But we all have to work together, to help honest operators secure their networks, create stronger tools for email users to prevent their accounts and servers being hacked, and lock down the Internet of Things from the ability to spread the worst of the spam used to deliver ransom ware, virus’s, scams, phishing, and other very serious threats to the average user.
And making the world a safer place, is why we continue to work on the front lines battling these threats.
Have a safe and happy new year.
PS, this is a great time for those other email marketing companies to look at cleaning up their marketing databases, surprised how many big companies databases have so many invalid email address entries that they continue to send to.