Vectors & Interfaces
The networking specialist
 About Vectors & Interfaces Network support services Useful resources PC News Contact The support specialist Support Guide

Attempt At Removing Yourself From The Spammer's Email Database


If spammers have been fustrating you all these while, you can also make life difficult for them. What fustrates spammers most is probably being reported. Even though there are bullet-proof hosters that doesn't care about spam reports send to them from them by Spamcop, their ip addresses will still get blacklisted. Spammers alleviate this by making the blacklist unusable. They start signing up for opt-in newsletters and then report them for spam, thus poisoning the blacklists.

Right now, Spamcop method of blacklisting is no longer solely dependent on their user's report but also other scoring methods like their own spamtrap, reputation points of the source of reported spam and automated removal of a blacklisted ip address within 24 hours once the spam stops.

Anyway to fustrate the spammers would be to temporarily run Mercury mail server of your DSL connection and then redirect all your emails for that particular domain to it. Eithier filter out all DSL connections via a blacklist, notably, dynablock.njabl.org or/and just add the following list to the transactional filter. Braindead spammers will keep trying and will eventually get through one or two emails but then just add whatever the HELO command they manage to get through with into the filter and keep going at it. Better still ban all *@yahoo.com using the killfile from Mercury if you hardly receive email from Yahoo users. If you do, you can always whitelist them in the exception option.

H, "*220.255.*", DS, "resend" --> IP Address Range of your ISP
H, "*203.125.*", DS, "resend" --> IP Address Range of your ISP
H, "*netdummy.net*", DS, "resend" --> Your Domain name that spammers will try to use in HELO command
H, "*219.74.*", DS, "resend"
H, "HELO 192.168.*", DS, "goodbye" -->Private IP block
H, "HELO 10.*", DS, "goodbye" -->Private IP Block
H, "EHLO 192.168.*", DS, "goodbye"
H, "EHLO 10.*", DS, "goodbye"
H, "HELO yahoo.com", DS, "goodbye" -->Yahoo's HELO command is not simply HELO YAHOO.COM
H, "EHLO yahoo.com*", DS, "goodbye"
H, "*hsdbsk*", DS, ""
H, "*bb.netvision.*", DS, ""
H, "*user.auna.net*", DS, ""
H, "*-200.cm.vtr.*", DS, ""
H, "*pppoe.mtu-net.ru*", DS, ""
H, "*-67-20-*", DS, ""
H, "*.ca.comcast.net*", DS, ""
H, "*.ga.comcast.net*", DS, ""
H, "*.ma.comcast.net*", DS, ""
H, "*.wa.comcast.net*", DS, ""
H, "*.il.comcast.net*", DS, ""
H, "*.or.comcast.net*", DS, ""
H, "*.pa.comcast.net*", DS, ""
H, "*.co.comcast.net*", DS, ""
H, "*.mn.comcast.net*", DS, ""
H, "*.mi.comcast.net*", DS, ""
H, "*.md.comcast.net*", DS, ""
H, "*.nh.comcast.net*", DS, ""
H, "*.ip.alltel.net*", DS, ""
H, "*.pooles.rima-tde.net*", DS, ""
H, "*.user.ono.com*", DS, ""
H, "*.onocable.ono.com*", DS, ""
H, "*.abo.wanadoo.fr*", DS, ""
H, "*.pc.metropolis-inter.com*", DS, ""
H, "*.dynamic.*", DS, ""
H, "*.fibernet.bacs-net.hu*", DS, ""
H, "*.chi.megapath.net*", DS, ""
H, "*chello062*", DS, ""
H, "*chello084*", DS, ""
H, "*pool-*", DS, ""
H, "*.client.mchsi.com*", DS, ""
H, "*.client.insightBB.com*", DS, ""
H, "*pppool.de*", DS, ""
H, "*.dclient.hispeed.ch*", DS, ""
H, "*.cpe.*", DS, ""
H, "*.pool.invitel.hu*", DS, ""
H, "*.homerun.telia.com*", DS, ""
H, "*.brbn.qwest.net*", DS, ""
H, "*adsl-66-*", DS, ""
H, "*.bwl.univie.ac.at*", DS, ""
H, "*.broadband4.iol.cz*", DS, ""
H, "*bzq-218-*", DS, ""
H, "*.sme.bredbandsbolaget.se*", DS, ""
H, "*.client.atlantech.net*", DS, ""
H, "*.customer.algx.net*", DS, ""
H, "*210.5.1*", DS, ""
H, "*h-68-167-*", DS, ""
H, "*cmu-24-35-124-*", DS, ""
H, "*c-24-13-*", DS, ""
H, "*213-173-*", DS, ""
H, "*-193961616*", DS, ""
H, "*host217-*", DS, ""
H, "*host-208-*", DS, ""
H, "*CBL217-*", DS, ""
H, "*cdm-66-76-*", DS, ""
H, "*c-24-118-*", DS, ""
H, "*c-67-166-*", DS, ""
H, "*205-231-*", DS, ""
H, "*customer-200-79-*", DS, ""
H, "*d-65-175-*", DS, ""
H, "*66.88.215.*", DS, ""
H, "*dsl-084-056-*", DS, ""
H, "*.dsl.att.*", DS, ""
H, "*221-134-*", DS, ""
H, "*200-1*", DS, ""
H, "*dynamicIP*", DS, ""
H, "*CPE-70-*", DS, ""
H, "*cpe-6*", DS, ""
H, "*.bb.banban.jp*", DS, ""
H, "*.res.rr.com*", DS, ""
H, "*CPE-65-*", DS, ""
H, "*CPE-68-*", DS, "pls wait .."
H, "*CPE-203-*", DS, "pls wait .."
H, "*PCP0888*", DS, ""
H, "*C-24-*", DS, ""
H, "*.customer.telesp.net.br*", DS, ""
H, "*.Local*", DS, ""
H, "*.dyn.sprint*", DS, ""
H, "*66-53-*", DS, ""
H, "*tx-69-68-*", DS, ""
H, "*lasalle-69-162-*", DS, ""
H, "*c-67-162-*", DS, ""
H, "*82-169-*", DS, ""
H, "*geocities.com*", DS, ""
H, "*messagereach.com*", DS, ""
H, "*.monterey-grove.sfo.ygnition.net*", DS, ""
H, "*IP-216-*", DS, ""
H, "-1220*", DS, ""
H, "*.dynamic.hinet.net*", DS, "r"
H, "*dynamic.dsl.as9105.com*", DS, ""
H, "*.dhcp.ahvl.nc.charter.com*", DS, ""
H, "*.internetdsl.*", DS, ""
H, "*85-65-*", DS, ""
H, "*host-81-*", DS, ""
H, "*.pool.t-online.hu*", DS, ""
H, "*.cable.ntl.com*", DS, ""
H, "*.cable.mindspring.com*", DS, ""
H, "*.*", DSN, "552 Invalid FQDN" --> Any helo without dot will be filter
H, "*S0106*", DS, ""
H, "*host-2*", DS, ""
H, "*USER-*", DS, ""
H, "*.user.auna.net*", DS, ""
H, "*client-2*", DS, ""
H, "*-cuda1-68-*", DS, ""
H, "*home.cgocable.net*", DS, ""
H, "*.internetdsl.tpnet.pl*", DS, ""
H, "*.cable.wanadoo.nl*", DS, ""
H, "*.dialup.atnet.ru*", DS, ""
H, "*.hkcable.*", DS, ""
H, "*.ppp.tiscali.fr*", DS, ""
H, "*rev-213-*", DS, ""
H, "*-151.net24.it*", DS, ""
H, "*.adsl.*", DS, ""
H, "*.bhz.virtua.com.br*", DS, ""
H, "*FR-LIM-C*", DS, ""
H, "*digital-154-233.*", DS, ""
H, "*.dhcp.sprint-hsd.net*", DS, ""
H, "*.adsl-dhcp.*", DS, ""
H, "*dup-200-.*", DS, ""
H, "*dialup-4.*", DS, ""
H, "*localhost*", DS, ""
H, "*.customer.*", DS, ""
H, "*.dsl.telesp.*", DS, ""
H, "*client-*", DS, ""
# This will filter out the [] in Re[] for a particular spam
H, "*[[]*[]]*", DS, ""
S, "*re[[]*", DS, ""
S, "*re?[[]*", DS, ""
H, "*.in-addr.arpa*", DS, ""
H, "*.211-TDTV.*", DS, ""
# Bob Lim should be addressed as Bob Lim in the RCPT TO:, not Boblim, so filter it
R, "*boblim*boblim*", DS, ""

Hopeless residential China & Korea IP addresses that are also worthwhile blacklisting;

61.169.117.1 - 61.172.117.254
220.64.0.1 - 220.95.255.254
221.138.0.1 - 221.168.255.254
211.161.0.1 - 211.255.255.254
221.216.0.1 - 221.223.255.254
220.160.0.1 - 220.191.255.254
220.112.0.1 - 220.127.255.254
222.32.0.1 - 222.122.255.254
222.232.0.1 - 222.247.255.254
211.104.0.1 - 211.119.255.254
218.144.0.1 - 218.159.255.254

These are mainly known spammers' ip addresses from China Telecom (CHINANET), Hanaro Telecom (HANANET) & Korea Network (KORNET) which are non-responsive to spam reports (non-spamming ones are not added). Beware of blocking other range outside the above list as you may be blocking legit emails from Japan, Taiwan & Hong Kong.

The block owner's details are obtained from http://www.apnic.net/apnic-bin/whois.pl. You can addon to the list above to include a bigger range to filter out.

Even if they managed to get through, they would have wasted a lot of time retrying and that is good enough. Eventually when they calculated the amount of time trying to spam the few difficult to get through email addresses, they will remove you from their list. They are fast when it comes to removal of invalid email addresses or in this case troublesome email addresses.

Make sure that you have properly setup your SPF records for your domain because they may try to have their revenge by listing you as the sender instead and causing you to receive alot of bounce mails and angry emails addressed to the spammers which the recipient assumed its you.

Finally, you can also report those spam mails that you've received to the IP block owner where the spam originates, the registrar of the site advertised and their hosting company.

List of known bad IP address block