B2B spam selling lists of email addresses continue to flow in. The Sloan Marketing spam group is dressed up in its usual various scattered domain names, using throwaway domains this week like: usdatatrust.biz, esource.biz, ezmarketers.net, atcontactworld.com, globalitsearch.com, database-media.com, stillvisitmedium.com, businessinvites.com, webinarsrule.com, and more.
trackmye.com is a spammer management login page that we don’t see all that often.
We thought that perhaps winconsolutions.com had been retired, but we saw it again this week, including two spelling variations on the domain name: winnconsolution.com and winconsolution.net.
Their spam is being sent from the usual servers, such as dns342.com, webhostingcloud.biz, mailhostbox.com, authmailer.com. These domain names are so bland-sounding that they escape notice and rarely get blacklisted.
We updated our SpamAssassin rules today for this group of B2B spam, as follows:
describe B2BL_SL B2B Email addresses for sale (SL)
full B2BL_SL /(winn?consolutions?|send4mail|trackmye|usdatatrust|futuristicinc|krystallistonline|crystalcommunicationinc|express-mails|newsproexpress|emaildata(web|division)|targetleadz|mercurydesk|businessinvites|invitebusinesses|initiateventure|database-media|prospect(advert|unlimited)|e(globesearch|mailslist)|specificroi|roi(emails|marketingcenter)|(co|infoe)mails?|mails([i1]|eone)|globalitsearch|itdataweb|stillvisitmedium|(eddy|auth)mailer|webinarsrule|acquiredatanetworking|\besource|paper2green|worldwidemailaccess|atcontactworld|(crunch|(the|my)green|ez)marketers)\.(com|biz|net|us|org)/i
score B2BL_SL 20
describe B2BL_SL_SRV Domain touches/sends B2B spam (SL)
full B2BL_SL_SRV /((eddy|auth)mailer|serveridream|webhostingcloud|texasserver|dataserver|eserver2|authsender|hostkey53|dns342|webhostingnoida|srteck|stechblr|hosthat|mail-zap|mailhostbox|nseasy)\.(com|net|info|biz)/i
score B2BL_SL_SRV 20