This project is trying to determine which netblocks SAVVIS has assigned to it's known spammers.  More interestingly, which netblocks are being "used up" as these known spammers slash and burn their way into various blacklists.

     Since the Savvis acquisition of Cable and Clueless, they have chosen to discard their "White Hat" - statements such as "We are too big to de-peer now, I think we should revisit our AUP" were the call of the day after the purchase closed.

     Why would we care enough to analyze the IP space?  Because, I believe the plan is to set aside very large (/16 or shorter prefixes) as a "swamp area" from which to rotate their dirty customers IP needs.  Think of it as a shell game: if you don't know which shell (IP address) the spammer is under, you won't be able to block it.  More importantly, I am attempting to document a case for a full UDP against Savvis IP space, based upon the showing of active participation and facilitation of active spammers.


     Analysis is in progress - report should be ready in a few more weeks.  Thank you too all of you who have sent in anonymous tips on this project: we couldn't do it without you!!!