HostNOC (Network Operation Center) / BurstNET - the spamhaus, whose CEO says that they can't control on whom their clients sign up, so they can't keep off even the blatant spammers, whom they've kicked off for their AUP violations. They also host the big spammer, Azoogle, and refuse to kick them off, yet expect others to delist their IP ranges, while spammers are still there. And when SPEWS blocklist didn't - the BurstNET's CEO says: "Why should we bother?" that Azoogle is still there. BurstNET only sees the need to terminate their spammers' accounts to get off the blocklist, otherwise they would be happily hosting them. When a known spammer, "Steve Sorenson", moves to HostNOC/BurstNET, being kicked from the previous provider for spamming, BurstNET gets a headsup message about the blatant spammer signing up with them. BurstNET ignores the warning, and waits till the spammer spams. Then BurstNET kicks the spammer off... to sign the spammer back up right to BurstNET's another server! What else to add, BurstNET's own staff members advice to "just hit delete" if you don't like spam! Update: 5-Jun-2003: BurstNET has fired their abuse guy who was trying to clean the mess with their spammers. Shooting the messenger, indeed. Update: 9-Jul-2003: "This is not occuring on out network, and therefore is not our responsibility/problem. We do not know if this is true or not, nor even care.", - says Burstnet about their Azoogle spammers. Update: 6-Aug-2003: BurstNET has confirmed that they were hosting a spammer, Azoogle, till the end of the contract, cause the termination "was not worth a lawsuit". Update: 17-Oct-2003: spamming web forms is "not spam" for BurstNET. Update: 19-Apr-2004: BurstNET again bouces complaints sent to abuse@ accounts. Update: 25-Mar-2005: More abuse@ bounces. hostnoc.blackholes.us is mirrored locally as hostnoc.bl.dolphinwave.org, and implemented on the mailserver. Update: renamed to burst.bl.dolphinwave.org, following blackholes.us. === A known persistent spammer moves to HostNOC, the warning was sent === == http://groups.google.com/groups?selm=200303050725.11992%402003.dolphinwave.org === Content-Type: text/plain; charset="us-ascii" From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person To: , nanas-sub@cybernothing.org, abuse@burst.net, abuse@hostnoc.net Subject: [email] A persistent spammer on your network: Sorenson And Ass (cjlinc.net)! Date: Wed, 5 Mar 2003 07:25:11 +0200 User-Agent: KMail/1.4.3 X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200303050725.11992@2003.dolphinwave.org> Status: RO X-Status: S ATTN: Network Operations Center! Please, be adviced that the long-time and repeating spammer, Sorenson And Ass, has parked his previously spamvertised web page on your net space, moving it from the Michigan Connect spamhaus operation: $ host cjlinc.net cjlinc.net has address 64.191.48.239 Network Operations Center IP block [64.191.0.0 - 64.191.127.255]. The spamming examples are archived can can be looked up on Google: http://groups.google.com/groups?selm=200302201440.42542%402003.dolphinwave.org Note that the spammer has changed their WHOIS registration data from: Domain Name: CJLINC.NET Administrative Contact: Sorenson, Steve vacplanners@cs.com 142 S. Semoran Blvd. #147 casselberry, FL 32707 US 407-650-3437 to: Administrative Contact: Newlan, Cynthia vacplanners@cs.com 5840 Red Bug Lake Rd. #415 Winter Springs, FL 32708 US 407-650-3437 Fax:407-650-3437 Please, be aware that the previous spammer's host, Michigan Connect, is listed on the SPEWS public blocklist (S1457): http://www.spews.org/html/S1457.html Please, do not provide the proved spammer with your network resources, not to be widely blocklisted for spam-support when the spammers will spam again. Regards, Alexander Sheremet. === The warning was ignored, and the spammer spammed using HostNOC === === My complaint === Content-Type: text/plain; charset="iso-8859-1" From: Admin Reply-To: abuse@2003.dolphinwave.org Organization: Private person Subject: [email] Long-time spammer: Sorenson And Ass / Advertising International! [Fwd: Mini RC Race Cars.] Date: Fri, 11 Apr 2003 16:50:22 +0300 User-Agent: KMail/1.4.3 X-KMail-Link-Message: 1356162 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas-sub@cybernothing.org, mail-abuse@nic.br, abuse@telemar.net.br, postmaster@veloxzone.com.br, salvador@TELEMAR-BA.COM.BR, mlugon@TELEMAR.COM.BR, postmaster@gsig-net.qc.ca, admin@sig-net.qc.ca, abuse@aol.com, abuse@cs.com, shawn@hostnoc.net, abuse@burst.net, abuse@hostnoc.net X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200304111650.22322@2003.dolphinwave.org> Status: RO X-Status: S Repeating "racing cars" spammer, who has spammed my e-mail address, used for spam complaints in this year only, and harvested from the Usenet group news.admin.net-abbuse.sightings (abuse@2003... - tagged)! The previous spamming history of this persistent spammer, Sorenson And Ass, is archived: http://groups.google.com/groups?selm=200302201440.42542%402003.dolphinwave.org Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! ATTN: Network Operations Center! ================================ You WAS warned about this spammer signing up with your services one month ago, and you WAS informed about the spammer's massive spamming history and that it was a reason for this abuser to be booted from at least two other networks, before joining your's! You ignoring this problem show your true spam-friendly face, and I will show this evidence every time you will go to NANAE to talk about your networks being delisted from the public DNSBLs! http://groups.google.com/groups?selm=200303050725.11992%402003.dolphinwave.org Spammer: BA125207.user.veloxzone.com.br [200.217.125.207] Telemar Norte Leste IP block [200.217/16]. Abused open relay: server.gsig-net.qc.ca [207.139.143.252] Le Groupe Sig-Net Plus IP block [207.139.143.0 - 207.139.143.255]. Mail from: pracli_cars_images.gif@cs.com Spamvertised web page: http://www.praclicars.com www.praclicars.com [64.191.23.207] ================== Registrant: Advertising International 5840 Red Bug Lake Rd. #415 Winter Springs, FL 32708 US 407-650-3437 Fax:407-650-3437 Domain Name: PRACLICARS.COM Administrative Contact: Newlan, Cynthia vacplanners@cs.com 5840 Red Bug Lake Rd. #415 Winter Springs, FL 32708 US 407-650-3437 Fax:407-650-3437 Technical Contact: Newlan, Cynthia vacplanners@cs.com 5840 Red Bug Lake Rd. #415 Winter Springs, FL 32708 US 407-650-3437 Fax:407-650-3437 Record last updated 04-10-2003 06:38:22 PM Record expires on 12-13-2004 Record created on 12-13-2002 Domain servers in listed order: NS1.JHTHOSTING.COM 64.191.23.207 NS2.JHTHOSTING.COM 64.191.23.208 Network Operations Center IP block [64.191.0.0 - 64.191.127.255]. Upstream: Network Operations Center (ge-4-0-ppl.rtr0.sctn.HOSTNOC.net). Nameservers: jhthosting.com <== SPAMMER! www.jhthosting.com [64.191.23.207] ================== Registrant: J H T Hosting 12 S. Semoran Blvd Casselberry, FL 32707 US Domain name: JHTHOSTING.COM Administrative Contact: Hites, John dns@jhthosting.com 12 S. Semoran Blvd Casselberry, FL 32707 US 407-650-3437 Technical Contact: Hites, John dns@jhthosting.com 12 S. Semoran Blvd Casselberry, FL 32707 US 407-650-3437 Registrar of Record: TUCOWS, INC. Record last updated on 08-Apr-2003. Record expires on 03-Dec-2003. Record Created on 03-Dec-2002. Domain servers in listed order: NS1.JHTHOSTING.COM 64.191.23.207 NS2.JHTHOSTING.COM 64.191.23.208 Network Operations Center IP block [64.191.0.0 - 64.191.127.255]. Upstream: Network Operations Center (ge-4-0-ppl.rtr0.sctn.HOSTNOC.net). Nameservers: jhthosting.com <== SPAMMER! ---------- Forwarded Message ---------- Received: from server.ben-mor.com (server.gsig-net.qc.ca [207.139.143.252]) by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id h3BDDpV11633 for ; Fri, 11 Apr 2003 16:14:07 +0300 Received: from smtp0291.mail.yahoo.com ([200.217.125.207]) by server.ben-mor.com with Microsoft SMTPSVC(5.0.2195.5329); Fri, 11 Apr 2003 09:11:37 -0400 Date: Fri, 11 Apr 2003 13:13:31 GMT From: pracli_cars_images.gif@cs.com X-Priority: 3 To: aburrough@abraxas.com Subject: Mini RC Race Cars. Mime-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: X-OriginalArrivalTime: 11 Apr 2003 13:11:39.0187 (UTC) FILETIME=[E3330030:01C3002B] Status: R X-Status: N PracliCars

If you no longer wish to receive these then please send an email to ------------------------------------------------------- ======= PREVIOUS SPAMS FROM THE SAME SPAMMER ======= === HostNOC bounces complaints === Path: uni-berlin.de!fu-berlin.de!newsfeed.vmunix.org!newspeer1-gui.server.ntli.net!ntli.net!colt.net!nycmny1-snf1.gtei.net!news.gtei.net!news.ntplx.net!not-for-mail From: John Dutka Subject: BURST.NET/HOSTNOC.NET refusing abuse complaints Newsgroups: news.admin.net-abuse.email X-No-Archive: yes User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u)) Lines: 19 Message-ID: <31Uva.4$XF.5928@news.ntplx.net> Date: Mon, 12 May 2003 21:06:07 GMT NNTP-Posting-Host: 204.213.232.3 X-Trace: news.ntplx.net 1052773567 204.213.232.3 (Mon, 12 May 2003 17:06:07 EDT) NNTP-Posting-Date: Mon, 12 May 2003 17:06:07 EDT Organization: NETPLEX Internet Services - http://www.ntplx.net/ Xref: uni-berlin.de news.admin.net-abuse.email:1983153 After sending complaints to the abuse@burst.net and abuse@hostnoc.net abuse contacts listed for hostnoc.net via the abuse.net service, this is the response I received to every single complaint (1 complaint per spam): "Sorry, the request you have emailed has been forwarded to perldesk, however, there was an error processing it further: The e-mail address (%MY_EMAIL_ADDRESS_REMOVED_TO_AVOID_HARVESTING%) has not been setup in the perldesk admin Thank you." So much for their protestations of characterizations they're unresponsive and/or spam-friendly. Oh - it's been doing this for a while. === HostNOC signs up the previously booted spammers again === Path: uni-berlin.de!cust-62-219-88-92.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS: S2586 Date: 13 May 2003 10:59:43 GMT Organization: Private person Lines: 26 Sender: Alexander Sheremet Message-ID: References: NNTP-Posting-Host: cust-62-219-88-92.cust.bezeqint.net (62.219.88.92) X-Trace: fu-berlin.de 1052823583 22733697 62.219.88.92 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1983548 On Tue, 13 May 2003 08:15:38 +0200 wrote in message : > IP range has been now assigned to a serious hosting company. Really? Still shows Xnet/Sprint to me. Note to SPEWS: muddyshoes.com spammers are back at hostnoc.net: $ host muddyshoes.com muddyshoes.com has address 64.191.53.130 The previous SPEWS record on them says: 2, 64.191.48.224, muddyshoes.com / jhthosting.com 2, 64.191.48.0/24, hostnoc.net (muddyshoes.com / jhthosting.com) (terminated) Obviously, the Network Operations Center didn't terminate them well enough, but rather has assigned them a new IP. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === And again === Path: uni-berlin.de!cust-62-219-88-43.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: 20 May 2003 01:18:13 GMT Organization: Private person Lines: 45 Sender: Alexander Sheremet Message-ID: References: NNTP-Posting-Host: cust-62-219-88-43.cust.bezeqint.net (62.219.88.43) X-Trace: fu-berlin.de 1053393493 28810175 62.219.88.43 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1989631 On Mon, 19 May 2003 23:11:45 +0000 (UTC) BurstNET wrote in message : > 1, 64.191.48.239, cjlinc.net / jhthosting.com > 1, 64.191.48.221, n-large.net > 1, 64.191.48.224/28, cjlinc.net / jhthosting.com (hostnoc.net) > 2, 64.191.48.0/24, hostnoc.net (cjlinc.net / jhthosting.com) > 1, 64.191.23.207, jhthosting.com / praclicars.com > 2, 64.191.48.224/28, hostnoc.net (cjlinc.net / jhthosting.com) > > 1, 64.191.4.49, Fred Benedetto / meczan.com > > 1, 64.191.48.224, muddyshoes.com / jhthosting.com > 1, 64.191.48.0/24, hostnoc.net (muddyshoes.com / jhthosting.com) > > 1, 64.191.48.224, muddyshoes.com / jhthosting.com > 1, 64.191.48.0/24, hostnoc.net (muddyshoes.com / jhthosting.com) Not really. You've kicked them from 64.191.23.207 back in April, but let this persistent abuser, Steve Sorenson, back in: $ host NS1.JHTHOSTING.COM NS1.JHTHOSTING.COM has address 64.191.53.130 You also have ignored the warning that was sent to you about the history of this particular spammer back in March, when he was kicked by AT&T/Michigan Connect (?!), and moved on your servers: http://groups.google.com/groups?selm=200303050725.11992%402003.dolphinwave.org No, you was waiting for s/h/it to spam from your servers, like the history didn't show already the blatant credit repairing / pump and dump spammer. But even after that, and after you've kicked this abuser, your let s/h/it back in?! That's how "spam prevention" part of SPEWS works. Your network very obviously can't keep off even spammers you've kicked off for your AUP violation. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === And here is why they sign up the spammers again, and again === From: "Shawn Arcus" Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: Tue, 20 May 2003 01:59:48 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 14 Message-ID: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> References: NNTP-Posting-Host: pa-scranton6d-16-18510.fw.scra1.hostnoc.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053370650 26801 66.96.192.40 (Tue May 20 03:59:48 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 01:59:48 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=pa-scranton6d-16-18510.fw.scra1.hostnoc.net; posting-account=125501; posting-date=1053370650 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/6e49bda0671c3ed55b99d527053f6fee.125501%40mygate.mailgate.org We do not control what users/domains our dedicated server clients set up on their leased machines. We can kick off a spammer from one machine, and he may appear the next week on a complately different client's machine. We have no control over that, and there is no way we possibly could control that. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === My reply === Path: uni-berlin.de!cust-62-219-88-43.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: 20 May 2003 03:15:43 GMT Organization: Private person Lines: 32 Sender: Alexander Sheremet Message-ID: References: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> NNTP-Posting-Host: cust-62-219-88-43.cust.bezeqint.net (62.219.88.43) X-Trace: fu-berlin.de 1053400543 28508585 62.219.88.43 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1989738 On Tue, 20 May 2003 01:59:48 +0000 (UTC) Shawn Arcus wrote in message <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org>: > We do not control what users/domains our dedicated server clients set up > on their leased machines. We can kick off a spammer from one machine, > and he may appear the next week on a complately different client's > machine. We have no control over that, and there is no way we possibly > could control that. > > SMA > PRES/CEO > BURSTNET That's why you are listed in SPEWS. If you can't keep the spammers from signing up to your network again and again, SPEWS can keep the rest of the Internet from the abuse that comes from your spammers. I would like to hear at least one excuse that prevents you from controlling your own network, from ensuring that your clients do not sign and resign the known, proved, and already kicked off spammers again and over again. What prevents you from creating a list of spammers that should never be signed up again, or the client who did it is out, themselves, for getting your whole network jeopardized? What prevents you from ordering your clients to verify the ID of a new customer before signing them up? It is *your* network, *you* set up the rules there. So, why don't you? Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Effective control over their network "will never work" === Path: uni-berlin.de!fu-berlin.de!news.mailgate.org!mygate.mailgate.org!pa-scranton6d-16-18510.fw.scra1.hostnoc.net!not-for-mail From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: Tue, 20 May 2003 03:02:52 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 28 Message-ID: References: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> NNTP-Posting-Host: pa-scranton6d-16-18510.fw.scra1.hostnoc.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053399563 12160 66.96.192.40 (Tue May 20 05:02:52 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 03:02:52 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=pa-scranton6d-16-18510.fw.scra1.hostnoc.net; posting-account=125501; posting-date=1053399563 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/b14ed4c52d08880a7e554b59073d727b.125501%40mygate.mailgate.org Xref: uni-berlin.de news.admin.net-abuse.email:1989719 > You can require that clients notify you of any account removed for AUP > violation, including domain, name, contact, and payment info of the > violator. Make that data searchable by your clients, and if they > continue to re-sign spammers, you've got proof that they didn't do due > diligence. The clients will not notify you the majority of the time, nor bother to check the list themselves before setting up accounts. The hosting industry just does not work that way. If you think large hosting companies are going to institure this kind of list, and then start terminating clients who don't abide to it, in turn removing 99% of their client base...you are mistaken. It is a good idea in theory, but it will never work. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === HostNOC thinks that they are too big to deal with spammers === Path: uni-berlin.de!fu-berlin.de!news.mailgate.org!mygate.mailgate.org!pa-scranton6d-16-18510.fw.scra1.hostnoc.net!not-for-mail From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: Tue, 20 May 2003 02:59:22 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 35 Message-ID: <1d1dfe9af5311a8344012db15da16c9b.125501@mygate.mailgate.org> References: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> <3ec99584@shknews01> NNTP-Posting-Host: pa-scranton6d-16-18510.fw.scra1.hostnoc.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053370650 26801 66.96.192.40 (Tue May 20 04:59:22 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 02:59:22 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=pa-scranton6d-16-18510.fw.scra1.hostnoc.net; posting-account=125501; posting-date=1053370650 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/1d1dfe9af5311a8344012db15da16c9b.125501%40mygate.mailgate.org Xref: uni-berlin.de news.admin.net-abuse.email:1989715 > > Baloney. Your servers, your rules. I used to run a little data center; we > had a strict TOS and enforced it- anyone caught spamming was booted. Your > "clients" who play whack-a-mole and host spammers should lose their > accounts as well. > > Investigating potential clients before they sign up is not difficult, take > some simple steps like verifying they are who they say they are, and do > some EZ online searches. Amazing what you can find out about a person from > the comfort of your chair. Exactly - "I used to run a little data center;" We on the other hand, run a large data center, hosting over 135,000 domains. We cannot control what every one of our clients does. We can do basic checks for most of our own clients, which we do, the dedicated server customers. We cannot however scan the clients/users that they set up, nor the clients/users of our client's client's client's, etc... We do suspend, then terminate, dedicated server client repeat offenders, who keep signing up spammers as clients/users. Othre than that...not much we can do to control who gets added to the network. Welcome to the world of large scale web hosting and dedicated server companies. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === It's the blocklist who is wrong, not them for hosting spammers === Path: uni-berlin.de!fu-berlin.de!news.mailgate.org!mygate.mailgate.org!pa-scranton6d-16-18510.fw.scra1.hostnoc.net!not-for-mail From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: Tue, 20 May 2003 03:24:41 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 35 Message-ID: References: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> NNTP-Posting-Host: pa-scranton6d-16-18510.fw.scra1.hostnoc.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053399563 12160 66.96.192.40 (Tue May 20 05:24:41 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 03:24:41 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=pa-scranton6d-16-18510.fw.scra1.hostnoc.net; posting-account=125501; posting-date=1053399563 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/d2389700b8bbbd94aec77a99786b5739.125501%40mygate.mailgate.org Xref: uni-berlin.de news.admin.net-abuse.email:1989743 > That's why you are listed in SPEWS. If you can't keep the spammers from > signing up to your network again and again, SPEWS can keep the rest of > the Internet from the abuse that comes from your spammers. SPEWS is sorely mistaken if they think they can change the operations of the largest web hosting companies in the world. The way SPEWS operates currently is leading to a major implosion. It is only a matter of time until every web host in the world joins forces to denounce SPEWS, and the manner in which it operates. Such action has already started, and you are going to see it get much worse over the next few months as SPEWS pisses of the wrong people in the industry. SPEWS is not as anonymous as they think they are, and one day will be held accountable for the manner in which they are pursuing the cause. Don't get me wrong, in theory SPEWS is a wonderful idea. But the manner that it is being implemented is just plain wrong. There needs to be a system in place for ISPs/IPPs to deal with SPEWS and the issues at hand. As it is now, a wild west free for all, the current system will come to a head with a major wall being hit. Do you really think such mudslinging and name calling in a forum is professional, and a proper way to operate such an entity? We have no interest at this point in co-operating with SPEWS due to the manner in which matters are dealt with, the community general attitude, and the complete failure of SPEWS to respond to progress in spam terminations. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === My reply === Path: uni-berlin.de!cust-62-219-88-43.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: 20 May 2003 04:01:32 GMT Organization: Private person Lines: 86 Sender: Alexander Sheremet Message-ID: References: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> NNTP-Posting-Host: cust-62-219-88-43.cust.bezeqint.net (62.219.88.43) X-Trace: fu-berlin.de 1053403292 28258760 62.219.88.43 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1989771 On Tue, 20 May 2003 03:24:41 +0000 (UTC) BurstNET wrote in message : > >> That's why you are listed in SPEWS. If you can't keep the spammers from >> signing up to your network again and again, SPEWS can keep the rest of >> the Internet from the abuse that comes from your spammers. > > > SPEWS is sorely mistaken if they think they can change the operations of > the largest web hosting companies in the world. It's not the goal of SPEWS. SPEWS designed to prevent spam from hitting their own resources, and that it. > The way SPEWS operates currently is leading to a major implosion. Why didn't you continue your sentence? Why didn't you write "... a major implosion for spam-supporting networks"? > It is only a matter of time > until every web host in the world joins forces to denounce SPEWS, and > the manner in which it operates. Such action has already started, and > you are going to see it get much worse over the next few months as SPEWS > pisses of the wrong people in the industry. Is it a threat from BurstNet to SPEWS? It sure reads like that. There are no "wrong people". There are spammers and spam-supporting networks that refuse to kick their spammers off. Of course, they are pissed off cause other networks don't want just shut up and eat their spam. And this is the way it should be. > SPEWS is not as anonymous as > they think they are, and one day will be held accountable for the manner > in which they are pursuing the cause. Accountable what for? For calling spam-supporting networks as "spam-supporting networks" with a proof attached? I'm eager to see it. > Don't get me wrong, in theory SPEWS is a wonderful idea. It works on practice pretty well, too. > But the manner > that it is being implemented is just plain wrong. There needs to be a > system in place for ISPs/IPPs to deal with SPEWS and the issues at hand. There is one. You boot your spammers, you are not in SPEWS. You don't boot your spammers, you are in SPEWS. It can't be any simplier. No ISP has issues with SPEWS. They have issues with their spammers, whom they either boot, or they don't. SPEWS is not a free-for-all abuse desk, SPEWS has nothing to discuss with ISPs. > As it is now, a wild west free for all, the current system will come to > a head with a major wall being hit. Please, name "a major wall". Is AT&T, Sprint, Verio "a major wall" enough? > Do you really think such mudslinging > and name calling in a forum is professional, and a proper way to operate > such an entity? What makes you think that NANAE=SPEWS? What makes you think that any post you see on this Usenet newsgroup comes from SPEWS? > We have no interest at this point in co-operating with > SPEWS due to the manner in which matters are dealt with, the community > general attitude, and the complete failure of SPEWS to respond to > progress in spam terminations. > > > SMA > PRES/CEO > BURSTNET Fine game, we'll see who rusts first. Meanwhile the hostnoc.blackholes.us DNSBL will be very handy. Thanks for showing your true hat colour. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === What people do because of HostNOC's inability to control their network === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!news.airnews.net !cabal12.airnews.net!rnews From: Richard Johnson Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: Mon, 19 May 2003 23:09:34 -0600 Organization: Whirlpools Suck the Breath Out of You Lines: 24 Message-ID: References: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> Reply-To: rnews@river.com Abuse-Reports-To: abuse at airmail.net to report improper postings NNTP-Proxy-Relay: library2.airnews.net NNTP-Posting-Time: Tue, 20 May 2003 00:09:35 -0500 (CDT) NNTP-Posting-Host: !\=F!1k-Wu:VQ0@&7g96'4>qu (Encoded at Airnews!) User-Agent: MT-NewsWatcher/3.2 (PPC Mac OS X) X-Nospam: To reply via email, make sure you don't enter the whirlpool on river left. Xref: uni-berlin.de news.admin.net-abuse.email:1989825 In article <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org>, "Shawn Arcus" wrote: > We do not control what users/domains our dedicated server clients set up > on their leased machines. We can kick off a spammer from one machine, > and he may appear the next week on a complately different client's > machine. We have no control over that, and there is no way we possibly > could control that. That's OK. We can use our own means to prevent your lack of control from hurting us. Thanks, SPEWS! Thanks pf! Richard -- To reply via email, make sure you don't enter the whirlpool on river left. My mailbox. My property. My personal space. My rules. Deal with it. http://www.river.com/users/share/cluetrain/ === Big spammers should be treatened differently === Path: uni-berlin.de!fu-berlin.de!east.cox.net!cox.net!border3.nntp.aus1.giganews.com!nntp.giganews.com!nntp3.aus1.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Tue, 20 May 2003 07:28:40 -0500 From: "McWebber" Newsgroups: news.admin.net-abuse.email References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> <4e1376a56346433219e53400499ee924.125501@mygate.mailgate.org> Subject: Re: SPEWS S627 Update Request Date: Tue, 20 May 2003 08:28:36 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: Lines: 28 NNTP-Posting-Host: 68.56.248.3 X-Trace: sv3-dnKRFCZNB2XI7UMHzrDxqcFBFokxnBh8ekZTqThAj/uwRSAIAPgdGhsdqkDFjJB01cACeh7zmUrtM1r!3Rd2JB/00PgHFQNOCG4IGn+xtb8ddUNduRargXYDKztuOtzuQ9Ejyu0xogU= X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:1989977 "BurstNET" wrote in message news:4e1376a56346433219e53400499ee924.125501@mygate.mailgate.org... > > > BurstNET "D'OH!, I just dug myself in a deeper hole by > > archiving my support of spam in public on google groups!" > > > At no time have I stated that I support spam, in any manner, shape, or > form. Shame on you for making such an assumption...or lying about what I > actually stated. > When asked about your treating Azoogle differently, did you not post: In theory it sounds nice in dandy, but when it comes to running a business, you have to look out for your largest clients first, in order to maintain the overall health of the company. It's actually in the best interests of the smaller client, to treat the larger clients better.... It's quite obvious you have a pink contract with some clients and have been permitting them to spam as long as other netblocks of your network were not listed by SPEWS. -- McWebber No email replies read If someone tells you to forward an email to all your friends please forget that I'm your friend. === HostNOC: "Why should be bother?" === Path: uni-berlin.de!fu-berlin.de!news.mailgate.org!mygate.mailgate.org!pa-scranton6d-16-18510.fw.scra1.hostnoc.net!not-for-mail From: "Shawn Arcus" Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S627 Update Request Date: Tue, 20 May 2003 03:15:28 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 33 Message-ID: References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> NNTP-Posting-Host: pa-scranton6d-16-18510.fw.scra1.hostnoc.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053399563 12160 66.96.192.40 (Tue May 20 05:15:28 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 03:15:28 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=pa-scranton6d-16-18510.fw.scra1.hostnoc.net; posting-account=125501; posting-date=1053399563 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/efacf08742f193af5f93f1ad39aa9098.125501%40mygate.mailgate.org Xref: uni-berlin.de news.admin.net-abuse.email:1989737 > Yadda yadda...another token kill from Burst, yet azoogle still lives. Why should we bother? We have spent 2-3 months now cleaning up our network, and have removed a ton of spammers/abusers. Every single listing in SPEWS S421 has been removed and/or dealt with besides Azoogle. And yet, SPEWS has not updated/delisted/removed any of the records. What incentive do we have to continue to deal with such, or to work towards a resolution on the Azoogle issue? If SPEWS were to update records, we would move faster to deal with the issues at hand. At this point though, they have not updated records, and we see no point in working with them in the future because of such. If they update the records this time, then we will continue to work with them. This would include attending further to the Azoogle listings. Up until the point that they update records promptly after we take action, we have no incentive to co-operate with SPEWS. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === HostNOC is pointed out that until they boot *ALL* their spammers, no === === delisting will likely occur === From mcwebber@my-deja.com Tue May 20 07:24:11 2003 Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!small1.nntp.aus1.giganews.com!nntp.giganews.com!nntp3.aus1.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Mon, 19 May 2003 22:56:18 -0500 From: "McWebber" Newsgroups: news.admin.net-abuse.email References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> Subject: Re: SPEWS S627 Update Request Date: Mon, 19 May 2003 23:56:55 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <1R-cnbTlwMD_OlSjXTWcpw@comcast.com> Lines: 26 NNTP-Posting-Host: 68.56.248.3 X-Trace: sv3-UbMSKYDzjgAhbgLmcWLHVMRNMSz9Q1MNAhvcgJhU+RY9CLBdb/ahazTyYieif7qG5a2VDM/C37rDQW6!v7sGRGwlKrm6mabs3NECJ/dorziy+m/yawYjhirasST9uhB/BUeu0xQKqK8= X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:1989769 "Shawn Arcus" wrote in message news:efacf08742f193af5f93f1ad39aa9098.125501@mygate.mailgate.org... > > > Yadda yadda...another token kill from Burst, yet azoogle still lives. > > Up until the point that they update records promptly after we take > action, we have no incentive to co-operate with SPEWS. Until you disconnect Azoogle I doubt anything will change. You just keep making excuses. Azoogle spammed the hell out of me until I just null routed the various /24's that I saw hitting my server from azoogle. Others have been repeatedly pointing out Azoogle still hitting them. Now you want us to believe a domain with a whois like servershost.net is not suspect? C'mon. I was born at night, but not last night. If you think people are going to read your posts and say, "Wow, I guess SPEWS sucks. I'll have to stop using it so I can help out those poor folks at Burst," I'd like some of what you're smoking. -- McWebber No email replies read If someone tells you to forward an email to all your friends please forget that I'm your friend. === "The problem is with SPEWS advising to block us" === From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S627 Update Request Date: Tue, 20 May 2003 04:57:33 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 82 Message-ID: <9cc205116bae5c8e9a32abcb35bb1be2.125501@mygate.mailgate.org> References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> NNTP-Posting-Host: 1cust28.tnt1.scranton.pa.da.uu.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053399563 12160 67.235.185.28 (Tue May 20 06:57:32 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 04:57:33 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=1cust28.tnt1.scranton.pa.da.uu.net; posting-account=125501; posting-date=1053399563 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/9cc205116bae5c8e9a32abcb35bb1be2.125501%40mygate.mailgate.org > They don't de-list until ALL the spammers are gone from your > netspace. Well, they should clearly state that in their FAQ then, cause as it is, I feel any progress we make towards cleaining up our network is falling on deaf ears. > Even if SPEWS does de-list your network, your packets are > permanently unwelcome at my servers due to your blatant list-washing > assistance to your pet spammers, and your continued hosting of Azoogle. > My servers, my bandwidth, my rules. I have no problem with you deciding to block our traffic. My problem is with SPEWS advising you to do so, and advising you to hurt block innocent client's servers. You can claim all you want that "it's just a list"...but that's crap and we all know it. > > If SPEWS were to update records, we would move faster to deal with the > > issues at hand. At this point though, they have not updated records, and > > If you were to expeditiously terminate ALL your pet spammers, > SPEWS would probably de-list. It's that simple. Unfortuately, I have no faith in an organization operating without clear rules and guidelines, that they will. They have done nothing to make me believe that any of our actions will have any affect on our listings, and in fact have done everything to lead us to believe that opposite holds true, and that they will not result in such updates/delistings. SPEWS needs to react to updates/delistings as quickly as they act to listings in the first place. Until that time, they will earn little or no respect from the web hosting community. As it stands all SPEWS is doing is creating a war between the ISP (access provider) and the IPP (content provider). > You seem to be operating under the all-too-common delusion that > the rest of the 'net is required to accept packets from your network. > Nothing could be further from the truth. No, I do not feel such is the case. I just feel that free speech only goes so far, and that SPEWS has crossed the line into "recommending" action be taken to harm innocents. I would have no problem on the same ISPs blocking our information, if it was not SPEWS advising them to do it. Now if SPEWS received gov't sanctions to operate in such a matter, that would change my opinion. But until that time, I feel they are a impersonating a legal entity so to say, and one day will deal with the consequences of their methodology of dealing the spam problem. > > we see no point in working with them in the future because of such. If > > "Working with them?" > > Now I know you're delusional. Nobody "works" with SPEWS. You get > rid of your spammers, the listing goes away. What part of that do you > not understand? No, the listing does not always go away...and that is my main problem with SPEWS. They take fast action to list, but slow or no action to delist/update. And for this they need to be held accountable. The major flaw here is a major lack of organization and structure on the part of SPEWS, and no proper procedures in place to really deal with the situations at hand. I think when SPEWS was created, it was done with the plan on how to block spam and force carriers to deal with it, but with no thought about how to deal with the actual process afterwards. Personally, I think SPEWS is in over their head on this one, and are incapable of dealing with how large the system has become. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === My reply === Path: uni-berlin.de!cust-62-219-88-43.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S627 Update Request Date: 20 May 2003 06:41:14 GMT Organization: Private person Lines: 57 Sender: Alexander Sheremet Message-ID: References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> <9cc205116bae5c8e9a32abcb35bb1be2.125501@mygate.mailgate.org> NNTP-Posting-Host: cust-62-219-88-43.cust.bezeqint.net (62.219.88.43) X-Trace: fu-berlin.de 1053412874 29136733 62.219.88.43 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1989874 On Tue, 20 May 2003 04:57:33 +0000 (UTC) BurstNET wrote in message <9cc205116bae5c8e9a32abcb35bb1be2.125501@mygate.mailgate.org>: > I have no problem with you deciding to block our traffic. My problem is > with SPEWS advising you to do so, and advising you to hurt block > innocent client's servers. You can claim all you want that "it's just a > list"...but that's crap and we all know it. And you have a reason of why SPEWS can not share their opinions on which network should be blocked for spam support? >> If you were to expeditiously terminate ALL your pet spammers, >> SPEWS would probably de-list. It's that simple. > > Unfortuately, I have no faith in an organization operating without clear > rules and guidelines, that they will. Then by all means DO NOT use SPEWS advisory on your networks! > SPEWS needs to react to updates/delistings as quickly as they act to > listings in the first place. SPEWS needs to do no such a thing. If abuse desks were reacting as quickly on the abuse reports, as they expect SPEWS to delist them, there would be no SPEWS. > Until that time, they will earn little or > no respect from the web hosting community. Until that time, they will earn little or no respect from the Internet community. > As it stands all SPEWS is doing is creating a war between the ISP > (access provider) and the IPP (content provider). Networks that kick their spammers without waiting for SPEWS listing and numerous escalations, are not a part of this "war". Networks who are - deal with the consequences of their spam-friendly status. > Now if SPEWS received gov't sanctions to operate in such a matter, > that would change my opinion. SPEWS is not a government orcanization, they need no gov't sanctions to publish spam evidences and what they do with their own private property. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === "Spews is the problem" === Path: uni-berlin.de!fu-berlin.de!news.mailgate.org!mygate.mailgate.org!1cust28.tnt1.scranton.pa.da.uu.net!not-for-mail From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S627 Update Request Date: Tue, 20 May 2003 05:08:03 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 38 Message-ID: <4e1376a56346433219e53400499ee924.125501@mygate.mailgate.org> References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> NNTP-Posting-Host: 1cust28.tnt1.scranton.pa.da.uu.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053399563 12160 67.235.185.28 (Tue May 20 07:08:03 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 05:08:03 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=1cust28.tnt1.scranton.pa.da.uu.net; posting-account=125501; posting-date=1053399563 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/4e1376a56346433219e53400499ee924.125501%40mygate.mailgate.org Xref: uni-berlin.de news.admin.net-abuse.email:1989824 > BurstNET "D'OH!, I just dug myself in a deeper hole by > archiving my support of spam in public on google groups!" At no time have I stated that I support spam, in any manner, shape, or form. Shame on you for making such an assumption...or lying about what I actually stated. My problem is with the manner of operations of SPEWS, not with the theory of SPEWS itself. < deeper hole > There is no deeper hole than spews level 1. At this point, we have co-operated in an attempt to clean up our SPEWS listings. SPEWS doesn't seem to care that we have taken such actions, and has not updated records. therefore, we have no reason to co-operate further, as all incentive has been removed for such. We will therefore be an outspoken, non-supporter of SPEWS, until which time SPEWS realizes it's failures, and acts where it should have already. We will speak for all the web hosting companies out there that feel the same out there as our firm does, and there ARE alot of them. It is only a matter of time until SPEWS is under pressue to either cease operations, or hopefully better yet, streamline their operations to funtion better in society. We have tried to do things properly around here, but obviously it doesn't matter... SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === Reply === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: MB Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S627 Update Request Date: Mon, 19 May 2003 23:43:29 -0600 Organization: Posted via Supernews, http://www.supernews.com Message-ID: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3.1) Gecko/20030425 X-Accept-Language: en-us, en MIME-Version: 1.0 References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> <4e1376a56346433219e53400499ee924.125501@mygate.mailgate.org> In-Reply-To: <4e1376a56346433219e53400499ee924.125501@mygate.mailgate.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 62 Xref: uni-berlin.de news.admin.net-abuse.email:1989843 BurstNET wrote: > At no time have I stated that I support spam, in any manner, shape, or > form. Shame on you for making such an assumption...or lying about what I > actually stated. Lying.... right. If you really wanted to make SPEWS look bad, kick off Azoogle then tout your stuff, until then you're talking small potatoes. Spammers are spammers, why's azoogle any different? A rather pretty shade of red on their contract? > > My problem is with the manner of operations of SPEWS, not with the > theory of SPEWS itself. > Even Verio doesn't come here touting that they're going to KEEP THEIR SPAMMER until SPEWS modifies some listings and everyone knows what kind of "hole" that is... (http://www.spamhaus.org/sbl/listings.lasso?isp=verio.net&-nothing=Search) > < deeper hole > > > There is no deeper hole than spews level 1. > At this point, we have co-operated in an attempt to clean up our SPEWS > listings. SPEWS doesn't seem to care that we have taken such actions, > and has not updated records. If SPEWS is being denounced so heavily, why not kick azoogle off just because they've spammed while on your "reputable" network. Keep it white -hat right? Why does it take being put on a black list to remove spammers? Black lists would not be needed if spammers were not permitted to survive. > therefore, we have no reason to co-operate > further, as all incentive has been removed for such. SPEWS may be reading this, but a vast majority of other black list operators read this group as well. Good idea not cooperating "with the community." What about SPAMHAUS, Steve L. posts here and you're listed with them quite heavily. (http://spamhaus.org/SBL/sbl.lasso?query=SBL8141) We'll presume SPEWS is a rogue blacklist, supposedly you can shoot spamhaus a quick email fixing the situation promptly, what's the hold up? > We will therefore > be an outspoken, non-supporter of SPEWS, until which time SPEWS realizes > it's failures, and acts where it should have already. We will speak for > all the web hosting companies out there that feel the same out there as > our firm does, and there ARE alot of them. Got some links? I'd like to read the forums of the web hosting community which despise SPEWS so much to see how many ROKSO records they have... > It is only a matter of time > until SPEWS is under pressue to either cease operations, or hopefully > better yet, streamline their operations to funtion better in society. Well you can always jump on the emarketersamerica.org bandwagon and see how that pans out. === Another reply === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!newsfeed-east.nntpserver.com!nntpserver.com!news-west.rr.com!cyclone.tampabay.rr.com!news-post.tampabay.rr.com!twister.southeast.rr.com.POSTED!53ab2750!not-for-mail Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S627 Update Request From: TMX References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> <4e1376a56346433219e53400499ee924.125501@mygate.mailgate.org> Message-ID: User-Agent: Xnews/5.04.25 Lines: 21 Date: Tue, 20 May 2003 05:35:06 GMT NNTP-Posting-Host: 66.26.51.40 X-Complaints-To: abuse@rr.com X-Trace: twister.southeast.rr.com 1053408906 66.26.51.40 (Tue, 20 May 2003 01:35:06 EDT) NNTP-Posting-Date: Tue, 20 May 2003 01:35:06 EDT Organization: Road Runner - NC Xref: uni-berlin.de news.admin.net-abuse.email:1989837 "BurstNET" wrote in news:4e1376a56346433219e53400499ee924.125501@mygate.mailgate.org: > At no time have I stated that I support spam, in any manner, shape, or > form. Shame on you for making such an assumption...or lying about what I > actually stated. > Ah...have we forgotten this already?: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8 &selm=Xns936C99AB95CDB91116243242%4024.25.9.43 or http://tinyurl.com/c6k4 Oh, and just for laughs: http://desilva.biz/forum/showthread.php?threadid=582 begin with the second post down -B === http://groups.google.com/groups?selm=Xns936C99AB95CDB91116243242%4024.25.9.43 === Newsgroups: news.admin.net-abuse.email Subject: Re: [SPEWS] Update From: TMX References: <3EAD6813.F632E3CD@yah00.c0m> <392b09596e636c413769fa33351b53c3.125501@mygate.mailgate.org> <8ccb11a18d7b39a59259a5c10acd345d.125501@mygate.mailgate.org> Message-ID: User-Agent: Xnews/5.04.25 Lines: 56 Date: Tue, 29 Apr 2003 19:06:26 GMT NNTP-Posting-Host: 66.26.51.40 X-Complaints-To: abuse@rr.com X-Trace: twister.southeast.rr.com 1051643186 66.26.51.40 (Tue, 29 Apr 2003 15:06:26 EDT) NNTP-Posting-Date: Tue, 29 Apr 2003 15:06:26 EDT Organization: Road Runner - NC CM wrote in news:vat47c20h3av25@news.supernews.com: > What about azoogle? Still alive and well on 66.197.140.0/24, and 64.191.64.101 through 112. Burst will not do anything about azoogle, as they have demonstrated time and time again through both their words and (in)actions that azoogle is a preferred customer. Burst may boot a few low-level spammers now and then for the sake of appearances, but their continued support of azoogle shows what their true colors really are. For the sake of the google archives, as well as for those who may think that Burst is actually trying to eliminate spam from their network, I once again refer to comments made by Sean R, Burstnet's CEO, in regard to azoogle, spews, and spam in general, on the webhostingtalk.com forums in early April, 2003: > ""Their IPs"...as in those assigned to them by us....but not other IPs > of other clients on the network. SPEWS blockings are limited to the > Class C blocks Azoogle uses, and not the others on the > network....hence what they do does not affect other client's service > levels...which is a key factor in our response on them." and > "To the best of my knowledge, and from what our Abuse Dept tells me, > Azoogle does not have our IPs blocked, only their own IPs are blocked. > That is fine, and does not affect service to the rest of our clients." > When service is affected to the rest of our clients, that makes us > take immediate action. and > << All clients should be dealt with equally. >> > > Absolutely un-true. > In theory it sounds nice in dandy, but when it comes to running a > business, you have to look out for your largest clients first, in > order to maintain the overall health of the company. It's actually in > the best interests of the smaller client, to treat the larger clients > better.... Complete thread here: http://www.webhostingtalk.com/showthread.php?threadid=130298 This attitude on the part of Burst has led to their very own blackholes.us listing (hostnoc.blackholes.us). I invite Sean R. to comment on my observations regarding burstnet's relationship with azoogle, as well as to refute anything I've posted here. -Bob === http://www.webhostingtalk.com/showthread.php?threadid=130298 === amusive.com Web Hosting Guru Registered: Sep 2001 Posts: 349 Status: Offline why I canceled my nocster server, and why you should stay away Ignoring any downtime issues, I think there is still good reason to stay away from Nocster/Burst.net. I just canceled the server I had there, and it was not because of the downtime. I think they are making an effort to solve that, and even if it is as half-assed as everything else they seem to do they appear to be giving it good attention. I will not, however, be called a liar or ignored. I posted a while ago here about an issue I had with their abuse department. I also emailed several people at burst in an attempt to get it straightened out. Basically, abuse requested I remove a site with NO proof that they were spamming (they would not even forward me ONE email -- they told me to find one myself) within 5 hours. I did, but did not appreciate the treatment. Aside from that, the messages I received and quoted (plus some I did not) from their head of abuse were, to say the least, barely legible. I seriously doubt that their abuse guy has the literacy of a 5th grader, and I can assure you he has a problem with the space bar as his spacing is random and erratic. I have tried to get a copy of any emailed complaints about the user still in case I was contacted but nobody would reply. Nobody would even explain why they hired an abuse manager that can't communicate effectively either. Also in the above linked post I was told there was good reason that they were so harsh with me, but nobody would answer me as to why with that either. Maybe it's the fact that on the few other instances they've contacted me about abuse the site was shut down before they even mailed me about it? I despise spam and take instant action against it and refuse to stay at a host who would even IMPLY I feel otherwise. Especially if they will say so and refuse to even defend it when I ask for a simple reason. Finally, burst/nocster are excellent at shifting blame. Blaming me, or blaming others (it's obvious in other threads -- they just either call their customer a liar or say "this is what should have happened so it did so you are wrong"). I can only imagine the company is run by a 9 year old, or an adult with the mentality of one, because any other company would deal with problems and not blame. Edit: In my haste to post the major issue I had, I forgot to mention that despite my server being set up significantly later than the timeframe promised (this was not one of those 'sales' either, I paid an enormous setup fee) and was promised compensation... I never got squat. I sent tons of emails but again, no reply, no compensation despite being promised it by the salesperson because they were disgustingly late delivering my server. I guess they have a mysterious "good reason" for not giving me compensation, right BurstNET?? Can I not know that either? Last edited by amusive.com on 04-08-2003 at 05:12 AM 04-08-2003 02:32 AM === BurstNET Scranton PA NOC Registered: Apr 2000 Posts: 1286 Status: Offline As stated in the user's other post... We are cracking down on spammers/hackers/abusers. We are trying to get certain IP blocks removed from SPEWS, RBL, etc... If we were this strict with him, then I'm sure there was good reason. Sean R. BurstNET System Administration __________________ BurstNET™ - The Speed the Internet Travels™ To place an order, or for more information, contact; BurstNET™ - 1-877-BURSTNET - sales@burst.net http://www.burst.net - http://www.nocster.net 04-08-2003 02:38 AM === dandanfirema High Priest of WHT Registered: Apr 2002 Posts: 1242 Status: Offline quote: Originally posted by BurstNET As stated in the user's other post... We are cracking down on spammers/hackers/abusers. We are trying to get certain IP blocks removed from SPEWS, RBL, etc... If we were this strict with him, then I'm sure there was good reason. Sean R. BurstNET System Administration If you were really serious about getting rid of spam, wouldn't you start with azoogle.com? I reported this to the abuse department over 6 months ago as well as spoke to someone on the phone about it. I was told they would have my name removed from the database..but it appears the customer is still on your network. I guess money talks...they must be paying well. __________________ AlphaOmegaHosting.Com http://www.AlphaOmegaHosting.Com Integrity - Doing the right thing...even when no one is looking. 04-08-2003 03:04 AM === amusive.com Web Hosting Guru Registered: Sep 2001 Posts: 349 Status: Offline quote: Originally posted by dandanfirema If you were really serious about getting rid of spam, wouldn't you start with azoogle.com? I reported this to the abuse department over 6 months ago as well as spoke to someone on the phone about it. I was told they would have my name removed from the database..but it appears the customer is still on your network. I guess money talks...they must be paying well. Your post makes me happy If you do a google search for the complaint that would have gotten me removed in 5 hours, there are three results. Now if you search for azoogle -- still hosted with Burst! -- you get almost 700. This is fantastic. Thank you for posting this, I just keep getting happier and happier for leaving. A quote from the net abuse groups about hostnoc, which is Burst/Nocster: quote: So hostnoc.net is, once again, moving their pet spammer around to dodge blocklists. They gave azoogle.com new unswipped space on 3 April or slightly earlier. Saying they'll deal with their spammers, while at the exact same time taking such extraordinary steps to facilitate continued spamming by what we have justifiably listed as "azoogle most rabid spamhaus ever seen", tells us exactly how much trust to place in the mere words of the hostnoc.net weenies. Our answer will be: block in from 64.191.0.0/17 to any Enough is enough. (That is the block I'm on, by the way, so if it gets added to blacklists, it's probably because burst is spam friendly, not because I took over 5 hours to remove a small-time spammer using a redirect). 04-08-2003 03:12 AM === cooljet Newbie Registered: Feb 2003 Posts: 11 Status: Offline this whole SPEWS issue would just be resolved if burst would stop accepting large payoffs to keep their servers alive. ive been watching the timeline of azoogle spamming at burst - there have been A LOT of IP changes as well as turned heads. and your abuse staff seem to be told to turn the other way, while you will pounce on any small time spammers. would burst be able to survive without azoogle's payoffs? probably, but it all comes down to the money, doesn't is Shawn? so how much would it cost me to make you guys turn the other way if i signed up for a server and started spamming big time - let's say... a few thousand extra each month? 04-08-2003 02:46 PM === And here HostNOC is blocked by another network === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!news.airnews.net!cabal12.airnews.net!rnews From: Richard Johnson Newsgroups: news.admin.net-abuse.email Subject: Re: Spews S421 Update Request Date: Mon, 19 May 2003 23:15:57 -0600 Organization: Whirlpools Suck the Breath Out of You Lines: 35 Message-ID: References: <6e49bda0671c3ed55b99d527053f6fee.125501@mygate.mailgate.org> Reply-To: rnews@river.com Abuse-Reports-To: abuse at airmail.net to report improper postings NNTP-Proxy-Relay: library2.airnews.net NNTP-Posting-Time: Tue, 20 May 2003 00:15:58 -0500 (CDT) NNTP-Posting-Host: !\=F!1k-Wu:VQ0@&7g96'4>qu (Encoded at Airnews!) User-Agent: MT-NewsWatcher/3.2 (PPC Mac OS X) X-Nospam: To reply via email, make sure you don't enter the whirlpool on river left. Xref: uni-berlin.de news.admin.net-abuse.email:1989828 In article , "BurstNET" wrote: > SPEWS is sorely mistaken if they think they can change the operations of > the largest web hosting companies in the world. The way SPEWS operates > currently is leading to a major implosion. It is only a matter of time > until every web host in the world joins forces to denounce SPEWS Cool! You're welcome to continue being a pro-spam provider. If you choose to remain on the pro-spam side of the net, just don't expect the not-spam side to accept your traffic. You simply can't have it both ways. You can't host spammers like azoogle (the most rabid spammer ever), or post diatribes against tools we use to protect ourselves against pro-spam proviers, and expect anyone to believe you're serious about being a good neighbor. Thanks for making it so clear that you intend to continue being a bad neighbor. I'm ever more confident that our decision to firewall off your entire festering pustule of a network was exactly the right one. Buh bye! Richard -- To reply via email, make sure you don't enter the whirlpool on river left. My mailbox. My property. My personal space. My rules. Deal with it. http://www.river.com/users/share/cluetrain/ === HostNOC sums it all for their own users === === http://forum.burst.net/showthread.php?s=&threadid=870 === BurstCEO Chief Executive Officer Registered: Mar 2003 Location: Posts: 265 SPEWS listings... We are working on the SPEWS situation. Everything on our SPEWS lists has been attended to: http://mailgate.supereva.it/news/news.admin.net-abuse.email/msg1778769.html ...with the exception of Azoogle, which is not a instant fix/solution. We are working together with them to fine tune their operation to make it acceptible to the abuse/email community. Whether SPEWS decides to actually update our records or not. is not up to us. We have been working hard to clean the network up over the past two months, but SPEWS still fails to update our records. It is getting to the point where we will be ignoring them completely, if they do not start updating our records promptly. Currently, anything we do to correct the issues, they have not acknowledged. Their solution is good in theory, but they are doing far more damage than good. When SPEWS does not update records when ISPs take action to resolve the matter, it brings their whole methodology in question. It is only a matter of time until SPEWS imploads. SMA PRES/CEO BURSTNET __________________ BurstNET™ - The Speed the Internet Travels™ To place an order, or for more information, contact; BurstNET™ - 1-877-BURSTNET - sales@burst.net http://www.burst.net - http://www.nocster.net 05-20-2003 12:38 AM === And here, an excuse to ignore the Azoogle spammers' problem for longer === BurstCEO Chief Executive Officer Registered: Mar 2003 Location: Posts: 265 We've done everything we could so far...the abusive users have been dealt with. We have notified the abuse newsgroups (Where SPEWS looks for updates to listings from ISPs...) that we have done so. It is now out of our hands. In the past they have not updated our records when we took action against abusive users/spammers, so we have no guarantee that they will do so this time either. Odds are they will not, and this goes to show that they have a hidden agenda against many ISPS/hosts. If they were to update records, we would move faster to deal with the issues at hand. At this point though, they have not updated records, and we see no point in working with them in the future because of such. If they update the records this time, then we will continue to work with them. This would include attending further to the Azoogle listings. Up until the point that they update records promptly after we take action, we have no incentive to co-operate with them. SMA PRES/CEO BURSTNET __________________ BurstNET™ - The Speed the Internet Travels™ To place an order, or for more information, contact; BurstNET™ - 1-877-BURSTNET - sales@burst.net http://www.burst.net - http://www.nocster.net 05-20-2003 12:51 AM === And here is the BurstNET staff member advices: "just hit delete" === === http://forums.burst.net/showthread.php?threadid=854&perpage=15&pagenumber=3 === BurstAlex BurstNET Staff Member Registered: Apr 2003 Location: Posts: 97 quote: Originally posted by Matt [MainArea] Money. Plain and simple - do you know how many server azoogle has at Burst? - Matt Right answer, wrong target. The reason why spam will continue to exist is because it is a cost effective method of reaching "customers". You, me and anyone else who receives spam are not a part of the equasion. Neither is BurstNET, Sprint, XO, or SpamHeavenProvider.com. The only two parties to the equasion are the company that spams and the company that pays for the service. It is like TV ads - you are a product that is being sold. You dont get to say when the ads come on on. If you dont like it, you can either (a) stop watching TV (b) get over it (c) start paying a lot of money for premium only channels on cable/satellite (d) ignore the ads. If you have an inbox you can either (a) install TMDA or TMDA-like filter (b) get over it (hitting 'D' fast usually solves a problem) (c) start paying thousands dollars a month to companies such as Brightmail. (d) pretend that spam does not exist. 05-20-2003 11:15 PM === SPEWS S421 evidence file (21-May-2003) === === http://spews.org/ask.cgi?x=S421 === hostnoc/burstnet |-------------------- 1, 66.96.192.0 - 66.96.195.255, hostnoc/burstnet 1, 66.96.214.0 - 66.96.218.255, hostnoc/burstnet 2, 66.96.192.0 - 66.96.255.255, hostnoc/burstnet 1, 205.162.50.0 - 205.162.50.255, hostnoc/burstnet (un-SWiP'd Sprint) 1, 66.197.170.0 - 66.197.176.255, hostnoc/burstnet 1, 66.197.128.0 - 66.197.191.255, hostnoc/burstnet (moved to level 1) 1, 66.197.192.0 - 66.197.255.255, hostnoc/burstnet (moved to level 1) 1, 64.191.20.0 - 64.191.23.255, hostnoc/burstnet (moved to level 1) 1, 64.191.27.0 - 64.191.31.255, hostnoc/burstnet 1, 64.191.53.0 - 64.191.53.255, hostnoc/burstnet 1, 64.191.40.0 - 64.191.68.255, hostnoc/burstnet 1, 64.191.0.0 - 64.191.63.255, hostnoc/burstnet 1, 64.191.64.0 - 64.191.127.255, hostnoc/burstnet ---------------------| Spam tolerant host. Some say greedy, some say incompetant - spammers don't care, both work for them. Update: Think Hostnoc/Burst is even worse than we do? Then use the "hostnoc.blackholes.us" DNSBL: http://blackholes.us/ See: A to-the-point thread: ======================================================================================= Not telling the truth? ("greedy, some say incompetant"?) "ALSO, The following users/domains have been removed from our network over the last 2-3 months." http://galaxymailer.com/ => 64.191.95.30 => hostnoc/burstnet ======================================================================================= Better tell Sprint. [205.162.50.1] 66961921.hostnoc.net [205.162.50.2] 66961922.hostnoc.net [205.162.50.3] 66961923.hostnoc.net [205.162.50.248] operator.hostnoc.net [205.162.50.249] operator.hostnoc.net "Guess what? Those IPs are not even bound to our network, and have not been for three months now!" ======================================================================================= UPDATE: After months, Innovasion spam house seems to have been removed. ======================================================================================= Such a backwards attitude - "Crack down" on the customers causing abuse reports and you won't end up in any spam blocklists - it's so simple. ======================================================================================= Hosting Azoogle spam house: 1, 64.191.64.106, teleport6nh.azoogle.com 1, 64.191.64.109, teleport9nh.azoogle.com 1, 64.191.64.6, transport5nh.azoogle.com 1, 64.191.63.0 - 64.191.64.255, teleport6nh.azoogle.com (hostnoc.net) 1, 66.197.140.0 - 66.197.140.255, azoogle.com (hostnoc.net) 1, 66.197.170.0 - 66.197.170.255, azoogle.com (hostnoc.net) Ooops... forgot to comment on this one?! ======================================================================================= Hosted sex-rx/cjlinc spammers: Saying they were removed... Mulitple chances for a known spam house? 1, 64.191.53.130, hotoptions.net / taxsaleconsultant.com <= still on 1, 64.191.48.239, cjlinc.net / jhthosting.com 1, 64.191.48.221, n-large.net 1, 64.191.48.224/28, cjlinc.net / jhthosting.com (hostnoc.net) 2, 64.191.48.0/24, hostnoc.net (cjlinc.net / jhthosting.com) 1, 64.191.23.207, jhthosting.com / praclicars.com 2, 64.191.48.224/28, hostnoc.net (cjlinc.net / jhthosting.com) ======================================================================================= Hosted spamming Benedetto!?: 1, 64.191.4.49, Fred Benedetto / meczan.com ======================================================================================= Hosted domain spammer Jack Tang: 1, 64.191.108.89, easy-internic.com 1, 64.191.108.4, ns2.server-24.net 1, 64.191.108.96 - 64.191.108.111, easy-internic.com (hostnoc.net) 1, 66.96.241.214, easy-internic.com 1, 66.96.241.128/25, easy-internic.com / dynastyhost.com (hostnoc.net) 1, 66.96.241.0/24, easy-internic.com / dynastyhost.com (hostnoc.net) 1, 66.96.236.0 - 66.96.246.255, hostnoc.net (easy-internic.com / dynastyhost.com) ======================================================================================= Hosting the Eserve spam house: 1, 66.197.173.111, mail2-pa.youremaildelivery.com 1, 66.197.173.120, mail01.eserve02.com 1, 66.197.173.0/24, hostnoc.net (Eserve) 1, 66.96.216.100, mail.eserve02.com / mail.personaldefensesolutions.com / ns1.nameserv01.com 1, 66.96.216.0/24, hostnoc.net (Eserve) ======================================================================================= Hosting the wordsnimages/emailresponders spam house: 1, 64.191.29.225, thanksforthereply.com 1, 64.191.29.128/25, hostnoc.net (thanksforthereply.com) ns1.i-netservices.net A 64.191.21.2 ar001.i-netservices.net A 64.191.21.2 ns2.i-netservices.net A 64.191.21.3 i-netservices.net A 64.191.21.6 ar002.i-netservices.net A 64.191.26.122 m2.i-netservices.net A 64.191.26.126 ar004.i-netservices.net A 64.191.29.225 m4.i-netservices.net A 64.191.29.229 ar003.i-netservices.net A 64.191.35.175 m3.i-netservices.net A 64.191.35.179 ar005.i-netservices.net A 64.191.53.205 m5.i-netservices.net A 64.191.53.209 ar006.i-netservices.net A 64.191.53.210 ======================================================================================= Hosted Brazilan "globodata.com.br" spam house: 1, 64.191.6.165, ns1.globodata.com 1, 64.191.6.166, ns1.globodata.com 1, 64.191.6.167, globodata.com 1, 64.191.6.0/24, globodata.com (Hostnoc) 1, 64.191.14.99, ns1.braserver.com 1, 64.191.14.100, ns2.braserver.com 1, 64.191.14.0/24, ns2.braserver.com (Hostnoc) ======================================================================================= Hosted muddyshoes.com spammer: (dead) 1, 64.191.48.224, muddyshoes.com / jhthosting.com 1, 64.191.48.0/24, hostnoc.net (muddyshoes.com / jhthosting.com) ======================================================================================= Hosted: 1, 64.191.95.30, galaxymailer.com 1, 64.191.95.0/27, galaxymailer.com (Hostnoc) ======================================================================================= Hosted: 1, 64.191.29.140, Dean Schlenker / internet-marketing.1bz.com (hostnoc.net) 1, 64.191.12.69, Dean Schlenker / dns1.cybersidehosting.com (justice.dnsfreedom.com) (hostnoc.net) 1, 64.191.12.70, Dean Schlenker / dns2.cybersidehosting.com (justice.dnsfreedom.com) (hostnoc.net) ======================================================================================= Had a great time hosting "Magnus" "Sam Roland" and the Innovasion spam house for a couple of months. 1, 66.197.225.3, "ftp.mexicohost.net" 1, 66.197.225.0/24, Hostnoc ("mexicohost.net") 1, 66.197.223.0 - 66.197.227.255, Hostnoc ("mexicohost.net" / s1.rupees.biz)) 1, 66.96.223.160, Innovasion / s1.rupees.biz 1, 66.96.223.0/24, Hostnoc (Innovasion / s1.rupees.biz) 1, 66.96.220.0 - 66.96.226.255, Hostnoc ("mexicohost.net" / s1.rupees.biz)) 1, 66.197.208.166, Innovasion / ztqlrni.ph / s1.rupees.biz / ftp.shivindustries.com 1, 66.197.208.173, Innovasion / s1.rupees.biz 1, 66.197.208.15, Innovasion / ztqlrni.ph / s1.rupees.biz 1, 66.197.208.32, Innovasion / ns.todnkewgrpy.ph / ns.ztqlrni.ph / s1.rupees.biz 1, 66.197.208.0/24, Hostnoc (Innovasion / ztqlrni.ph) 1, 66.197.198.0 - 66.197.218.255, Hostnoc (Innovasion / ztqlrni.ph) 1, 64.191.11.60, Innovasion / server.moscowhost.net / http://64.191.11.60/index.htm / "ftp.oroplaza.net.mz" 1, 64.191.11.64, Innovasion / server.moscowhost.net / http://64.191.11.64/index.htm 1, 64.191.11.0/25, Innovasion / server.moscowhost.net / http://64.191.11.64/index.htm 1, 64.191.10.0 - 64.191.12.255, Hostnoc (Innovasion) 1, 66.96.223.160, Innovasion / s1.rupees.biz 1, 66.96.223.0/24, Hostnoc (Innovasion / s1.rupees.biz) 1, 66.96.220.0 - 66.96.226.255, Hostnoc (Innovasion / s1.rupees.biz) 1, 66.96.192.200, inter.burst.net 1, 66.96.192.0 - 66.96.192.255, Hostnoc (Innovasion) 1, 64.191.51.85, Innovasion / "intrusiveeye" 1, 64.191.51.0/24, Innovasion / "intrusiveeye" (hostnoc.net) 1, 64.191.48.0 - 64.191.54.255, hostnoc.net (Innovasion / "intrusiveeye") 1, 205.162.50.0 - 205.162.50.255, hostnoc.net (Innovasion / "intrusiveeye") ======================================================================================= Hosted spamqueen Rachlela Pruitt: 1, 66.197.244.254, Rachlela Pruitt / myemailcenter.net 1, 66.197.244.224/28, Rachlela Pruitt / myemailcenter.net (hostnoc.net) ======================================================================================= Hosted spammer SamAl: 2, 64.191.13.67, whoamed.com (dead?) 2, 64.191.13.0/25, whoamed.com (hostnoc.net) 2, 64.191.23.144, ns2.oasisvn.com (dead?) 2, 64.191.23.128/25, ns2.oasisvn.com (hostnoc.net) (was moved to level 1) ======================================================================================= ======================================================================================= 1, 66.96.216.175 - 66.96.216.184, interservers.com (hostnoc.net) inter.burst.net ([66.96.192.200]) ======================================================================================= Network Operations Center Inc. (NETBLK-HOSTNOC) P.O. Box 400 Bloomsburg, PA 17815-0400 US Netname: HOSTNOC Netblock: 66.96.192.0 - 66.96.255.255 Maintainer: NOC Coordinator: Arcus, Matthew (ZMA1-ARIN) shawn@hostnoc.net 570-784-2491 x7 Domain System inverse mapping provided by: NS1.HOSTNOC.NET 66.96.193.3 NS2.HOSTNOC.NET 66.96.194.3 Record last updated on 13-Jul-2001. ======================================================================================= OrgName: Network Operations Center Inc. OrgID: NOC Address: P.O. Box 400 City: Bloomsburg StateProv: PA PostalCode: 17815-0400 Country: US NetRange: 64.191.0.0 - 64.191.127.255 CIDR: 64.191.0.0/17 NetName: HOSTNOC-3BLK NetHandle: NET-64-191-0-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation NameServer: NS1.HOSTNOC.NET NameServer: NS2.HOSTNOC.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2002-05-31 Updated: 2002-05-31 TechHandle: ZMA1-ARIN TechName: Arcus Matthew TechPhone: +1-570-784-2491 TechEmail: shawn@hostnoc.net ======================================================================================= OrgName: Network Operations Center Inc. OrgID: NOC Address: P.O. Box 400 City: Bloomsburg StateProv: PA PostalCode: 17815-0400 Country: US NetRange: 66.197.128.0 - 66.197.255.255 CIDR: 66.197.128.0/17 NetName: HOSTNOC-2BLK NetHandle: NET-66-197-128-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: NS1.HOSTNOC.NET NameServer: NS2.HOSTNOC.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2001-11-01 Updated: 2002-02-27 TechHandle: ZMA1-ARIN TechName: Arcus Matthew TechPhone: +1-570-784-2491 TechEmail: shawn@hostnoc.net ======================================================================================= ======================================================================================= Domain Name: HOSTNOC.COM Registrar: TUCOWS, INC. Whois Server: whois.opensrs.net Referral URL: http://www.opensrs.org Name Server: NS1.HOSTNOC.NET Name Server: NS2.HOSTNOC.NET Status: ACTIVE Updated Date: 16-dec-2002 Creation Date: 13-jan-2000 Expiration Date: 13-jan-2004 BurstNET Technologies, Inc. PO Box #591 Scranton, PA 18501-0591 US Domain name: HOSTNOC.COM Administrative Contact: Administration, System nic@hostnoc.net PO Box #400 Bloomsburg, PA 17815-0400 US 570-784-2491 Fax: 570-784-3067 Registrar of Record: TUCOWS, INC. Record last updated on 16-Dec-2002. Record expires on 13-Jan-2004. Record Created on 13-Jan-2000. Domain servers in listed order: NS1.HOSTNOC.NET 66.96.193.3 NS2.HOSTNOC.NET 66.96.194.3 ======================================================================================= Domain Name: BURST.NET Registrar: TUCOWS, INC. Whois Server: whois.opensrs.net Referral URL: http://www.opensrs.org Name Server: DNS.BURST.NET Name Server: DNS1.BURST.NET Name Server: NS1.BURST.NET Name Server: NS2.BURST.NET Status: REGISTRAR-LOCK Updated Date: 13-nov-2002 Creation Date: 03-jan-1998 Expiration Date: 02-jan-2005 BurstNET Technologies, Inc. PO Box #591 Scranton, PA 18501-0591 US Domain name: BURST.NET Administrative Contact: Administration, System nic@burst.net PO Box #591 Scranton, PA 18501-0591 US 570-343-2200 Fax: 570-343-9533 Registrar of Record: TUCOWS, INC. Record last updated on 20-Mar-2002. Record expires on 02-Jan-2005. Record Created on 03-Jan-1998. Domain servers in listed order: NS1.BURST.NET 66.96.208.20 DNS.BURST.NET 66.96.193.2 NS2.BURST.NET 66.96.208.21 DNS1.BURST.NET 66.96.194.2 ======================================================================================= UPDATE: For what it's worth: UPDATE: Rude hinting at listwashing. From: "ericj" To: Subject: RE: {100-4012} RE: Junk Email Date sent: Fri, 28 Mar 2003 09:24:08 -0500 Listen pal, I don't dare assume to read your mind. I do not have time for your stupid games. There are many people: that receive junk mail unsolicited. They are many people; that forget that receiving commerical email is not against the law if they requested it. I do not care to know your habbits, or where you haunt during your day. If you want my help keep it straight, and keep it short and by all means keep it sweet. Your next reply ought to be "I did not request this junk mail", then I will see to it that you won't get it from them again. -Eric D. Jarman Network Abuse Burstnet Technologies Network Abuse (570) 343-2200 extension 25. 1-877-BurstNet :1-877-287-7863 mailto:nanae@burst.net (news.admin.net-abuse.email ) ======================================================================================= === And here is a bit about Azoogle spammers === === http://www.politechbot.com/p-04371.html === Date: Sat, 25 Jan 2003 12:35:51 -0500 To: politech[AT]politechbot.com Subject: FC: One irked sysadmin's tale of struggling against the spam tide From: Declan McCullagh <...> 2. I blocked all traffic from the well-known spammers at azoogle.com nearly a year ago. My mail servers return the correct response codes to every SMTP connection from them, indicating that access has been permanently denied; the text message which accompanies it indicates why. However, they're still pounding away multiple times per day, every day, on every mail server I have. A small sample of abridged log entries from the last 24 hours: Jan 19 16:49:03 sendmail: arg1=transport23b.azoogle.com, arg2=66.197.140.226, reject=550 5.0.0 Jan 19 17:23:41 sendmail: arg1=transport23e.azoogle.com, arg2=66.197.140.229, reject=550 5.0.0 Jan 20 09:06:19 sendmail: arg1=transport12c.azoogle.com, arg2=66.197.140.72, reject=550 5.0.0 I have 12,814 more log entries just like that in my archives. === And another one === === http://www.webhostingtalk.com/showthread.php?threadid=130298&perpage=15&pagenumber=6 === WCSWEB Junior Guru Registered: Feb 2002 Posts: 211 Status: Offline According about 500 headers that I have collected just from azoogle on my personal server everything comes from azoogle: Received: from [66.197.140.217] (HELO transport21.freephotofilm-mail.com) Subject: Get an Unsecured Gold .. No Credit Checks Received: from [66.197.140.211] (HELO transport20.freephotofilm-mail.com) Subject: NO Obligation. ~~~ GET a CAR Now!! Received: from [66.197.140.242] (HELO transport6.freephotofilm-mail.com) Subject: Make Today your Payday ($500 CashAdvance) Received: from [66.197.140.57] (HELO transport9.freephotofilm-mail.com) Subject: === It's easy to get the car that you want! === Received: from [66.197.140.33] (HELO transport3.freephotofilm-mail.com) Subject: Adult Smoker? Win a FLATSCREEN Worth $2000... Yes the domain is not azoogle but if you go to that domain you will get to azoogle.com. Spammers are always developing new tricks to hide their identity. We all know that Sean or Shawn or whoever writes behind that screen name is not going to come here and admit it "oh.. yeah one of our largest client is a big spammer" __________________ WCSWEB NETWORKS Contact us on aim: wnaservers http://www.wcshost.Net "Your Internet Presence Provider" http://www.worldtradeny.com "A nation destroyed in 1 hour" 04-09-2003 01:16 AM === Summary on HostNOC/BurstNET's behaviour === Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net!ord-read.news.verio.net.POSTED!not-for-mail Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S627 Update Request References: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> <0f058b7a069054c4e148e3f52b42f49c.125501@mygate.mailgate.org> Organization: Not Much X-Newsreader: trn 4.0-test69 (20 September 1998) From: bonomi@c-ns. (Robert Bonomi) Lines: 127 Message-ID: Date: Fri, 23 May 2003 23:08:57 GMT NNTP-Posting-Host: 207.241.52.60 X-Complaints-To: abuse@verio.net X-Trace: ord-read.news.verio.net 1053731337 207.241.52.60 (Fri, 23 May 2003 23:08:57 GMT) NNTP-Posting-Date: Fri, 23 May 2003 23:08:57 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1993333 In article <0f058b7a069054c4e148e3f52b42f49c.125501@mygate.mailgate.org>, BurstNET wrote: ><< You are a liar. Your own posts *TODAY* show listings that SPEWS has >'downgraded' to "watch" status, from "block". >> > >I don't know what you are smoking... > >I still see everything that was listed at Level 1 as still being listed >as such in S421. Nothing was updated in the record as fasr as to reflect >the spammers that we DID remove. From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: SPEWS S627 Update Request Date: Tue, 20 May 2003 01:18:01 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 19 Message-ID: <98a924e6087034acb10aad33ca3370c2.125501@mygate.mailgate.org> NNTP-Posting-Host: pa-scranton6d-16-18510.fw.scra1.hostnoc.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1053370650 26801 66.96.192.40 (Tue May 20 03:18:01 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 20 May 2003 01:18:01 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=pa-scranton6d-16-18510.fw.scra1.hostnoc.net; posting-account=125501; posting-date=1053370650 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/98a924e6087034acb10aad33ca3370c2.125501%40mygate.mailgate.org Xref: dfw-artgen news.admin.net-abuse.email:1566701 This guy has not been hosted on our network for months: 2, 64.191.4.19, Peter DeCaro / i-marketingpro.com / lead-depot.com (everity.com) (dead?) 2, 64.191.4.0/24, Peter DeCaro / i-marketingpro.com (everity.com / servershost.net / hostnoc.net) 2, 64.191.38.236, Peter DeCaro / bulkingpro.com (dead?) 2, 64.191.38.0/24, Peter DeCaro / bulkingpro.com (hostnoc.net) Please delist record. SMA PRES/CEO BURSTNET Now, tell me again how they, in _your_ words, "never downgrade *ANYTHING*" (emphasis added). You're the one trying to 'blow smoke', and it _isn't_ fooling anybody. You may have cleaned up some of the small-fry problems. You *continue* to duck any substantive action on the 'big one'. The facts remain that Azoogle: (1) has been, and *continues* to send large amounts of email to people who _did_not_request_it_. (Because "anybody" can sign "somebody else" up for the mailings, and they _don't_ confirm the sign-ups.) (2) has been, and *continues* to send email in violation of state law in some 20+ states. (Failure to use required Subject line tags.) *BOTH* of those items are out-and-out violations of _YOUR_ Acceptable Use Policy. You have allowed them to do this for _years_. DESPITE repeated notifications. It is difficult, if not impossible, for anyone on the 'outside' to draw any conclusion *other* than "Azoogle's money speaks louder than your ethics". Azoogle's _current_ behaviors are *at*least* 5 years behind what a large part of the 'rest of the Internet' currently considers to be "the mimimnum acceptable" level of responsibility.. You (burst.net) appear to tolerate that 'largely unacceptable' behavior, _even_though_ you have published policies expressly forbidding it. The only rational explanation is that you have decided that the monies received for *tolerating* that proscribed behavior by your downstream customers is *VALUABLE*ENOUGH* to you that you "don't care" about the abuse of _other_ people's property. This damages the 'good will' extended to you by other network operators. Without that "good will", your company does _not_ have a saleable product/ service. SPEWS is, at it's simplest, nothing more than an expression of 'how much' good will you have *lost*. SPEWS is simply expressing the opinion that listed address-blocks are no longer "deserving" of the extension of "good will". You see an "impact" of that opinion, *ONLY* because of the number of people who *agree* with it, and _stop_ extending 'good will' to you, and indirectly, your customers. Unfortunately, once "good will" is damaged/lost, it is _difficult_ to regain. "Trust me, we're working on it" doesn't cut it. Your prior 'bad acts' have killed any basis for extending trust. You _are_ at the mercy of the "opinion" of others, with regards to the way you run *your* business. You don't have to _agree_ with them. But, *IF* you want them to "talk to you", you _do_ have to 'play by -their- rules'. "Right" vs. "wrong" doesn't enter into it, just pragmaticzm. "Half measures" don't cut it. Either you enforce what the "rest of the 'net" sees as 'appropriate' policies for *ALL* your users, or you _are_ "part of the problem." The Internet is a *CO-OPERATIVE*VENTURE*. _EVERY_ participant needs the "rest of the 'net" more than the "rest of the 'net" needs that participant. All too many times in the past, companies have shown up in this newsgroup trying to do "the _minimum_ necessary" to get a blocklist entry removed. Too many times, blocklist operators _have_ believed the "we're working on it" protestations, and re-extended good will, *only* to have that trust and good will abused. As a result, it's "actions *first*, then _maybe_ we'll trust". Show _complete_ commitment to being a "good net neighbor", and you'll be welcomed back to the community, probably. Give even the _appearance_ of ignoring _part_ of the problem, or trying to sweep it under the rug, and you'll find Siberia looks warm. === BurstNET hides the evidences?.. === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!feed.news.qwest.net !cletus.bright.net!not-for-mail From: "Giblet - MN State Resident" Newsgroups: news.admin.net-abuse.email References: <8ejndv09frv79mkvg36dnvomj5uj6u0lit@4ax.com> Subject: Re: "Writing an article on the IP black list problem" Lines: 26 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-ID: Date: Mon, 2 Jun 2003 21:13:55 -0500 NNTP-Posting-Host: 216.114.194.20 X-Complaints-To: abuse@hickorytech.net X-Trace: cletus.bright.net 1054606411 216.114.194.20 (Mon, 02 Jun 2003 22:13:31 EDT) NNTP-Posting-Date: Mon, 02 Jun 2003 22:13:31 EDT Organization: HickoryTech Internet Xref: uni-berlin.de news.admin.net-abuse.email:1999922 "NoLegs" wrote in message news:8ejndv09frv79mkvg36dnvomj5uj6u0lit@4ax.com... > Why do people always want to write about the "IP black list problem" > and not on the spam support problem that resulted in the "IP black > list problem"? > > Looking in forums.burst.net for my daily chuckle and found this > interesting tid-bit. > > http://FORUMS.burst.net/showthread.php?s=f80f762efe4a06be5cf47be2f29947c9&po stid=7350#post7350 > I just noticed something - burt.net has gone through the forums and removed any posts talking about their spamming problem. There used to be a ton of posts within that thread from both their pissed customers and others discussing why burst.net has such a spammer problem - but all those posts have now disappeared - leaving only the posts from their pissed customers trashing SPEWS. -- Gib === BurstNET's abuse guy no longer works for BurstNET === Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: edj116@psu.edu (Eric D. Jarman) Newsgroups: news.admin.net-abuse.email Subject: Eric D. Jarman and burstnet /nocster have parted ways Date: 5 Jun 2003 09:25:19 -0700 Organization: http://groups.google.com/ Lines: 60 Message-ID: NNTP-Posting-Host: 146.186.136.171 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1054830319 27662 127.0.0.1 (5 Jun 2003 16:25:19 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 5 Jun 2003 16:25:19 GMT Xref: uni-berlin.de news.admin.net-abuse.email:2001697 This is to inform the net-abuse community at large, that I Eric D. Jarman formerly nanae@burst.net no longer work for Burst.net / nocster.net as of 5/23/03. BurstNET (BURSTN-2) BURSTNET TECHNOLOGIES INC (BURSTN) BurstNET Technologies, Inc. (BURSTN-1) BurstNET, BurstNET (BB1677-ARIN) support@burst.net +1-570-343-2200 BurstNET BURSTNET274 (NET-66-197-191-2-1) 66.197.191.2 - 66.197.191.254 BurstNET BURSTNET494 (NET-66-197-189-2-1) 66.197.189.2 - 66.197.189.254 BURSTNET TECHNOLOGIES INC BURSTNET820 (NET-66-96-192-200-1) 66.96.192.200 - 66.96.192.254 BURSTNET TECHNOLOGIES INC BURSTNET726 (NET-66-96-193-2-1) 66.96.193.2 - 66.96.205.192 BURSTNET TECHNOLOGIES INC BURSTNET432 (NET-66-96-206-2-1) 66.96.206.2 - 66.96.207.255 BURSTNET TECHNOLOGIES INC BURSTNET717 (NET-66-96-211-2-1) 66.96.211.2 - 66.96.211.254 BURSTNET TECHNOLOGIES INC BURSTNET982 (NET-66-96-227-2-1) 66.96.227.2 - 66.96.227.254 BURSTNET TECHNOLOGIES INC BURSTNET119 (NET-66-96-239-2-1) 66.96.239.2 - 66.96.239.254 BURSTNET TECHNOLOGIES INC BURSTNET808 (NET-66-96-242-2-1) 66.96.242.2 - 66.96.242.254 BURSTNET TECHNOLOGIES INC BURSTNET817 (NET-66-96-247-140-1) 66.96.247.140 - 66.96.247.164 BurstNET Technologies, Inc. BURSTNET761 (NET-66-96-254-2-1) 66.96.254.2 - 66.96.254.254 BurstNET Technologies, Inc. BURSTNET506 (NET-66-197-150-2-1) 66.197.150.2 - and nocster Nocster (NOCSTE) Nocster NOCSTER407 (NET-66-197-240-0-1) 66.197.240.0 - 66.197.255.255 OrgName: Network Operations Center Inc. OrgID: NOC Address: P.O. Box 400 City: Bloomsburg StateProv: PA PostalCode: 17815-0400 Country: US NetRange: 64.191.0.0 - 64.191.127.255 CIDR: 64.191.0.0/17 NetName: HOSTNOC-3BLK NetHandle: NET-64-191-0-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation NameServer: NS1.HOSTNOC.NET NameServer: NS2.HOSTNOC.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2002-05-31 Updated: 2002-05-31 TechHandle: ZMA1-ARIN TechName: Arcus Matthew TechPhone: +1-570-784-2491 TechEmail: shawn@hostnoc.net # ARIN WHOIS database, last updated 2003-06-04 21:05 # Enter ? for additional hints on searching ARIN's WHOIS database. === Probably - the reason === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-01 !sn-post-01!supernews.com!news.supernews.com!not-for-mail From: adam brower Newsgroups: news.admin.net-abuse.email Subject: Re: Eric D. Jarman and burstnet /nocster have parted ways Date: Thu, 05 Jun 2003 11:40:09 -0500 Organization: read by dave null - use my real addy Message-ID: <3EDF726A.6D15D713@faceville.com> Reply-To: adam@faceville.com X-Mailer: Mozilla 4.77C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; U; PPC) X-Accept-Language: en,de MIME-Version: 1.0 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 26 Xref: uni-berlin.de news.admin.net-abuse.email:2001712 "Eric D. Jarman" wrote: > > This is to inform the net-abuse community at large, that I Eric D. Jarman > formerly nanae@burst.net no longer work for Burst.net / nocster.net as of 5/23/03. > thanks for trying, eric. please email me. i may be able to help you find work at an outfit where you can have some real authority. i know you did your best within corporate constraints. it's burst.net's loss. for other readers, and without violating any confidences, i can now reveal in general terms that eric contacted me constantly to gain evidence with which to convince management that certain burstnet customers were bad neighbors whose presence reflected badly on the company's reputation. unfortunately, they apparently chose to shoot the messenger. adam -- === Or would the reason to be this?.. === Path: uni-berlin.de!fu-berlin.de!feed.news.nacamar.de!newsfeed.icl.net !newsfeed.fjserv.net!news.netkonect.net!btnet-peer0!btnet-feed5!btnet !news.btopenworld.com!not-for-mail From: "Alan" Newsgroups: news.admin.net-abuse.email Subject: Re: Eric D. Jarman and burstnet /nocster have parted ways Date: Fri, 6 Jun 2003 10:23:47 +0000 (UTC) Organization: Me Myself & I Lines: 18 Message-ID: References: NNTP-Posting-Host: host213-120-113-158.in-addr.btopenworld.com X-Trace: titan.btinternet.com 1054895027 15928 213.120.113.158 (6 Jun 2003 10:23:47 GMT) X-Complaints-To: news-complaints@lists.btinternet.com NNTP-Posting-Date: Fri, 6 Jun 2003 10:23:47 +0000 (UTC) X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MSMail-Priority: Normal X-Priority: 3 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Xref: uni-berlin.de news.admin.net-abuse.email:2002290 "Eric D. Jarman" wrote in message news:e74b79e5.0306050825.eee65b5@posting.google.com... > This is to inform the net-abuse community at large, that I Eric D. Jarman > formerly nanae@burst.net no longer work for Burst.net / nocster.net as of 5/23/03. > *Burst Stuff snipped* Ironic that this should happen the week that Burst's listings at spews all get downgraded to either 2 or 0 (Thats right, no more BurstNET blocking via spews.). I'm still using burst.blackholes.us though, (renamed recently from hostnoc.blackholes.us) Alan. === Call for Internet Death Penalty: Burstnet/Hostnoc === Date: Tue, 8 Jul 2003 11:12:53 -0700 From: OldGeek@example.com Subject: Call for Internet Death Penalty: Burstnet/Hostnoc Message-ID: <20030708121252.GA14167@example.com> Newsgroups: news.admin.net-abuse.email Mail-To-News-Contact: postmaster@nym.alias.net Organization: mail2news@nym.alias.net Lines: 178 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ Please redistribute where applicable. ] Call for Internet Death Penalty: Burstnet/Hostnoc The charges: Burstnet have deliberately facilitated abuse of the Internet. Burstnet have been given every opportunity to remove their spammers, and have failed to take advantage of those opportunities. Burstnet have repeatedly lied to the Internet about their spammers. Burstnet have aided and abetted their spammers by listwashing and have thus further abused innocent members of the Internet by handing the addresses of complainers over to spammers. Burstnet have threatened members of the Internet who requested that Burstnet conform to minimal acceptable standards of behaviour. Burstnet claim not to be able to control their own network. Burstnet have continued to profit from the abuse of the Internet, to this very day. (This includes continuing to host the well-known, block-on-sight spammers of Azoogle.) Burstnet have only taken token action against spammers, and then only in response to widespread DNSBL listing of their network. They have refused to be pro-active, have refused to heed warnings about spammers signing up for their services, and refused to remove known spammers. Burstnet have, by their irresponsible conduct, willfully deprived their legitimate customers of the services that they paid for. Burstnet have deliberately aided and abetted this ongoing abuse of the entire Internet. Burstnet have done all this despite being repeatedly told that it is unacceptable behaviour, and being repeatedly asked to stop. The evidence: Copious evidence substantiating all of the above may be found here: http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&safe=off&q=burst.net+group%3Anews.admin.net-abuse.email&btnG=Google+Search&meta=group%3Dnews.admin.net-abuse.email and here: http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&safe=off&q=hostnoc+group%3Anews.admin.net-abuse.email+group%3Anews.admin.net-abuse.email&btnG=Google+Search&meta=group%3Dnews.admin.net-abuse.email and here: http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&safe=off&q=azoogle&btnG=Google+Search&meta=group%3Dnews.admin.net-abuse.email and here: http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&safe=off&q=azoogle&btnG=Google+Search&meta=group%3Dnews.admin.net-abuse.sightings and here: http://www.spews.org/html/S421.html and here: http://www.spamhaus.org/rokso/spammers.lasso?-database=spammers.db&-layout=detail&-response=roksodetail.lasso&-recID=33929&-clientusername=guest&-clientpassword=guest&-search/rokso/spammers.lasso?-database=spammers.db&-layout=detail&-response=roksodetail.lasso&-recordID=33929&-search and here: http://www.aboutspam.com/spamhaus.php and here: http://news.spamcop.net/pipermail/spamcop-geeks/2003-January/004046.html among many other places. See also the following quotes: Shawn Arcus admits supporting the Azoogle spammers: "We know they [azoogle] are legit, because our staff wrote the actual software their service runs on." --- Shawn Arcus, CEO of Burstnet. Shawn Arcus defends his spam-friendly operation: "SPEWS is sorely mistaken if they think they can change the operations of the largest web hosting companies in the world." --- Shawn Arcus, CEO of Burstnet. Eric D. Jarman abuses and insults a victim of Burstnet's abuse: "Listen pal, I don't dare assume to read your mind. I do not have time for your stupid games. There are many people: that receive junk mail unsolicited. They are many people; that forget that receiving commerical email is not against the law if they requested it." --- Eric D. Jarman, "Network Abuse", Burstnet. Shawn Arcus pleads incompetence as a defence: "We do not control what users/domains our dedicated server clients set up on their leased machines. We can kick off a spammer from one machine, and he may appear the next week on a complately different client's machine. We have no control over that, and there is no way we possibly could control that." --- Shawn Arcus, CEO of Burstnet. Shawn Arcus refuses to address the Azoogle issue and looks for "incentives" to remove spammers: "We have spent 2-3 months now cleaning up our network, and have removed a ton of spammers/abusers. Every single listing in SPEWS S421 has been removed and/or dealt with besides Azoogle. And yet, SPEWS has not updated/delisted/removed any of the records. What incentive do we have to continue to deal with such, or to work towards a resolution on the Azoogle issue?" --- Shawn Arcus, CEO of Burstnet. Other self-incriminating quotes may be found at the URIs referenced above. The verdict: There is no need or reason to tolerate the behaviour of rogue ISPs such as Burstnet, who have engaged in long-term, large-scale abuse of the entire Internet. There is therefore no longer any reason for the Internet to accept Burstnet traffic, nor send any. There is, however, need and reason for the civilised portion of the Internet to protect itself from the abuse which Burstnet knowingly and directly facilitates for profit. The sentence: I therefore call for the null-routing of all IP space assigned to Burstnet starting at 1200 UTC on 10 July 2003. This null-routing shall be extended to any IP address or IP block found to be allocated for Burstnet after that time, and shall continue until all IP space controlled by Burstnet is returned to ARIN for reallocation. These blocks include: CIDR NetHandle NetName 66.96.192.0/18 NET-66-96-192-0-1 HOSTNOC 66.197.128.0/17 NET-66-197-128-0-1 HOSTNOC-2BLK 64.191.0.0/17 NET-64-191-0-0-1 HOSTNOC-3BLK Why this is anonymous: First, because this statement should stand or fall on its own merits, and that of the referenced evidence. Who I am, or am not, is unimportant and irrelevant. Second, Burstnet's past history clearly indicates a strong preference for avoiding issues and focusing instead on those who have highlighted those issues. This focus usually consists of abuse, insults, and other attacks (see quote above from the aptly-named Burstnet "abuse" personnel). I decline to furnish Burstnet with the opportunity to distract attention from their own conduct. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (SunOS) iD8DBQE/CtCS9XXdbUg0nBoRAt+MAJ9OZXV4p/VffvpZx9qfLnpMiAVwzQCfUAHR dHEFLDeTueABUbN8Z4/ZEow= =MCTa -----END PGP SIGNATURE----- === Burstnet has replied === From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Date: Wed, 9 Jul 2003 06:50:39 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 75 Message-ID: References: <20030708121252.GA14167@example.com> NNTP-Posting-Host: 1cust4.tnt1.scranton.pa.da.uu.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1057725378 2023 67.235.185.4 (Wed Jul 9 08:50:40 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Wed, 9 Jul 2003 06:50:39 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=1cust4.tnt1.scranton.pa.da.uu.net; posting-account=125501; posting-date=1057725378 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/b4d587fbbede8d9eff3b87d5ef183b59.125501%40mygate.mailgate.org RE: Call for Internet Death Penalty: Burstnet/Hostnoc You know, I maybe could have understood such a strong stance/feeling towards our firm several months ago. We were clueless back then on abuse issues, and didn't pay much attention or take action on abuse issues. Eventually we came to recognize the error of our ways and started to correct abuse issues within our network. However, considering all the work that we have done removing spammers from our network over the past several months, I think this is stance is deceptive and meant as nothing more than trolling to start up trouble. Most of our network has been downgraded to Level2 @ SPEWS, with very few issues at hand remaining to be cleared up. We had a few listing added last week, and we had themn dealt with and taken care of within hours of recognizing the listings. Why didn't we remove them prior to even getting listed in SPEWS? Because we did not know about them until that time. When we do, we remove them as soon as we find out and investigate. Example: tonight we removed melis4glass.com (66.96.205.97) for or network based on abuse dept complaints we received. We have also gotten our SpamHaus listings down from about 25 listings, down to just a handful of remaining ones. Of those, 3 are the same client (vaivo.net), and they have had 2 of 3 servers removed from our network, and we are cleaning out the 3rd server as we speak. To say we are not doing anything about spam is ridiculous at this point. We have been on top of complaints for some time now, and very few new spammers are receiving service. Those that do sneak service orders by us , are dealt with as soon as we find out about the issues with them. Even Azoogle has been doing their part to get their system in order. They have worked on respecting the 5xx denied errors from mail servers. They have also recently removed a ton of questionable clients from their system as well. I know they are doing something about rogue users, as I can tell directly from their MRTG graphs when clients get removed. Also, most of the links given in this posting are VERY old and outdated. If you sort by date you see a decrease in postings month after month this year, and very few posts at all since May 2003. We are doing our job with abuses issue on our network; the minimal sightings posted, and removeal of many spam blocks, speaks for itself. I even personally have been visiting nanae, and posting with my real name/email, to show we do care about abuse on our network, we are here to deal with it at all levels of our company, and are not hiding anything or anyone regarding such. If you choose to make such blockings of our network, that's your decision to make. Just make an educated one based on what I have posted here, and what actions/progress we have done with cleaning up our network, and don't be deceived by such a post pointing our old matters/abusers that no longer even exist on our network, and have not for some time. That post was made for one reason only: trolling. I would not be surprised if this anonymous person that posted this was one of our competitors, trying to damage our company. We are well known as the #2 player in the low-end managed server industry, right behind RackShack...and I know alot of competitors would like to gain our market share. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === What people think of it. Reply 1 === From: kludge@panix.com (Scott Dorsey) Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Date: 9 Jul 2003 15:09:17 -0400 Organization: Former users of Netcom shell (1989-2000) Lines: 19 Message-ID: References: <20030708121252.GA14167@example.com> NNTP-Posting-Host: panix2.panix.com X-Trace: reader1.panix.com 1057777757 19007 166.84.1.2 (9 Jul 2003 19:09:17 GMT) X-Complaints-To: abuse@panix.com NNTP-Posting-Date: Wed, 9 Jul 2003 19:09:17 +0000 (UTC) "BurstNET" wrote: > > You know, I maybe could have understood such a strong stance/feeling > towards our firm several months ago. We were clueless back then on abuse > issues, and didn't pay much attention or take action on abuse issues. The thing is, I am still getting hundreds of spams daily from your customers, and you don't seem to care. This does not appear to be a sign that you are paying attention to abuse issues or taking action on abuse issues. You may have removed some spammers recently, but azoogle, which appears to be a pretty serious problem, remains. And they continue spamming in great volumes. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." === Reply 2 === NNTP-Posting-Date: Wed, 09 Jul 2003 10:53:24 -0500 Message-ID: <2168185.HRNauk0UGA@the-foxhole.com> From: Fox Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Newsgroups: news.admin.net-abuse.email Reply-To: fox@the-foxhole.com Date: Wed, 09 Jul 2003 11:52:42 -0400 References: <20030708121252.GA14167@example.com> Organization: Lumber Cartel Weapons Division Aide MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit Lines: 32 NNTP-Posting-Host: 66.93.3.52 X-Trace: sv3-PilQaeulOtAzJ5Huidw+1WCz1oM2/MrRXTVVSIJ6WsBpDQ6xLlLHjFK4MgnmP8b1MUM3OGhyeaqMf1e!IbWzV6rUDOvMehPFDBHZd7baVUNiFQiv7W3HYtQzwFPItpJOBWK+Q+gpSzi+otP9BkIeuwXdlpPT!9RZcG3KANn+2EA== X-Complaints-To: abuse@speakeasy.net X-DMCA-Complaints-To: abuse@speakeasy.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 BurstNET proclaimed to the masses in : > > To say we are not doing anything about spam is ridiculous at this point. You are not doing enough. Azoogle is still connected. > We have been on top of complaints for some time now, and very few new > spammers are receiving service. Those that do sneak service orders by us > , are dealt with as soon as we find out about the issues with them. You could find out about your spammers even faster by reading your abuse and postmaster mail. > Even > Azoogle has been doing their part to get their system in order. They > have worked on respecting the 5xx denied errors from mail servers. They > have also recently removed a ton of questionable clients from their > system as well. I know they are doing something about rogue users, as I > can tell directly from their MRTG graphs when clients get removed. At this point, termination of Azoogle is the only acceptable solution. Frankly, I don't care how much they're paying you, they are *your* questionable client that needs to be removed. Unless you want to be playing around on an intranet, that is. -- Shadowfox - BOFH, AAS, CNE | Spammers are the weakest link! Please do not throw sausage pizza away. | TINLC#2035 http://www.the-foxhole.org/block.htm -- Use with caution! You have the right to remain silent. Anything you say will be misquoted and then used against you. === Reply 3 === From: kaos@earthlink.net (Darren Gasser) Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Date: 9 Jul 2003 10:12:04 -0700 Organization: http://groups.google.com/ Lines: 13 Message-ID: References: <20030708121252.GA14167@example.com> NNTP-Posting-Host: 63.174.232.199 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1057770724 29327 127.0.0.1 (9 Jul 2003 17:12:04 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 9 Jul 2003 17:12:04 GMT "BurstNET" wrote in message news:... > Even Azoogle has been doing their part to get their system in order. They > have worked on respecting the 5xx denied errors from mail servers. They > have also recently removed a ton of questionable clients from their > system as well. I know they are doing something about rogue users, as I > can tell directly from their MRTG graphs when clients get removed. Then why am I still getting a dozen or so attempts to deliver to web-harvested addresses from them each day even though they haven't received anything but 5xx errors from us for months? My mail logs show absolutely zero change from Azoogle, either in the cleanliness of their lists or their 5xx handling. === Reply 4 === Date: Wed, 9 Jul 2003 15:40:29 -0600 From: SpammerJammer@google.com Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Newsgroups: news.admin.net-abuse.email Message-ID: <20030709194029.GA713@google.com> References: <20030708121252.GA14167@example.com> In-Reply-To: Mail-To-News-Contact: postmaster@nym.alias.net Organization: mail2news@nym.alias.net Lines: 21 On Wed, Jul 09, 2003 at 06:50:39AM +0000, BurstNET wrote: > That post was made for one reason only: trolling. > I would not be surprised if this anonymous person that posted this was > one of our competitors, trying to damage our company. We are well known > as the #2 player in the low-end managed server industry, right behind > RackShack...and I know alot of competitors would like to gain our market > share. It seems that the OldGeek has your number: "Second, Burstnet's past history clearly indicates a strong preference for avoiding issues and focusing instead on those who have highlighted those issues." Yep, that's you all right: still avoiding issues, still blaming others; and still lying, still spamming, still making money from lying and spamming. You also make the mistake of assuming that anyone WANTS your market share: who'd want the market share of a known liar who has spammers and terrorist groups as his best-known customers? === And, just in a case that Burstnet have problems with reading === NNTP-Posting-Date: Wed, 09 Jul 2003 13:27:37 -0500 From: Verbila Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Organization: Verbila Industries, Inc. References: <20030708121252.GA14167@example.com> User-Agent: MT-NewsWatcher/3.1 (PPC) Date: Wed, 09 Jul 2003 11:24:38 -0700 Message-ID: Lines: 164 NNTP-Posting-Host: 66.117.141.55 X-Trace: sv3-bhCzsYYYLWaimpfvxp3QVRVDMVOCnSJuLk5tW8kiOIzNvjF5Mqla+CSKi72u92G6AqbNEuKAz3/uv0y!Xhaqp7XN94XmE4129UTm6/PJBqBuHVST4mk3xyRniPSwlhLk548sBFu7SQ723eQjHCnn7vAREujw!+hcubwYTC5kwcw== X-Complaints-To: abuse@lmi.net X-DMCA-Complaints-To: abuse@lmi.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 In article , "BurstNET" wrote: > RE: Call for Internet Death Penalty: Burstnet/Hostnoc > > You know, I maybe could have understood such a strong stance/feeling > towards our firm several months ago. We were clueless back then on abuse > issues, and didn't pay much attention or take action on abuse issues. > Eventually we came to recognize the error of our ways and started to > correct abuse issues within our network. Do you have a reading comprehension problem, or do you just enjoy ignoring the PRIMARY ISSUE OF YOUR SPAMMING CUSTOMER? Here's some hints for you: ## ###### #### #### #### # ###### # # # # # # # # # # # # # # # # # # # # ##### ###### # # # # # # ### # # # # # # # # # # # # # # # ###### #### #### #### ###### ###### _ __ _ ____ ___ ___ __ _ | | ___ / _` | |_ / / _ \ / _ \ / _` | | | / _ \ | (_| | / / | (_) | | (_) | | (_| | | | | __/ \__,_| /___| \___/ \___/ \__, | |_| \___| |___/ dP 88 .d8888b. d888888b .d8888b. .d8888b. .d8888b. 88 .d8888b. 88' `88 .d8P' 88' `88 88' `88 88' `88 88 88ooood8 88. .88 .Y8P 88. .88 88. .88 88. .88 88 88. ... `88888P8 d888888P `88888P' `88888P' `8888P88 dP `88888P' .88 d8888P ^ ^ ^ ^ ^ ^ ^ /a\ /z\ /o\ /o\ /g\ /l\ /e\ <___><___><___><___><___><___><___> .d8b. d88888D .d88b. .d88b. d888b db d88888b d8' `8b YP d8' .8P Y8. .8P Y8. 88' Y8b 88 88' 88ooo88 d8' 88 88 88 88 88 88 88ooooo 88~~~88 d8' 88 88 88 88 88 ooo 88 88~~~~~ 88 88 d8' db `8b d8' `8b d8' 88. ~8~ 88booo. 88. YP YP d88888P `Y88P' `Y88P' Y888P Y88888P Y88888P __ ___ __ __ __ __ ___ ( ) (_ ) / \ / \ / _)( ) ( _) /__\ / / ( () )( () )( (/\ )(__ ) _) (_)(_)(___) \__/ \__/ \__/(____)(___) 888 ,"Y88b 8P d8P e88 88e e88 88e e88 888 888 ,e e, "8" 888 P d8P d888 888b d888 888b d888 888 888 d88 88b ,ee 888 d8P d Y888 888P Y888 888P Y888 888 888 888 , "88 888 d8P d8 "88 88" "88 88" "88 888 888 "YeeP" , 88P "8",P" . ,-. ,_, ,-. ,-. ,-. | ,-. ,-| / | | | | | | | |-' `-^ '"' `-' `-' `-| `' `-' ,| `' AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE AZOOGLE ___ /\ \ /::\ \ /:/\:\ \ /::\~\:\ \ /:/\:\ \:\__\ \/__\:\/:/ / \::/ / /:/ / /:/ / \/__/ ___ /\ \ \:\ \ \:\ \ \:\ \ _______\:\__\ \::::::::/__/ \:\~~\~~ \:\ \ \:\__\ \/__/ ___ /\ \ /::\ \ /:/\:\ \ /:/ \:\ \ /:/__/ \:\__\ \:\ \ /:/ / \:\ /:/ / \:\/:/ / \::/ / \/__/ ___ /\ \ /::\ \ /:/\:\ \ /:/ \:\ \ /:/__/ \:\__\ \:\ \ /:/ / \:\ /:/ / \:\/:/ / \::/ / \/__/ ___ /\ \ /::\ \ /:/\:\ \ /:/ \:\ \ /:/__/_\:\__\ \:\ /\ \/__/ \:\ \:\__\ \:\/:/ / \::/ / \/__/ ___ /\__\ /:/ / /:/ / /:/ / /:/__/ \:\ \ \:\ \ \:\ \ \:\__\ \/__/ ___ /\ \ /::\ \ /:/\:\ \ /::\~\:\ \ /:/\:\ \:\__\ \:\~\:\ \/__/ \:\ \:\__\ \:\ \/__/ \:\__\ \/__/ "Can you hear me now?" -verbila === Burstnet: what happens at Azoogle is not our problem, we don't even care === From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Date: Wed, 9 Jul 2003 14:58:08 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 41 Message-ID: <66693f615cb314176411f641c1bdcad4.125501@mygate.mailgate.org> References: <20030708121252.GA14167@example.com> NNTP-Posting-Host: 1cust69.tnt1.scranton.pa.da.uu.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1057755635 21223 67.235.185.69 (Wed Jul 9 16:58:08 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Wed, 9 Jul 2003 14:58:08 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=1cust69.tnt1.scranton.pa.da.uu.net; posting-account=125501; posting-date=1057755635 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/66693f615cb314176411f641c1bdcad4.125501%40mygate.mailgate.org > I see nothing there that retracts the authors original charge, just a > concession that you had 'changed your tune' and removed the sites. We never changed out tune, that was our tune the entire time. At no time whatsoever did our company support or condone the hosting of terrorist websites. We just couldn't remove the sites until the investigation was completed. As soon as the investigation was completed, they were removed immediately. All new terrorist sites we find on our network are terminated immediately, without us even investigating such issues. > IMO you are a lying sack-of-shit CEO who transparently tries to pull the > wool over the eyes of others as to your actions and intent, *this* is > the main reason I support this call for an IDP, you cannot be trusted, > ergo your company cannot be trusted leading to the fact that your > network cannot be trusted. You are entitled to your opinion, but our 140,000 customers disagree with you. > And I'll ask again the question you continue to dodge, what about > Azoogle, or better yet when will you act on Azoogle supplying > image-hosting and redirection services to spammers by terminating them? This is not occuring on out network, and therefore is not our responsibility/problem. We do not know if this is true or not, nor even care. All we care about is our network, and abuse that occurs on it, and only on it. We are not going to investigate actions on someone else's network, as it's none of our damn business. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === Just for the archive === From: invalid@example.com Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Message-ID: References: <20030708121252.GA14167@example.com> <66693f615cb314176411f641c1bdcad4.125501@mygate.mailgate.org> X-Newsreader: Forte Agent 1.91/32.564 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 24 Date: Wed, 09 Jul 2003 22:58:27 GMT NNTP-Posting-Host: 207.220.159.244 X-Complaints-To: abuse@earthlink.net X-Trace: newsread2.prod.itd.earthlink.net 1057791507 207.220.159.244 (Wed, 09 Jul 2003 15:58:27 PDT) NNTP-Posting-Date: Wed, 09 Jul 2003 15:58:27 PDT Organization: EarthLink Inc. -- http://www.EarthLink.net "BurstNET" wrote: > > And I'll ask again the question you continue to dodge, what about > > Azoogle, or better yet when will you act on Azoogle supplying > > image-hosting and redirection services to spammers by terminating them? > > This is not occuring on out network, and therefore is not our > responsibility/problem. We do not know if this is true or not, nor even > care. All we care about is our network, and abuse that occurs on it, and > only on it. We are not going to investigate actions on someone else's > network, as it's none of our damn business. Just for the archives... traceroute to mail.azoogle.com [66.197.140.2], ... 20 [ 38.112.4.134] hostnoc-faste.demarc.cogentco.com 250 ms 21 [ 66.197.191.25] ge-4-0-ppl.rtr0.sctn.hostnoc.net 260 ms 22 [ 66.197.140.2] azoogle.com 260 ms Network Operations Center Inc. HOSTNOC-2BLK (NET-66-197-128-0-1) 66.197.128.0 - 66.197.255.255 Azoogle.com AZOOGLEC315 (NET-66-197-140-0-1) 66.197.140.0 - 66.197.140.255 === Azoogle is off after their contract with Burstnet has finished. === === What others think about it === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!newsfeed2.easynews.com !newsfeed1.easynews.com!easynews.com!easynews!c03.atl99!news.webusenet.com !newscene!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: Burstnet lies AGAIN, keeps supporting spam [Re: Official BurstNET News on Azoogle] Date: 2 Aug 2003 06:45:54 -0500 Lines: 41 Message-ID: <9t8nivgk88p78vjl41ojgbmofsft0ah4bv@4ax.com> References: <57a5a1c9.0307091717.592b4848@posting.google.com> <20030801144024.GA26278@example.com> <3F2A90F6.CEB4560C@yah00.c0m> <3F2AA3ED.77E6@yahoogroups.com> Reply-To: wrjames.remove@spamreaper.org X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Xref: uni-berlin.de news.admin.net-abuse.email:2038860 On Fri, 01 Aug 2003 10:31:26 -0700, Bob O`Bob wrote: >Jon Newton wrote: >> >> >> > >> >At least 364 days to go... >> >> This is the same exact ideology we are using. >> > > >That's only half the strategy. > >The other half is that someone has to show me they actually want to >send some legitimate traffic, totally unrelated to the blockage, >from that network to mine. > >I see no need to trust "reformed" spam supporters until ALL conditions are met. > > > Bob Agreed. But one of the conditions is that they must first lose more than they could have possibly taken is from the spam support. In this case, that may mean forever since they harbored the scum for so long and was apparently the only reason they stayed in business for a long time. Burstnet hasn't shown themselves to be anything other than spam friendly slugs so far. They didn't terminate azoogle, they kept the accounts active for the duration of the contract. That's hardly an act worthy of peering. Whether azoogle is there or not at the moment is irrelevant. Burstnet has not reformed and apparently has no intention of reforming, and they cannot be trusted to boot spammers. William R. James === And how Burst CEO wants their IPs removed from SPEWS === Path: uni-berlin.de!fu-berlin.de!news.mailgate.org!mygate.mailgate.org !7-pool2.ras10.nynyc-t.alerondial.net!not-for-mail From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S421 Update Date: Tue, 5 Aug 2003 05:28:12 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 38 Message-ID: <5a0caa91b8742388dd241a33fcde798a.125501@mygate.mailgate.org> References: NNTP-Posting-Host: 7-pool2.ras10.nynyc-t.alerondial.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1060040063 17543 206.149.197.7 (Tue Aug 5 07:28:11 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 5 Aug 2003 05:28:12 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=7-pool2.ras10.nynyc-t.alerondial.net; posting-account=125501; posting-date=1060040063 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/5a0caa91b874 2388dd241a33fcde798a.125501%40mygate.mailgate.org Xref: uni-berlin.de news.admin.net-abuse.email:2041155 "Harald Hein" wrote in message news:Xns93CE49A9DB94hhtoken@194.97.5.16 > "BurstNET" wrote: > > > This domain was previously suspended, > > Read: We tried to blow some smoke > > > re-appeared, > > Read: We liked their money more than our connectivity > > > and has now been completely deleted: > > Read: The contract expired, and they got a better pink deal somewhere > else. Listen genius, why don't you do your research on the dedicated server industry before you stick your foot in your mouth. pacificpharmacy.ca never paid us a dime, nor did we even set the account up on our network. The account was set up on a server by one of our clients that we lease out on a monthly basis, along with hundreds of other domains on the same server. We don't make a penny on each domain that is set up, and if anything, loose money every time a domain is set up. Based on that information, regurgitate your data, and come back with an intelligent statement next time. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === And an effect === Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!nycmny1-snh1.gtei.net !crtntx1-snh1.gtei.net!news.gtei.net!newsfeed1.easynews.com!easynews.com !easynews!newscene!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S421 Update Date: 4 Aug 2003 22:26:29 -0500 Lines: 50 Message-ID: References: Reply-To: wrjames.remove@spamreaper.org X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Xref: uni-berlin.de news.admin.net-abuse.email:2041008 On Mon, 04 Aug 2003 19:28:27 -0700, "Ana C. Dent" wrote: >BurstNET wrote: >> SPEWS S421 Update: >> >> >> This domain was previously suspended, re-appeared, and has now been >> completely deleted: >> >> Yet again hosting new-domains spammer Jack Tang: >> 1, 64.191.62.75, pacificpharmacy.ca >> >> Please remove these: >> 1, 64.191.62.0 - 64.191.62.255, hostnoc/burstnet >> 1, 64.191.40.0 - 64.191.68.255, hostnoc/burstnet (back to level 1) >> >> _____________________________________________ >> >> >> The following have been removed on 7/31/03 as well: >> >> 1, 64.191.64.106, teleport6nh.azoogle.com >> 1, 64.191.64.109, teleport9nh.azoogle.com >> 1, 64.191.64.6, transport5nh.azoogle.com >> 1, 64.191.63.0 - 64.191.64.255, teleport6nh.azoogle.com (hostnoc.net) >> 1, 66.197.140.0 - 66.197.140.255, azoogle.com (hostnoc.net) >> 1, 66.197.170.0 - 66.197.170.255, azoogle.com (hostnoc.net) >> >> >> >> SMA >> PRES/CEO >> BURSTNET >> >> >It is just after the 1st of the month, so you are right on time. >Please remain in SPEWS for the duration which you hosted AZOOGLE.COM Double that. Make it count. SPEWS can do what they want, but burstnet is stuck in a lot of other lists forever. They chose to retain azoogle for the duration of the contract. That is NOT a termination by any stretch of imagination. It is a spam friendly act and simply proves that burstnet keeps their spammers for the duration. I fail to see how azoogle could possibly be used by the sleezebags as an example of anything good. William R. James === And a confirmation from Burst that they were keeping Azoogle === Path: uni-berlin.de!fu-berlin.de!nntp.infostrada.it!news.mailgate.org !mygate.mailgate.org!7-pool2.ras10.nynyc-t.alerondial.net!not-for-mail From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S421 Update Date: Tue, 5 Aug 2003 05:36:11 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 35 Message-ID: <3ab3fa39cc3b34d46c6ddbd61720e931.125501@mygate.mailgate.org> References: NNTP-Posting-Host: 7-pool2.ras10.nynyc-t.alerondial.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1060040063 17543 206.149.197.7 (Tue Aug 5 07:36:11 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Tue, 5 Aug 2003 05:36:11 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=7-pool2.ras10.nynyc-t.alerondial.net; posting-account=125501; posting-date=1060040063 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/3ab3fa39cc3b 34d46c6ddbd61720e931.125501%40mygate.mailgate.org Xref: uni-berlin.de news.admin.net-abuse.email:2041164 > Double that. Make it count. SPEWS can do what they want, but > burstnet is stuck in a lot of other lists forever. They chose to > retain azoogle for the duration of the contract. That is NOT a > termination by any stretch of imagination. It is a spam friendly act > and simply proves that burstnet keeps their spammers for the duration. > I fail to see how azoogle could possibly be used by the sleezebags as > an example of anything good. I don't recall asking for any of our Azoogle related IP listings to be unblocked. I just stated that they were "removed" from our network, for people to take note. What I asked to be unblocked, was the listing in the beginning of the post...which had nothing to do with Azoogle. We really couldn't care less if the ex-Azoogle IPs are ever unblocked, because we don't plan on re-assigning them to clients in the future anyways...keep them in any block lists you want...we don't care at this point in time. << That is NOT a termination by any stretch of imagination. It is a spam friendly act and simply proves that burstnet keeps their spammers for the duration.. >> Sorry, not supplying an additional 2-3 weeks of service to them, was not worth a lawsuit to us for violation of contract. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === My reply === Path: uni-berlin.de!217.22.112.151!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S421 Update Date: 6 Aug 2003 06:15:03 GMT Organization: Private person Lines: 31 Sender: Alexander Sheremet Message-ID: References: <3ab3fa39cc3b34d46c6ddbd61720e931.125501@mygate.mailgate.org> NNTP-Posting-Host: 217.22.112.151 X-Trace: news.uni-berlin.de 1060150503 28526608 217.22.112.151 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:2042132 #begin ceo@burst.net.exe (or was it BurstNET.com) message <3ab3fa39cc3b34d46c6ddbd61720e931.125501@mygate.mailgate.org> reply: ><< That is NOT a termination by any stretch of imagination. It is a spam > friendly act and simply proves that burstnet keeps their spammers for > the duration.. >> > > Sorry, not supplying an additional 2-3 weeks of service to them, was not > worth a lawsuit to us for violation of contract. > > > SMA > PRES/CEO > BURSTNET Thanks for the confirmation that on the Burstnet spammers are not being terminated, but are being hosted until the end of the contract. I hope that Burstnet staying in the public and private blocklists till the end of Burstnet's days was worth it. I do hope that those who were still not blocking the whole Burstnet, will do it now: DNSBL: burst.blackholes.us Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === De-bullshitting the Burstnet CEO's claims === === (yes, Jerry, YOUR work on cleaning up Alabanza IS appreciated) === Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: jerry@bluedragyn.net (Jerry Gilyeat) Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty: Burstnet/Hostnoc Date: 6 Aug 2003 10:39:11 -0700 Organization: http://groups.google.com/ Lines: 57 Message-ID: References: <20030708121252.GA14167@example.com> <3F0C2782.37BBC5DA@yahoo.com> <42dafaf169868c713c499efcf446e414.125501@mygate.mailgate.org> NNTP-Posting-Host: 162.129.44.120 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1060191552 22847 127.0.0.1 (6 Aug 2003 17:39:12 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 6 Aug 2003 17:39:12 GMT Xref: uni-berlin.de news.admin.net-abuse.email:2042562 BURSTNet said: > Most of which is older stuff, before we cracked down on spam/abuse. > Heck, even the terrorist site issue being discussed here is almost a > year and a half ago!!! Talk about bringing up old issues... > > When hosting 140,000 websites, there is going to be plently of > complaints, no matter how well your abuse dept performs. If we hosted > only 100 sites, you would never see a complaint, as we would be able to > monitor each site every second of the day. Unfortunately, we cannot due > that at our size, even with automation. Bullshit. Absolute and total bullshit. I used to work for one of your "competitors" (and most who know my name will know who I'm talking about) and I had -zero- problem running sweeps over all 140000-175000 accounts across the network looking for spamsign. Hell, I could probably re-write the scripts I used, for you. I'm not going to go into the details of what we did, and didn't, look for, but I can assure you, we were pretty damned good about knocking out sites that violated the AUP -before- someone reported them (I'm talking content violations like porn/adult sites, and spamware sites). You want to know how many complaints, per day, I was receiving when I handed the abuse desk over to my successor last year? Less than 200, and most days it was less than 100. That's 100 to 200 complaints, per day, -MAX- for 140,000 domains. That's approximately -1- complaint per -thousand- domains. I was done managing the tickets by lunch (ie. counting complaints, nuking known spammers, going through the nightly scan logs, etc), and my afternoons were spent working on long-term investigations, or doing project work with the sysadmin group. I don't care if you helped start Azoogle. I don't care if they're bringing in 3/4 of your revenue. They are facilititating, aiding and abetting the dissemination of unwanted advertisement (spam) across the net. When I popped my head in here a few weeks back to let everyone know that I was down hiding under my rock, someone suggested I contact you guys to help clean up your mess (hey, it's what I'm known for: going into a hosting company and, BY MY SELF - SOLO, cleaning up and -preventing- what is now happening to you). There -are- people willing to help you guys clean up your act...provided you are willing to do so (and I simply don't think you're willing at this point in time). I'm -one- of those people that will help, but you need to ask for it. Publically. Because until Azoogle and the rest of the spammers are off your network, I'm not allowing email from BURSTnet owned IPs into any of my machines. Got it? -- Jerry Gilyeat === BurstNET - why not to call our old spammers back? === From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S421 Update Date: Wed, 6 Aug 2003 10:18:18 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 39 Message-ID: <2370f36556788b279860d0b9d78112e0.125501@mygate.mailgate.org> References: <5a0caa91b8742388dd241a33fcde798a.125501@mygate.mailgate.org> NNTP-Posting-Host: 1cust208.tnt1.scranton.pa.da.uu.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1060155388 23521 67.235.185.208 (Wed Aug 6 12:18:17 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Wed, 6 Aug 2003 10:18:18 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=1cust208.tnt1.scranton.pa.da.uu.net; posting-account=125501; posting-date=1060155388 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/2370f36556788b279860d0b9d78112e0.125501%40mygate.mailgate.org It never ceases to amaze me the scum and childish individuals that populate this forum. You people bitch and complain about an ISP harbouring spammers, that ISP does what is asked and rids its network of the spammers/abusers, and then you continue to harass and berate them. Shame on you people for acting in such a way, and not being supportive of such a network cleanup. You people are just as bad as the host at the time when the network was afoul. What more do you want? You should be happy with the ISP's actions, their new stance on spam, and congradulate and praise them. If such beratement continues, the the ISP will probably re-think their actions, and go on in the future to host further spammers, or even call the old ones back to regain lost revenue, as it is blatently clear that this communitity will treat ISPs the same regardless of cleaning up their network or not. I can tell you right now, with the treatment we are getting around here, and SPEWS lack of updating records again recently, we have every reason to go right back out and renew contracts of some of our recently removed higher paying clients. We are not going to do that, as we had ulterior motives for cleaning up the network, not related to SPEWS or this community, and besides it being the right thing to do as well. We have spent many month cleaning up the network, and are almost finally purged of spammers/abusers, and don't plan on back-tracking again. Just shame on you people for not being supportive of the very thing you were asking for! Seriously...you need to rethink your treatment of ISPs that are doing the right thing...regardless of past history. Your attitudes/action can directly cause ISPs to NOT clean up their networks, and that is the direct opposite you are trying to accomplish here...so what's the point of such actions? SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === BurstNET fires their abuse guy for trying to enforce the AUP === From: edj116@psu.edu (Eric D. Jarman) Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S421 Update Again Date: 11 Aug 2003 06:24:34 -0700 Organization: http://groups.google.com/ Lines: 86 Message-ID: References: <4b0933d0e8d5c4abf7755089a14db269.125501@mygate.mailgate.org> <207ea9342657f9a11ae5227afaf4a0fa.125501@mygate.mailgate.org> NNTP-Posting-Host: 146.186.136.201 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1060608274 2741 127.0.0.1 (11 Aug 2003 13:24:34 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 11 Aug 2003 13:24:34 GMT "BurstNET" wrote in message news:<207ea9342657f9a11ae5227afaf4a0fa.125501@mygate.mailgate.org>... > << and firing the abuse admin for enforcing the aup in a network >> > Actually, we fired an employee for just cause, Sean Arcus, you are an IDIOT. You, Dan Kilbourne and your girl friend Sandi Howard know, that you are lying and you will not fess up. You did not fire me for just cause, but advised me where your abuse loyalites are alligned: with the hostnoc and burstnet spammers. You really ought to shut your mouth: you don't have MY permission to lie about me ESPECIALLY in public. You are SO cocky and so brazen and are running scared. Herb Jackson your best programmer just jumped ship because he's tired of your stupid lies and underhanded tactics. It's not stoping with him either, IDIOT. The Burstnet AUP is a joke and you fired me for enforcing it. The truth is that the bigger money "clients" of your's are immune to the Burstnet AUP. When one of them threathened to take $5,000.00 a month away if you didn't get rid of me: wa la (I was gone). I told you, DAN and Sandi, that I would not allow any customers to curse me out ( on the phone or in email or IM) period. In combination with that fact that I would not lie to the abuse admins about a fake Azoogle move, you saw me as as threat and obstacle. You boldly exclaimed, that you would open up a NOC just for Azoogle and move them there. The reason you said Azoogle would never go was that Azoogle paid for HALF of the $$$$$$ of the staff. You also stated that You would use fake names to throw everyone off. You stated, that no one would ever find out. It would only be a matter of time before people would find out. You really underestimate the veracity and intelligence of spam fighters. N.A.N.A.E is not known, but the people, that post there are from all walks of life. It wouldn't take long to hunt Azoogle down again and trace them back to you. Guess what? you have proven over and over in the last several months just what an low life you really are. >This employee was not the only one terminated, for similar cause, and the others were not involved with abuse work at all. Another bold face lie. There were no other related firings. > PS - If we had terminated him due to his outlook on abuse, or his > pursuit against abusive users, then we would not have continued that > fight/pursuit after his termination. No stupid, you observed how far we had come in so short of a span. You thought that the reprieve from spews.org on 5/21 and 5/22 signaled, that you could take it from there. You did not forget the hard time that I gave Azoogle's Alex and Joe. They cried to you and you little brother Bengi, the salesman in charge of their account. I wasn't supposed to ask hard questions of Azoogle or about the other major spammers like David Barnes who hosts the equalmail gang down in Florida. You would get scared when I could come up with research in support of violating the BUrstnet AUP. I would get the board members names and any thing else publically filed about these corporations. I researched it all because you required it before you were scared of being sued. I gave you alots of proof. A responds you gave to me about David Barnes was DO NOT touch his servers because you were working on a HUGE deal with him What happened. Did you you my research to blackmail David Barnes and Azoogle into paying higher fees? When one of them admits to it you might be charged with the federal RICO act and rackettering charges. You just think that everyone one else is so stupid and you are so brilliant. I got news for you I'm going to sue your $&! in civil court and work to find out all of the "clients that you hustled" and bring you down in federal court on criminal charges. > If anything, since his employment termination, we have gotten stricter > on AUP/TOS violations and network cleanup! Another lie. Eric D. Jarman === And BurstNET responds to it === From: "BurstNET" Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S421 Update Again Date: Mon, 11 Aug 2003 17:05:33 +0000 (UTC) Organization: Mailgate.ORG Server - http://www.Mailgate.ORG Lines: 20 Message-ID: References: <4b0933d0e8d5c4abf7755089a14db269.125501@mygate.mailgate.org> <207ea9342657f9a11ae5227afaf4a0fa.125501@mygate.mailgate.org> NNTP-Posting-Host: 1cust19.tnt2.scranton.pa.da.uu.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: news.mailgate.org 1060610300 11353 67.235.151.19 (Mon Aug 11 19:05:33 2003) X-Complaints-To: abuse@mailgate.org NNTP-Posting-Date: Mon, 11 Aug 2003 17:05:33 +0000 (UTC) Injector-Info: news.mailgate.org; posting-host=1cust19.tnt2.scranton.pa.da.uu.net; posting-account=125501; posting-date=1060610300 User-Agent: Mailgate Web Server X-URL: http://mygate.mailgate.org/mynews/news/news.admin.net-abuse.email/cfb54ba3c3aaf0602c36c895ef1d4225.125501%40mygate.mailgate.org "Eric D. Jarman" wrote in message news:e74b79e5.0308110524.130b8ca8@posting.google.com Eric, You are in lala land, an imaginary place where your fantasies exist. And, you just violated your NDA with us, regardless of the fact that most of that crap you just spewed is false. You'll be hearing from our attorney later this week, and we'll be making sure you never get another job in this industry again. SMA PRES/CEO BURSTNET -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG === More spammers === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net !border3.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com !nntp.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Sat, 11 Oct 2003 10:06:05 -0500 From: "Viper" Newsgroups: news.admin.net-abuse.email Subject: Burstnet/Hostnoc Date: Sat, 11 Oct 2003 11:06:07 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: Lines: 15 NNTP-Posting-Host: 12.226.18.108 X-Trace: sv3-LgXjfSBwiC29p4Jkzd7MqBSNQQ5b2iaaXe7vkgPtRS7IwuUaLpjTGsJT7WB63dC7AYl4wrPk1I mbOLC!mIHTaQrvdHrYWDoZQaRuZQyaYQS4Xus3CHEPl+1sVA64ny3CcPWLvv1gZHNQXw== X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:2085695 Looks like Burstnet/hostnoc are back to their spam supporting ways.. :( Received: from [64.191.47.2] (helo=mailpo-bn2.postalbureau.com) From: Classic Arcade Games trendstoday.com = 64.191.10.112 Subject: 84 of the BEST GAMES EVER on your TV Both IPs belong to Burstnet/Hostnoc. http://spamcop.net/w3m?action=checkblock&ip=64.191.47.2 Rationale: Sample traffic over 1000 counted x .5 (1154); 44 spamtraps squared (1936); recent spam increases spam score from 2038.00 to 8092.00: spam report ratio (8092.000) exceeds threshold (0.020) === Spamming web forms is "not spam" for BurstNET === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu !small1.nntp.aus1.giganews.com!border1.nntp.aus1.giganews.com !intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.comcast.com !news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Fri, 17 Oct 2003 00:37:44 -0500 From: "Viper" Newsgroups: news.admin.net-abuse.email Subject: BurstNet/HostNOC Spam via web forum on your site is not spam.... Date: Fri, 17 Oct 2003 01:37:45 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: Lines: 77 NNTP-Posting-Host: 12.226.18.108 X-Trace: sv3-cr1RwjmFPJa8KXtaZHKe3Doiqo9Xej/RYkzy1cpPpC2WbIOKULUMT7LBZIhZlFTShb6U/7zceP ptEHe!rulCAljS6gaUX5CAOddOjYZ7lazHgRl/gqE9y90wOH3IMyoU137v0GYBdccVNA== X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:2089023 I recieved an email from a form on my site spamming a counter. I did a lookup and seen it was a Burst/HostNOC hosted site. I sent a LART.. Return-path: Envelope-to: webmaster@[munged] Delivery-date: Thu, 16 Oct 2003 14:21:06 -0400 Received: from nobody by [munged] with local (Exim 4.24) id 1AACjQ-0005Du-Gu for webmaster@[munged]; Thu, 16 Oct 2003 14:20:16 -0400 To: webmaster@[munged] Subject: From: webmaster@piksites.com Message-Id: Date: Thu, 16 Oct 2003 14:20:16 -0400 X-SpamPal: PASS name: Driss Kaitouni username: subject_type: Other bquestion_type: Pik Counters. message_type: Hi, Pik Counters is a free and very special counter/tracker service. It includes everything the best counter services offer and much more. There are over 60 styles to choose from and you can change all the colors of your counters so that they look exactly like your site. We also have hidden counters and counters that only display how many visitors are currently online. To Join: http://counters.piksites.com/ Thank You The reply from Burst/HostNOC... Sean R. has responded to your help desk request. Please preserve the subject line. This is important. ----------------------------------------------- (Sean R.) ----------------------------------------------- I wouldn't consider someone going to your website and sending you info in your own form "spam". Any further details on this that you can give us, that would actually be an AUP/TOS violation? Sean R. BurstNET System Administration BurstNETT - The Speed the Internet TravelsT To place an order, or for more info, contact; BurstNET Technologies, Inc.T - BurstNETT Toll Free 24/7/365 Support: 1-877-BURSTNET Phone (570) 343-2200 - Fax (570) 343-9533 PO Box #591 Scranton, PA 18501-0591 USA http://www.burst.net & http://www.nocster.net sales@burst.net === BurstNET adds more spammers instead of removing them === Path: uni-berlin.de!fu-berlin.de!postnews1.google.com!not-for-mail From: spam-usenet@btfh.net (Some Bastard) Newsgroups: news.admin.net-abuse.email Subject: this is why i permanently firewall off spammy isps Date: 6 Dec 2003 23:56:36 -0800 Organization: http://groups.google.com Lines: 16 Message-ID: <636e0509.0312062356.29cfa6ab@posting.google.com> NNTP-Posting-Host: 216.17.172.80 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1070783796 23079 127.0.0.1 (7 Dec 2003 07:56:36 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Sun, 7 Dec 2003 07:56:36 +0000 (UTC) Xref: uni-berlin.de news.admin.net-abuse.email:2126373 a few months ago (i think around july) there was a thread where the ceo of burst /hostnoc came on and bitched about his sorry ass being heavily blacklisted and how he had removed all his spammers, etc etc etc. Of course we've all heard that line before. Well as proof that once a spam haus, always a spam haus, i present.... http://www.spamhaus.org/sbl/latest.lasso Go about a third of the way down, and there's an entry for http://www.spamhaus.org/sbl/sbl.lasso?query=SBL11939 So obviously Burst is adding MORE spammers instead of removing them. This is justification for even the most conservative mail admin to heavily firewall known spam havens. === http://www.spamhaus.org/sbl/sbl.lasso?query=SBL11939 === Ref: SBL11939 66.96.221.0/24 is listed on the Spamhaus Block List (SBL) 07-Dec-2003 04:21 GMT | SR03 Alexey Panov - ckync.com 66.96.221.0/24 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Alexey Panov - ckync.com. hostgym.com (Dec 6th, 2003) listing escalated to 66.96.221.0/24 (Dec 4th, 2003) no action taken by host, listing escalated to 66.96.221.200/29 (SR03) hotoffer.hostgym.com. 15M IN A 66.96.221.203 hostgym.com. 15M IN NS ns2.hostgym.com. hostgym.com. 15M IN NS ns1.hostgym.com. ns2.hostgym.com. 1d1h12m17s IN A 217.107.216.122 ns1.hostgym.com. 1d1h12m17s IN A 217.107.216.121 ~% telnet 66.96.221.203 8088 Trying 66.96.221.203... Connected to allied.dnsfreedom.com. Escape character is '^]'. Notes for hostnoc.net Abuse/Security A listing in the ROKSO database means that this spammer has already been terminated by a minimum of 3 consecutive Internet networks for serious spam offenses. ROKSO spammers are professional spam gangs, they will use every trick in order to stop you from terminating them. Please do not allow your network to be a haven for ROKSO spammers, doing so puts your network in the position of "Knowingly providing Spam Support Service". ROKSO records for Alexey Panov - ckync.com (hostgym.com) Removal Procedure As this is a known professional spam operation, it is important that all service to the Alexey Panov - ckync.com spam operation be terminated before this listing can be removed from the SBL. There can be no functioning web site, mail or DNS server still serving the spam operation in 66.96.221.0/24. To have record SBL11939 (66.96.221.0/24) removed from the SBL, the Abuse/Security representative of hostnoc.net (or the Internet Service Provider responsible for connectivity to 66.96.221.0/24) needs to contact the SBL Team to advise how the spam problem has been terminated. If you are a representative of hostnoc.net, you also need to see this: Current hostnoc.net SBL Listings The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect customers from spam sources and spam services. The SBL lists only IP addresses (not domains or addresses). If you are unable to send email due to this SBL listing, please contact your Internet Service Provider and show them this page - your Service Provider needs to contact Spamhaus to resolve the issue. (If you are not the Internet Service Provider, please do NOT contact us.) === More SPEWS spammers stay on BurstNET (moving the spammers around?) === Reply-To: "Detox" From: "Detox" Newsgroups: news.admin.net-abuse.email Subject: [S421] Burstnet/Hostnoc - update Date: Fri, 20 Feb 2004 21:32:17 -0500 Lines: 24 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 NNTP-Posting-Host: 198.109.216.105 Message-ID: <4036c703$1@news.modempool.com> X-Trace: news.modempool.com 1077331715 198.109.216.105 (20 Feb 2004 21:48:35 -0500) Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!elk.ncren.net !aanews.merit.edu!news.modempool.com Xref: uni-berlin.de news.admin.net-abuse.email:2169776 Currently: 1, 64.191.35.0 - 64.191.35.255, hostnoc/burstnet (zoanmail.com / JogPod Group) 1, 64.191.50.0 - 64.191.50.255, hostnoc/burstnet (zoanmail.com / JogPod Group) Via SamSpade at 21:30 2/20/2004: NS1.JOGPOD.COM 64.191.29.123 NS2.JOGPOD.COM 64.191.29.124 Don't ask why I was looking. I must have been mad. HTH HAND -- Regards, Detox detox665@hotmail.com The correct pejorative is "fanboy". === More spammers on BurstNET === Date: Fri, 26 Mar 2004 08:10:56 -0700 From: SpammerJammer@example.com Subject: SPEWS S421: Burstnet spam support service signs up yet ANOTHER spambag -- is there any room left? Message-ID: <20040326131056.GA798@example.com> Newsgroups: news.admin.net-abuse.email Mail-To-News-Contact: postmaster@nym.alias.net Organization: mail2news@nym.alias.net Lines: 32 Of course they hit a spamtrap right away. How predictable. How much like SMA to keep lying and keep adding spammers to the Burstnet spam empire. Registrant: SaveLoot.com 450 NE 20th Street, Suite 113 Boca Raton, FL 33431 US Domain name: SAVELOOT.COM Administrative Contact: Service, Customer support@OpenSayzame.com <--- recognize these parasites? 450 NE 20th Street, Suite 113 Boca Raton, FL 33431 US 954-757-3869 Technical Contact: Support, Technical support@SaveLoot.com 1440 Coral Ridge Drive #325 Boca Raton, FL 33431 US 954-757-3869 Fax: 954-757-3869 Registrar of Record: TUCOWS, INC. Record last updated on 24-Feb-2004. Record expires on 06-May-2004. Record created on 06-May-2003. Domain servers in listed order: DNS1.SAVELOOT.COM 66.96.222.170 <--- Burstnet DNS2.SAVELOOT.COM 66.96.222.171 <--- Burstnet === Burstnet still moves their spammers around, helping them to avoid blocks === === instead of terminating them === === http://forums.burst.net/printthread.php?s=9a62c037dc7437e922850c7d321490a1&threadid=2199&perpage=15&pagenumber=4 === BurstNET™ Support Forums (http://forums.burst.net/index.php) - Dedicated Server Support (http://forums.burst.net/forumdisplay.php?forumid=15) -- Blocked by Hotmail? (http://forums.burst.net/showthread.php?threadid=2199) Posted by danntodd on 02-21-2004 03:27 AM: Since I couldn't find Jeanie's address: Hi Jeanie, You said:"I will let you know of the results but, just so you know, I am requesting that the listing affecting your IPs are removed. I believe that all of the spam offenders who caused those blocks were already removed." I checked the listing today and found that SPEWS removed some and left others. They can be pretty prompt in response to a real effort to kill spammer accounts. They seem to have responded in a timely fashion to most of your other requests for removal as well AFAICT. That being said: http://www.spamhaus.org/sbl/listing...isp=hostnoc.net --this isn't good. 27 listings by Spamhaus. And zoanmail/JogPod is still hanging around and apparently being shuffled from IP to IP. Also not good. Having watched SPEWS in action for the last 14 months, I can offer the following advice: Use a different identity when posting to n.a.na.e instead of as 'ceo@burst.net'. SMA said some pretty stupid things over the last year or so. Those that might be interested can look into such things via Google. Being yourself as opposed to 'ceo@burst.net' will probably lower some of the vitriol directed your way. BTW, I'm not SPEWS.....which is probably a good thing for some folks. __________________ Regards, Dann Posted by Matt [MainArea] on 02-21-2004 02:12 PM: quote:Originally posted by danntodd That being said: http://www.spamhaus.org/sbl/listing...isp=hostnoc.net --this isn't good. 27 listings by Spamhaus. And zoanmail/JogPod is still hanging around and apparently being shuffled from IP to IP. Also not good. You should see that number decrease from 27 soon... - Matt __________________ Operations Manager of The MainArea Network sales@mainarea.com http://www.mainarea.com/ Ask me any Nocster questions, I'll be happy to answer them! Posted by serverIntel on 03-17-2004 12:35 PM: Im confused now. I just did a search via google for my main domain serverintelligence and its come back as a spammer? I have never sent any spam in my life and no one else has access to this domain? Also noticed that any email sent to a hotmail address from my server is being bounced back I.E. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: xxxxxxxxxx@homail.com unrouteable mail domain "homail.com" Whats going on? How can I solve this? Any tips? Or help? Laters as Im now confused. Posted by Paul on 03-17-2004 02:00 PM: quote:Originally posted by serverIntel A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: xxxxxxxxxx@hotmail.com unrouteable mail domain "hotmail.com" Whats going on? How can I solve this? Any tips? Or help? Laters as Im now confused. __________________ "An alcoholic is someone you don't like who drinks as much as you do" - Dylan Thomas (1914 - 1953) When I was a kid, my parents moved a lot... but I always found them. Posted by serverIntel on 03-17-2004 02:40 PM: Yes the missing "T" has been corrected and it still throws back the emails Also checked the persons box and its not full. Laters Posted by danntodd on 03-19-2004 12:48 AM: serverintelligence.com = [info deleted in response to a condescending request - curious as to why it shouldn't be posted] Your problem is here: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12746 The source of your problem is Jogpod and Burst's inability/refusal to terminate Jogpod's account. There are a total of 26 Spamhaus issues with broad blockages in effect. http://www.spamhaus.org/SBL/listing...isp=hostnoc.net HTH HAND __________________ Regards, Dann Posted by serverIntel on 03-19-2004 11:08 AM: Thanks for posting my details and IP, can you edit them out please, thats a good boy. Now, this JogPod Group - Zentyl Technologies (zoanmail.com) has 20 IP addresses listed with spamhaus.org and 6 others, its effecting my server and server users like me. Now I want to know what Burst is doing about it and what are they doing about getting my IP's removed? Not amused at all Burst. Posted by serverIntel on 03-19-2004 11:16 AM: Zonemail says this on there site: The ZoneMail platform is a unique hardware and software solution that allows publishers to create, manage and deploy large-scale, real-time email marketing campaigns. ZoneMail is a feature-rich set of applications running on top industry-standard, high-performance technologies and infrastructure. "Email marketing campaigns" a nice way of putting it and in other words SPAM. Come on burst, they might be a big customer, but its killing us little ones and its us little ones that make up most of your revenue each month. Posted by serverIntel on 03-19-2004 11:20 AM: Ummmmmmmm! Just did a search of my IP's in SBL XBL Lookup IP Address and it said they are not listed? Deffo confused now. Posted by danntodd on 03-19-2004 12:10 PM: http://www.dnsstuff.com/tools/ip4r.ch?ip=64.191.24.166 Perhaps the Spamhaus folks have something crosswired, but the above clearly links to an SBL listing. __________________ Regards, Dann Posted by serverIntel on 03-19-2004 01:41 PM: Because I asked nicely, thats why. quote:Originally posted by danntodd [B]serverintelligence.com = [info deleted in response to a condescending request - curious as to why it shouldn't be posted] Posted by Jon on 03-31-2004 12:37 AM: Burstnet hosting Jodpog continues? Folks, this may assist in your approaching Burst about the recurrent spam issues. If a Burst tech is reading, please could you investigate and get back to the group-- Jeanie? I received the following from outblaze at 30 Mar 2004 02:55 -- which says that the jodpog IP cycling continues: quote:Hello We have had to block a large netblock of burst.net IPs because of massive volumes of spam from a burstnet customer JogPod Group. Jogpod apparently has several small IP blocks spread across a wide range of burstnet's network, and they keep cycling through random domains in order to send out spam, making them difficult to block without blocking a larger burstnet netblock. Your IP also happens to fall into this netblock. Please ask burstnet to terminate this spammer's hosting (as well as the hosting of their other spamming customers as listed in the sbl - http://www.spamhaus.org) and then contact me about this issue. Despite what burstnet is telling you, this is a current problem. The spammers we are blocking them for are still there on burst's network. regards postmaster@outblaze.com Burst -- please let me know what is going on. I find that your CEO back in Aug of last year seems to have stated that he is not too keen to terminate spammers as he things he might be landed with a breach of contract lawsuit. If this is genuinely Burst's policy, and I hope it is not, then I will move to other servers. See: http://www.dolphinwave.org/spam/HostNOC_BurstNET.txt Thanks to any tech who can shed some light and start the task of resolving this issue. Jon All times are GMT. The time now is 05:53 PM. Pages (4): « First ... « 2 3 [4] Show 15 posts from this thread on one page === And here are those spammers' IPs, spread all around BURSTnet space === === http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12746 === Ref: SBL12746 64.191.76.0/24 is listed on the Spamhaus Block List (SBL) 16-Dec-2003 06:14 GMT | SR07 JogPod Group - Zentyl Technologies (zoanmail.com) Support network for SBL12735 Network Operations Center Inc. HOSTNOC-3BLK (NET-64-191-0-0-1) 64.191.0.0 - 64.191.127.255 JogPod Group JOGPODNET (NET-64-191-6-0-1) 64.191.6.0 - 64.191.6.255 JogPod Group JOGPODNET5 (NET-64-191-7-61-1) 64.191.7.61 - 64.191.7.101 JogPod Group JOGPODNET7 (NET-64-191-9-0-1) 64.191.9.0 - 64.191.9.255 JogPod Group JOGPODNET11 (NET-64-191-24-54-1) 64.191.24.54 - 64.191.24.94 JogPod Group JOGPODNET3 (NET-64-191-25-30-1) 64.191.25.30 - 64.191.25.69 JogPod Group JOGPODNET10 (NET-64-191-35-102-1) 64.191.35.102 - 64.191.35.139 JogPod Group JOGPODNET1 (NET-64-191-50-0-1) 64.191.50.0 - 64.191.50.255 JogPod Group JOGPODNET4 (NET-64-191-68-0-1) 64.191.68.0 - 64.191.68.255 JogPod Group JOGPODNET2 (NET-64-191-69-0-1) 64.191.69.0 - 64.191.69.255 JogPod Group JOGPODNET8 (NET-64-191-76-0-1) 64.191.76.0 - 64.191.76.255 See SBL12735 Removal Procedure To have record SBL12746 (64.191.76.0/24) removed from the SBL, the Abuse/Security representative of hostnoc.net (or the Internet Service Provider responsible for connectivity to 64.191.76.0/24) needs to contact the SBL Team to explain how the spam problem has been terminated. If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL. If you are a representative of hostnoc.net, you also need to see this: Current hostnoc.net spam problems The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect customers from spam sources and spam services. The SBL lists only IP addresses (not domains or addresses). If you are unable to send email due to this SBL listing, please contact your Internet Service Provider and show them this page - your Service Provider needs to contact Spamhaus to resolve the issue. (If you are not the Internet Service Provider, please do NOT contact us.) === And BurstNET again bounces complaints === Reply-To: "Detox" From: "Detox" Newsgroups: news.admin.net-abuse.email References: <4059a03e@news.modempool.com> <40599fb4$1@dnews0.news.legend.net.uk> Subject: Re: [SPEWS - S421][Spamhaus - too many to list]...and others regarding Burst.net Date: Sun, 18 Apr 2004 15:54:43 -0400 Lines: 44 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 NNTP-Posting-Host: 198.109.216.155 Message-ID: <4082e22b$1@news.modempool.com> X-Trace: news.modempool.com 1082319403 198.109.216.155 (18 Apr 2004 16:16:43 -0500) Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!bloom-beacon.mit.edu !aanews.merit.edu!news.modempool.com Xref: uni-berlin.de news.admin.net-abuse.email:2189809 "NoLegs" wrote in message news:t2dj509rbpp7mhd605abl1flodeqm4ttj6@4ax.com... > On Thu, 18 Mar 2004 13:11:17 +0000, Gareth Robert Halfacree > wrote: > > >Detox wrote: > >> Curiously, I couldn't access any whois information about ddipowerline.com. > > > >Registrant: > > Digital Dynamiz Intl > > 5889 Airport Rd. > > Port Orange, Florida 32118 > > United States > > Registered through: GoDaddy.com > > Domain Name: DDIPOWERLINE.COM > > Created on: 19-Jan-04 > > Expires on: 19-Jan-06 > > Last Updated on: 30-Jan-04 > NetMaxx Incorporated > 5899 Airport Road Suite 1425 > Port Orange, FL 32128 > 386.763.0987 > 386.760.9318 Received another spam from the same "affilliate" using the account name "trilliondollarteam". Larts sent. Bounces from abuse[at]burst.net and abuse[at]hostnoc.net received as not being set up in perldesk. Rfc-Ignorant to be notified shortly. -- Regards, Detox detox665@hotmail.com The correct pejorative is "fanboy". === The spammer is still on BurstNET, of course (19-Apr-2004) === $ host DDIPOWERLINE.COM DDIPOWERLINE.COM has address 64.191.64.230 $ jwhois 64.191.64.230 [Querying whois.arin.net] [whois.arin.net] OrgName: Network Operations Center Inc. OrgID: NOC Address: PO Box 591 City: Scranton StateProv: PA PostalCode: 18501-0591 Country: US NetRange: 64.191.0.0 - 64.191.127.255 CIDR: 64.191.0.0/17 NetName: HOSTNOC-3BLK NetHandle: NET-64-191-0-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation NameServer: NS1.HOSTNOC.NET NameServer: NS2.HOSTNOC.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2002-05-31 Updated: 2003-08-08 TechHandle: SMA4-ARIN TechName: Arcus, S. Matthew TechPhone: +1-570-343-8551 TechEmail: nic@hostnoc.net OrgTechHandle: SMA4-ARIN OrgTechName: Arcus, S. Matthew OrgTechPhone: +1-570-343-8551 OrgTechEmail: nic@hostnoc.net === More abuse@ bounces === From: "No Spammage" Newsgroups: news.admin.net-abuse.email Subject: BurstNet - worth reporting, or not? Date: 25 Mar 2005 08:56:55 -0800 Organization: http://groups.google.com Lines: 42 Message-ID: <1111769815.478960.217920@g14g2000cwa.googlegroups.com> NNTP-Posting-Host: 66.153.138.104 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1111769819 16478 127.0.0.1 (25 Mar 2005 16:56:59 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Fri, 25 Mar 2005 16:56:59 +0000 (UTC) User-Agent: G2/0.2 Complaints-To: groups-abuse@google.com Injection-Info: g14g2000cwa.googlegroups.com; posting-host=66.153.138.104; posting-account=9gdM_hMAAAD4SyAsujTEggQjs5BDxP9PFdsM6jgnY6tumXkojEfq2g Path: x-privat.org!inn1.libero.it!tiscali!newsfeed1.ip.tiscali.net!news.tele.dk !news.tele.dk!small.news.tele.dk!proxad.net!216.239.36.134.MISMATCH !postnews.google.com!g14g2000cwa.googlegroups.com!not-for-mail Xref: x-privat.org news.admin.net-abuse.email:2585787 Got an ebay phish from 66.197.141.85 (site located at 64.62.166.78 = billing-security-center.com on HE.net) and reported it to abuse AT hostnoc.net. Almost instantly, I got ==== This is an automated response. Please do not reply to this email. Thank you for taking the time to contact the BurstNET Abuse Dept. BurstNET in no way condones any spam related activities, hacking, warez, pirating, <...> ======== A few seconds later, I get ========= Sorry, the request you have emailed has been forwarded to our support ticket system however, there was an error processing it further: There is not a valid TO or CC email address given, so we do not know how to direct your email. You may fill out a support ticket to us via the web if you feel is in error at https://support.burst.net/ . You may create an account or just click on "Submit Request" at the top to submit a ticket without logging in. Thank you, Your Friendly Ticket Daemon BurstNet Technologies, Inc 1-877-BURSTNET | 570-343-2200 ------------------------------------------------------------------- Tickets will be automatically closed if they are open, BurstNET staff replied, and a response was not recieved in 48 hours. Also, you may search http://forums.burst.net/ to see if someone has posted the same issue as you, for now or in the future. This is a free service to everyone, with over 18,000 posts it may be helpful. ======= Temporary glitch, or what? Is abuse@ not maintained? === BurstNet's "Friendly Ticket Daemon" === From: "Bill Carton - (The Roadie)" Newsgroups: news.admin.net-abuse.email Subject: BurstNet's "Friendly Ticket Daemon" Date: Wed, 22 Jun 2005 10:30:43 -0700 Organization: Posted via Supernews, http://www.supernews.com Message-ID: Reply-To: wcarton@flash.net X-Newsreader: Forte Agent 2.0/32.652 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 42 Path: x-privat.org!news-out.tin.it!news-in.tin.it!news.tele.dk!news.tele.dk !small.news.tele.dk!sn-xit-02!sn-xit-06!sn-post-02!sn-post-01!supernews.com !news.supernews.com!not-for-mail Xref: x-privat.org news.admin.net-abuse.email:2637603 Lart to Hostnoc, acked as follows: Subject: Re: Abuse/Spam Complaint Date: Wed, 22 Jun 2005 12:53:16 -0400 From: BurstNET Abuse Dept. To: Bill Carton This is an automated response. Please do not reply to this email. Thank you for taking the time to contact the BurstNET Abuse Dept. [yadda-yadda removed] Then: Subject: Email Error Date: Wed, 22 Jun 2005 12:53:23 -0400 (EDT) From: support@burst.net To: wcarton@flash.net Sorry, the request you have emailed has been forwarded to our support ticket system however, there was an error processing it further: There is not a valid TO or CC email address given, so we do not know how to direct your email. You may fill out a support ticket to us via the web if you feel is in error at https://support.burst.net/ . You may create an account or just click on "Submit Request" at the top to submit a ticket without logging in. Thank you, Your Friendly Ticket Daemon BurstNet Technologies, Inc 1-877-BURSTNET | 570-343-2200 -- Bill "the Roadie" Carton === Possible reason for the ticketing system to cock-up === From: "Bill Carton - (The Roadie)" Newsgroups: news.admin.net-abuse.email Subject: Re: BurstNet's "Friendly Ticket Daemon" Date: Wed, 22 Jun 2005 17:08:13 -0700 Organization: Posted via Supernews, http://www.supernews.com Message-ID: Reply-To: wcarton@flash.net References: X-Newsreader: Forte Agent 2.0/32.652 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 40 Path: x-privat.org!area.cu.mi.it!news.mailgate.org!news-spur1.maxwell.syr.edu !news.maxwell.syr.edu!news.mel.connect.com.au!news-north.connect.com.au !news-south.connect.com.au!bunyip2.cc.uq.edu.au!nemesis.sorbs.net!sn-xit-04 !sn-xit-12!sn-xit-08!sn-post-02!sn-post-01!supernews.com!news.supernews.com !not-for-mail Xref: x-privat.org news.admin.net-abuse.email:2637664 "McWebber" wrote: >"Bill Carton - (The Roadie)" wrote in message >news:dt7jb1p6j9tlfqodmgpfg7jutme0geoa1t@4ax.com... >> Sorry, the request you have emailed has been forwarded to our support >> ticket system however, there was an error processing it further: >> >> There is not a valid TO or CC email address given, so we do not >> know how to direct your email. >> > >I bet you had more than one email address in the To: field. They can't >handle that. Ahhhhh. Thx. I had four domains to LART for one spam - not all hosted there. Naturally I included all the "To" addresses. Anyway, it *did* get a reply within hours: Hello...and thank you for contacting us. Our direct client, the reseller of that account, has been alerted and will be looking into this. He has been asked to take whatever actions necessary to ensure that this does not happen again. If you receive further suspicious traffic involving this host, please do not hesitate to re-open this ticket. Also, I will send this to our programming department for them to look into the email problem. Corey M. Technical Support BurstNET Technologies, Inc. Scranton, PA 18501-0591 USA The domains involved, for the Google record, were loanapps.info and themillionairemovie.com -- Bill "the Roadie" Carton === But how BurstNET *REALLY* handles their spammers? They stay connected === From: lartpuppy@yahoo.com Newsgroups: news.admin.net-abuse.email Subject: Burstnet (Hostnoc) gives false hope Date: 23 Jun 2005 14:45:12 -0700 Organization: http://groups.google.com Lines: 35 Message-ID: <1119563112.721872.302410@g14g2000cwa.googlegroups.com> NNTP-Posting-Host: 132.163.193.247 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1119563118 12642 127.0.0.1 (23 Jun 2005 21:45:18 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Thu, 23 Jun 2005 21:45:18 +0000 (UTC) User-Agent: G2/0.2 Complaints-To: groups-abuse@google.com Injection-Info: g14g2000cwa.googlegroups.com; posting-host=132.163.193.247; posting-account=KtohbgwAAACTjiIce13jpn5XC9Pj5c_D Path: x-privat.org!news.glorb.com!postnews.google.com !g14g2000cwa.googlegroups.com!not-for-mail Xref: x-privat.org news.admin.net-abuse.email:2637806 Today I got a blatant spam advertising www.rfsupply.com This is 66.197.212.184 on Hostnoc Within a few hours or my lart, I got this reply: -------- Corey M. has responded to your help desk request. Please preserve the subject line. This is important. ----------------------------------------------- (Corey M.) ----------------------------------------------- I'm sorry for any inconvenience. The culprit was suspended by our staff, pending further action by the reseller of the account. (minion's full name) Technical Support BurstNET Technologies, Inc. Scranton, PA 18501-0591 USA --------- Sounded really good. But then I went and checked, and the site is up and running (my check was about 30 minutes after the time stamp on the reply to my LART). So somebody at Burstnet is either lying or clueless, or possibly both. I also larted Godaddy who has registered the spammer's domain, but no response to that so far. I was all ready to make a comment about how Burstnet was more white-hat than Godaddy in this case (or at least faster on the draw), but it looks like nobody has earned a white hat yet on this one. === And the reason why the spammer is still connected === From: lartpuppy@yahoo.com Newsgroups: news.admin.net-abuse.email Subject: Re: Burstnet (Hostnoc) gives false hope Date: 23 Jun 2005 18:28:26 -0700 Organization: http://groups.google.com Lines: 31 Message-ID: <1119576505.990755.309410@g49g2000cwa.googlegroups.com> References: <1119563112.721872.302410@g14g2000cwa.googlegroups.com> NNTP-Posting-Host: 172.193.237.196 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1119576510 31295 127.0.0.1 (24 Jun 2005 01:28:30 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Fri, 24 Jun 2005 01:28:30 +0000 (UTC) In-Reply-To: User-Agent: G2/0.2 Complaints-To: groups-abuse@google.com Injection-Info: g49g2000cwa.googlegroups.com; posting-host=172.193.237.196; posting-account=KtohbgwAAACTjiIce13jpn5XC9Pj5c_D Path: x-privat.org!news.glorb.com!postnews.google.com !g49g2000cwa.googlegroups.com!not-for-mail Xref: x-privat.org news.admin.net-abuse.email:2637834 axlq wrote: > In article <1119563112.721872.302410@g14g2000cwa.googlegroups.com>, > wrote: > >Within a few hours or my lart, I got this reply: > >-------- > >Corey M. has responded to your help desk request. > ...snip... > >The culprit was suspended by our staff, pending further action by the > >reseller of the account. > >--------- > > > >Sounded really good. But then I went and checked, and the site is up > > So, reply to the abuse minion and ask why he claimed the account was > suspended when it's obviously still running. I'm curious if you get as > "promising" a response this time. I did reply, and almost immediately got this back: "The client was suspended but the reseller is looking through the server right now to see if it was comprimised. He may have unsuspended it. It is still being looked into." The spammer, www.rfsupply.com, is still "unsuspended" by the way, and therefore able to profit from his spam run, about 3 hours after the above message. If a reseller can override a nuke by the ISP's abuse desk, something is wrong with the ISP's policies. Or perhaps it was never suspended and Corey M. at Burstnet was just blowing smoke and hoping I wouldn't check the claim he was making. === BurstNET disconnects the spammer to get off the list, then reconnects === From: Matthew Sullivan Newsgroups: news.admin.net-abuse.email Subject: Re: Burstnet (Hostnoc) gives false hope Date: Fri, 24 Jun 2005 09:29:34 +1000 Organization: SORBS - The Spam and Open Relay Blocking System Lines: 47 Message-ID: References: <1119563112.721872.302410@g14g2000cwa.googlegroups.com> NNTP-Posting-Host: dhcp10-223.canberra.edu.au Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Trace: nemesis.sorbs.net 1119569373 9517 137.92.10.223 (23 Jun 2005 23:29:33 GMT) X-Complaints-To: abuse@sorbs.net NNTP-Posting-Date: Thu, 23 Jun 2005 23:29:33 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050415 X-Accept-Language: en In-Reply-To: <1119563112.721872.302410@g14g2000cwa.googlegroups.com> Path: x-privat.org!texta.sil.at!newsfeed01.sul.t-online.de!t-online.de !newsfeed.vmunix.org!news1.optus.net.au!optus!news.mel.connect.com.au !news-north.connect.com.au!news-south.connect.com.au!bunyip2.cc.uq.edu.au !nemesis.sorbs.net!not-for-mail Xref: x-privat.org news.admin.net-abuse.email:2637822 lartpuppy@yahoo.com wrote: > Today I got a blatant spam advertising www.rfsupply.com > This is 66.197.212.184 on Hostnoc > > Within a few hours or my lart, I got this reply: > -------- > Corey M. has responded to your help desk request. > > Please preserve the subject line. This is important. > > ----------------------------------------------- > (Corey M.) > ----------------------------------------------- > I'm sorry for any inconvenience. > > The culprit was suspended by our staff, pending further action by the > reseller of the account. > > > (minion's full name) > Technical Support > BurstNET Technologies, Inc. > Scranton, PA 18501-0591 USA > --------- > > Sounded really good. But then I went and checked, and the site is up > and running (my check was about 30 minutes after the time stamp on the > reply to my LART). So somebody at Burstnet is either lying or > clueless, or possibly both. > > I also larted Godaddy who has registered the spammer's domain, but no > response to that so far. I was all ready to make a comment about how > Burstnet was more white-hat than Godaddy in this case (or at least > faster on the draw), but it looks like nobody has earned a white hat > yet on this one. > They are getting more blatant then... They requested the netblock delisted @SORBS some time ago, and at the time of checking (+14 days) the site was nuked. Within 3 days of removing the listing, the spam and the site was back. (The listing followed shortly there after) Regards, Mat === BurstNET claims to reform === Newsgroups: news.admin.net-abuse.blocklisting From: nanae@burst.net Subject: Re: SPEWS Removal Request: S2695 User-Agent: G2/0.2 Sender: nanab@zorch.sf-bay.org (Charlie Root) Message-ID: <1156429416.792578.190000@i3g2000cwc.googlegroups.com> X-Authentication-Warning: zorac.sf-bay.org: smap set sender to using -f Approved: NANAB Moderators Date: Thu, 24 Aug 2006 14:24:50 GMT Nntp-Posting-Date: Thu, 24 Aug 2006 14:23:42 +0000 (UTC) X-Http-Useragent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6,gzip(gfe),gzip(gfe) Content-Type: text/plain; charset="iso-8859-1" References: <1156366174.159265.72370@b28g2000cwb.googlegroups.com> <44ed9223$2$fuzhry+tra$mr2ice@news.patriot.net> X-Complaints-To: groups-abuse@google.com Complaints-To: groups-abuse@google.com X-Trace: posting.google.com 1156429422 19341 127.0.0.1 (24 Aug 2006 14:23:42 GMT) Nntp-Posting-Host: 66.197.191.126 Mime-Version: 1.0 Injection-Info: i3g2000cwc.googlegroups.com; posting-host=66.197.191.126; posting-account=1-uaTg0AAADrY_MvE8wlE_67wlYgBLsX Organization: http://groups.google.com X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), C++/Perl/Unix Consulting Lines: 65 Path: x-privat.org!news.glorb.com!newshub.sdsu.edu!headwall.stanford.edu !newsfeed.stanford.edu!zorac!blocklisting.com!robomod!not-for-mail Xref: news.x-privat.org news.admin.net-abuse.blocklisting:20793 Shmuel (Seymour J.) Metz wrote: > In <1156366174.159265.72370@b28g2000cwb.googlegroups.com>, on > 08/23/2006 > at 11:12 PM, nanae@burst.net said: > > >Please consider removal of the following: > > Have you gotten rid of all of your spammers, or just the ones > publically listed by SPEWS? We terminate _all_ blatant abusers, including spammers. > Don't assume that the data listed in the > public record are all that SPEWS has. Treat all complaints as though > they came from SPEWS. We respond to every abuse complaint we receive. Additionally, we monitor SpamCop reports, newsgroups and other blacklisting sites to ensure that we are aware of abuse issues within our network. > What have you done to resolve the underlying causes of the listing? As mentioned in my removal request, this abusive user was terminated in February of 2004. > What actions have you taken to make your service unatractive to > spammers? > What actions have you taken to detect and remove spammers > more quickly? Our entire technical staff is trained to monitor abuse reports and we investigate all suspicious activity on our network. We are staffed 24/7. We have a very strict TOS/AUP. We penalize resellers who do not address abuse issues within 24 hours and terminate those who completely fail to address abuse. People have actually complained that our policies are _too_ strict. Additionally, we flag any orders we suspect may be from spammers and research potential clients to see if they've had any previous abuse issues. > >This abusive user was terminated in February of 2004. > > I notice that you didn't mention this one: > > 1, 66.250.86.180/31, bluego.net / mondo41.cestino.net (cogentco.com) > > Was that an oversight? It looks like the same customer. That's not our IP. -Jeanie @ BurstNET Technologies -- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.