From ???@??? Fri Jan 01 00:00:00 1999 Path: sn-us!sn-xit-10!sn-xit-06!sn-xit-13!supernews.com!freenix!proxad.net!213.200.89.82.MISMATCH!tiscali!newsfeed1.ip.tiscali.net!2001:1a50:0:1::9.MISMATCH!news.rh-tec.net!koehntopp.de!not-for-mail From: Kristian =?UTF-8?B?S8O2aG50b3Bw?= Newsgroups: news.admin.net-abuse.usenet Subject: What is spamkiller.net? Date: Wed, 06 Apr 2005 20:51:25 +0200 Organization: koehntopp.de Lines: 40 Message-ID: NNTP-Posting-Host: port-212-202-202-231.dynamic.qsc.de Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Trace: xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de 1112813486 25645 212.202.202.231 (6 Apr 2005 18:51:26 GMT) X-Complaints-To: kris@koehntopp.de NNTP-Posting-Date: Wed, 6 Apr 2005 18:51:26 +0000 (UTC) Xref: sn-us news.admin.net-abuse.usenet:358749 I just got a peering request from a site using the path tokens: news-in.spamkiller.net / news-out.spamkiller.net. A google search for "spamkiller.net" comes up empty: http://www.google.com/search?q=spamkiller.net A google groups search for that name comes up with very old postings listing this site as a major source of spam: http://groups-beta.google.com/groups?q=spamkiller.net http://groups-beta.google.com/group/news.admin.net-abuse.bulletins/msg/2e94f3fdbc4711ac?dmode=source The mail carrying the peering request also names the domains jam.net and sierracorporatedesign.com, for which no google hits are shown as well. $ host sierracorporatedesign.com lists a large number of 10/8 addresses and one 192.168/16 address. The other addresses listed are sierracorporatedesign.com has address 208.33.61.146 sierracorporatedesign.com has address 208.33.61.150 sierracorporatedesign.com has address 208.33.61.151 sierracorporatedesign.com has address 208.33.61.152 sierracorporatedesign.com has address 208.33.61.153 for which no web site is configured (says their webserver) and sierracorporatedesign.com has address 208.33.61.154 which ends up being the site for smr-usenet (whatever that is). The fact that I cannot dig up information for these sites worries me a bit. Also, I don't know what smr-usenet is. I do not want to become a carrier for spam injectors. Is this a genuine peering request or should I decline that request? Kristian From ???@??? Fri Jan 01 00:00:00 1999 Path: sn-us!sn-xit-11!sn-xit-09!sn-xit-14!supernews.com!postnews.google.com!news4.google.com!news.glorb.com!news-spur1.glorb.com!not-for-mail From: "Geoff Brozny" Newsgroups: news.admin.net-abuse.usenet Subject: Re: What is spamkiller.net? Date: Wed, 6 Apr 2005 17:35:56 -0400 Organization: Glorb Internet Services, http://www.glorb.com Lines: 23 Message-ID: References: X-Trace: ratbert.glorb.com 1112823231 18495 69.36.0.65 (6 Apr 2005 21:33:51 GMT) X-Complaints-To: abuse@glorb.com NNTP-Posting-Date: Wed, 6 Apr 2005 21:33:51 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2527 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-RFC2646: Format=Flowed; Original Xref: sn-us news.admin.net-abuse.usenet:358752 "Kristian Kšhntopp" wrote in message news:d31b3e$p1d$1@xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de... > > I just got a peering request from a site using the path tokens: > news-in.spamkiller.net / news-out.spamkiller.net. > spamkiller.net, nntp.be, nuthinbutnews.com, usenet.com, newsgroups.com, superfeed.net all are newsfeeds.com aliases, (I think I'm missing a few) I got tricked into peering with most of these because I did not realize they were the same place at first, and I didnt really care at the time, but now I have been refusing there peering requests with there other aliases. If you already have decent peering, I would not waste my time setting up a peer with them, most of there feeds get me 0-1 post per day (text only peers) and they offer old stuff and seem to feed there peers articles on a minute or so delay. geoff From ???@??? Fri Jan 01 00:00:00 1999 Path: sn-us!sn-xit-10!sn-xit-06!sn-xit-13!supernews.com!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!novia!newscon06.news.prodigy.com!prodigy.net!newsmst01a.news.prodigy.com!prodigy.com!postmaster.news.prodigy.com!newssvr21.news.prodigy.com.POSTED!49faab32!not-for-mail From: Ed Falk User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031016 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.usenet Subject: Re: What is spamkiller.net? References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Lines: 6 Message-ID: NNTP-Posting-Host: 67.120.215.53 X-Complaints-To: abuse@prodigy.net X-Trace: newssvr21.news.prodigy.com 1113071580 ST000 67.120.215.53 (Sat, 09 Apr 2005 14:33:00 EDT) NNTP-Posting-Date: Sat, 09 Apr 2005 14:33:00 EDT Organization: SBC http://yahoo.sbc.com X-UserInfo1: SCSYQNONEJWWSTTY\JIX_TTDFZ\@@FXLM@TDOCQDJ@_@FNHBK^RAQFW[ML\THRCKV^GGZKJMGV^^_JSCFFUA_QXFGVSCYRPILH]TRVKC^LSN@DX_HCAFX__@J\DAJBVMY\ZWZCZLPA^MVH_P@\\EOMW\YSXHG__IJQY_@M[A[[AXQ_XDSTAR]\PG]NVAQUVM Date: Sat, 09 Apr 2005 18:33:00 GMT Xref: sn-us news.admin.net-abuse.usenet:358783 Here's a hint: If you do e.g. "whois spamkiller.net", you get an ANONYMOUS registration. (Does Icann even permit this? Apparently Network Solutions does.) No legitimate business hides their identity. From ???@??? Fri Jan 01 00:00:00 1999 Path: sn-us!sn-post-01!supernews.com!news.supernews.com!i.put!this.here!dritz From: David Ritz Newsgroups: news.admin.net-abuse.usenet Subject: Re: What is spamkiller.net? Date: Thu, 07 Apr 2005 15:02:33 -0500 Organization: SpamBusters! Message-ID: References: Posted-And-Mailed: yes User-Agent: MT-NewsWatcher/3.4 (PPC Mac OS X) X-Face: 7]U0X0dPn}db`BCcCn>y)FeytFj}Qw,m-4#,\oxca5+P%Qh&2UufZ_"#3/`aJo +>oQZErBD'84"2S15SXSF?Sy5ZQcjs4:,S)$TU X-Comment-2: LART a spammer for Dobbs. X-Comment-3: Invalid assumptions tend to produce invalid conclusions. X-Meow: yes Content-Type: text/plain; charset=iso-8859-1 X-Complaints-To: abuse@supernews.com Lines: 166 Xref: sn-us news.admin.net-abuse.usenet:358751 -----BEGIN PGP SIGNED MESSAGE----- In article , Kristian Kšhntopp wrote: KK> I just got a peering request from a site using the path tokens: KK> news-in.spamkiller.net / news-out.spamkiller.net. This is NEWSFEEDS.COM/JAM.NET. KK> A google search for "spamkiller.net" comes up empty: KK> http://www.google.com/search?q=spamkiller.net This is still a major source of spam, although these days, most of it is attributable to their customer base, rather than to its operators. Please see the current discussion in news.admin.net-abuse.policy, beginning with (), titled "[Usenet] RFD - UDP against Newsfeeds.com". Some of the cancelled articles coming from NEWSFEEDS.COM, for the first fifteen (15) hours or so of today, can be found at . DSRS posting research results Please note, this search was generated at 2005/04/06 19:54:09 GMT and the articles presented may no longer be available. You may click on any article reference (the first hyperlink in each line) and retrieve the referenced article without a DSRS login, however you will need a DSRS login to perform any other searches. Please visit http://dsrs.nntp.sol.net for details! Search: complex expression for "0&1" from 2005/04/06 00:00:00 to 2005/04/06 14:54:10 CDT 1: 1787 1.7321 Ramboyd 1966: 937 1.0000 <54031,034605@e-images.news-feed.org> 1967: 937 1.0000 <54035,384605@e-images.news-feed.org> 1968: 968 1.0000 <54042,834605@e-images.news-feed.org> 1969: 937 1.0000 <54046,534605@e-images.news-feed.org> 1970: 1122 2.6458 <6h885156ah8hgl0eca3j5qtjfnsu4ut1nu@4ax.com> TOTALS ------- ------- 1970: 1784889 2035.4788 Still, the operators of this service had a severe history of spamming and had seen dozens of news-peers and news-feeds disappear in 1997 and 1998. KK> A google groups search for that name comes up with very old KK> postings listing this site as a major source of spam: KK> http://groups-beta.google.com/groups?q=spamkiller.net You'll have better luck looking for SEXZILLA.COM, NETZILLA.NET, JAM.NET, and NEWSFEEDS.COM. (Talk about having a history!) Current domains include: NEWSFEEDS.COM NEWSGROUPS.COM NNTP.BE NUTHINBUTNEWS.COM SPAMKILLER.NET SUPERFEED.NET USENET.COM KK> http://groups-beta.google.com/group/news.admin.net-abuse.bulletins/msg/2e94f3fdbc4711ac?dmode=source Were Andrew still posting the Cancelled Spam Statistics, NEWSFEEDS.COM, in its multitude of flavors, would be at or near the top of the list. The operators of this service, Jerry "SpamZilla" Reynolds and Brad Allison, are still, themselves, net-abusing twits. As recently as about a month ago, Jerry and Brad were up to some of their old tricks, forging and running rogue cancels in an attempt to purge old articles referfing to Jerry, from the Google archives. Please see () KK> The mail carrying the peering request also names the domains jam.net and KK> sierracorporatedesign.com, for which no google hits are shown as well. KK> $ host sierracorporatedesign.com lists a large number of 10/8 addresses and KK> one 192.168/16 address. The other addresses listed are KK> sierracorporatedesign.com has address 208.33.61.146 KK> sierracorporatedesign.com has address 208.33.61.150 KK> sierracorporatedesign.com has address 208.33.61.151 KK> sierracorporatedesign.com has address 208.33.61.152 KK> sierracorporatedesign.com has address 208.33.61.153 KK> for which no web site is configured (says their webserver) and KK> sierracorporatedesign.com has address 208.33.61.154 KK> which ends up being the site for smr-usenet (whatever that is). There is ever so much more to it than that. That Jerry "Torquenstein" Reynolds and his compatriot Brad Allison are taking care not do identify their domains in the Path stamps, is a really good indication that they have far from reformed their operation. The server Path stamps match the RegExp: \!spool[0-9]{1,2}-(east|west)\!not-for-mail Default Message-IDs end, "@127.0.0.1>". For a relatively complete listing of their domains, servers and IP allocations, please see . For a listing of Path tails, including direct upstreams, please see . Also note that all of the listed upstreams are either under the direct or indirect control of KK> The fact that I cannot dig up information for these sites worries me a bit. It should. KK> Also, I don't know what smr-usenet is. I do not want to become a carrier KK> for spam injectors. Then you really should politely decline the peering request. KK> Is this a genuine peering request or should I decline that request? It's genuine. What it's not is particularly legitimate. I hope that helps in your decision making process. P.S. I'll be joining the NEWSFEEDS.COM thread in nana.policy, shortly. - -- David Ritz The suespammers.org mail server is located in California; do not send unsolicited bulk e-mail or unsolicited commercial e-mail to my suespammers.org address. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQCVAwUBQlWDxKdkAgrqVVPRAQFt+gP9HZROkTxtQEoGzNYTxBIYcIo04iOGJf+X +uCoZ+LmVrmS6FfJCxDhWQH2xbgPh86Wp5Qq42ptthpU3xTCQ6h1r+vJZY4yulVv 8ukPJhF1iRYtOWyRJEbcKhk6LBDPJY62Kppcj8HgeNpzzRxtinAZEK3qmT0pV5G3 ECjfHzgYNN4= =AEWe -----END PGP SIGNATURE----- From ???@??? Fri Jan 01 00:00:00 1999 Path: sn-us!sn-xit-10!sn-xit-06!sn-xit-13!supernews.com!freenix!usenet-fr.net!grolier!newsfeed00.sul.t-online.de!newsfeedt0.toon.t-online.de!newsfeed01.sul.t-online.de!t-online.de!koehntopp.de!not-for-mail From: Kristian =?UTF-8?B?S8O2aG50b3Bw?= Newsgroups: news.admin.net-abuse.usenet Subject: Re: What is spamkiller.net? Date: Thu, 07 Apr 2005 05:53:26 +0200 Organization: koehntopp.de Lines: 21 Message-ID: References: NNTP-Posting-Host: port-212-202-202-231.dynamic.qsc.de Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Trace: xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de 1112846007 23556 212.202.202.231 (7 Apr 2005 03:53:27 GMT) X-Complaints-To: kris@koehntopp.de NNTP-Posting-Date: Thu, 7 Apr 2005 03:53:27 +0000 (UTC) Xref: sn-us news.admin.net-abuse.usenet:358754 David Ritz wrote: > This is NEWSFEEDS.COM/JAM.NET. Thank you. The nameserver for jam.net is set up very unrestrictive and you can load interesting data on http://asset.jam.net. There is of course no indication of the accuracy or completeness of this data, but browing the server list you might be able to find a complete list of IP-numbers, some of their domain names and host names and interesting information on the internal structure of this outlet. > KK> Also, I don't know what smr-usenet is. I do not want to become a > carrier KK> for spam injectors. > > Then you really should politely decline the peering request. I will do so. Thanks to all of you people for providing information. Kristian From ???@??? Fri Jan 01 00:00:00 1999 Path: sn-us!sn-xit-12!sn-xit-01!sn-post-01!supernews.com!corp.supernews.com!yaEXPUNGEhoo.com!not-for-mail From: howardkinsd@yaEXPUNGEhoo.com (Howard Knight) Newsgroups: news.admin.net-abuse.usenet Subject: Re: What is spamkiller.net? Date: Wed, 06 Apr 2005 19:40:22 -0000 Organization: Nuke a Spammer for Bob Message-ID: <1158ep6lt6fmgbc@corp.supernews.com> References: Distribution: X-Complaints-To: abuse@supernews.com Lines: 10 Xref: sn-us news.admin.net-abuse.usenet:358750 Kristian =?UTF-8?B?S8O2aG50b3Bw?= (kris@koehntopp.de) wrote: : : I just got a peering request from a site using the path tokens: : news-in.spamkiller.net / news-out.spamkiller.net. Spamkiller.net is Newsfeeds.com. You may want to stay clear of this group (for a while anyway). There's talk of a UDP against this site in news.admin.net-abuse.policy. Howard