Last week, “Jennifer Roberts” sent us spam selling email addresses from a throwaway domain called p-dmails.com
. It was sent from a spam server called interactiveone.net
[174.122.13.18].
Well, today “Jennifer” has been moved around a bit. This time, her new spam comes from a healthcare-leads.com
address, and was mailed from a different spam server too: texasserver.net
[64.120.173.210]. This spam still begins with, “This is Jennifer with Technology Database and Marketing Company.”
Of course, there probably is no “Jennifer Roberts:” all this spam purportedly comes from one source: the Data Champions/Sloan Marketing group in India. See the Spamhaus web site for more information on Data Champions.
Our SpamAssassin rules for blocking Data Champions spam now look something like these:
describe B2BL_SL B2B Email addresses for sale (SL)
full B2BL_SL /(360appending|(healthcare|ready)[4-]leads|datamanager|winn?consolutions?|(infinity|web)-intellectual|jaguarsus|emaillean|leadspackage|intersoftech|e(lead|source)|(infoe|edg|iba|co|infoe|send4|p-d)mails?|trackmye|usdatatrust|futuristicinc|krystallistonline|crystalcommunicationinc|express-mails|newsproexpress|(b2b|email)(data|lists?)(group|planet|web|division|source)|targetleadz|mercurydesk|businessinvites|invitebusinesses|initiateventure|database-media|prospect(advert|unlimited)|e(globesearch|mailslist)|specificroi|roi(emails|marketingcenter)|mails([i1]|eone)|globalitsearch|itdataweb|stillvisitmedium|(eddy|auth)mailer|webinarsrule|acquiredatanetworking|paper2green|worldwidemailaccess|erpusers|atcontactworld|(crunch|(the|my)green|ez|uslist|tailored)(market(ers)?|firms))\.(com|biz|net|us|org)/i
score B2BL_SL 20
describe B2BL_SL_SRV Domain touches/sends B2B spam (SL)
full B2BL_SL_SRV /((eddy|auth|iba)mailer|serveridream|idreambiz|salespass|superiorns|interactiveone|(tex(as)?|data|e)server2?|authsender|host(key53|hat|server045)|dns342|webhosting(cloud|noida)|srteck|stechblr|mail-zap|mailhostbox|mailbox29|nseasy)\.(com|net|info|biz|us)/i
score B2BL_SL_SRV 20