Outscatter below, is mail "bounce" from an automated sender to a non-existent or
otherwise non-originating account.
Snapshot as of Tue, 05 Aug 2008 15:22:13 MDT (also the Last-Modified: header for this page.)
| Blocked | CIDR | Symantec Spammer | Claimed to be |
|---|---|---|---|
| 2005-02-18 | 4.19.116.132 | redskies.marathonelectric.com | redskies.marathon.com |
| 2004-11-21 | 12.15.192.17 | email1.ansi.org | spam1.ansi.org |
| 2005-02-04 | 12.17.223.68 | navgw.affinitygroup.com | navgw.affinitygroup.com |
| 2005-06-09 | 12.17.223.69 | navgw2.affinitygroup.com | navgw2.affinitygroup.com |
| 2004-07-27 | 12.25.131.238 | mail-scan.nixonvan.com | defender.nixonvan.com |
| 2005-01-23 | 12.27.119.30 | smtpgate.competitive.com | smtpgate.competitive.com |
| 2004-10-13 | 12.35.47.87 | smtp.capitolusa.com | CAPITOL_DOCS.domain.local |
| 2004-08-02 | 12.41.208.230 | mail.emprisebank.com | mailbox.EMPRISE.COM |
| 2005-03-07 | 12.106.108.226 | mail.xpac.com | corp-p1.xpac.com |
| 2004-10-01 | 12.107.111.246 | smtp.amcol.com | smtp.amcol.com |
| 2004-07-24 | 12.152.133.254 | mail.qcsinet.com(forged) | srcp-dmz1.qcsinet.com |
| 2004-10-31 | 12.154.66.28 | savsmtp.fcbs.com | savsmtp.fcbs.com |
| 2004-07-30 | 12.163.14.5 | mail.nan.net | ir-mail.nan.net |
| 2004-09-06 | 62.1.1.59 | qmail4.internet.gr | qmail4.internet.gr |
| 2004-10-17 | 63.89.240.90 | mailgate.rocs.com | mg2.rocs.com |
| 2004-07-21 | 63.150.172.203 | smtp32.cenveo.com | smtp32.cenveo.com |
| 2005-02-10 | 63.150.172.204 | smtp31.cenveo.com | smtp32.cenveo.com |
| 2005-01-25 | 63.169.47.70 | norton.countrymark.com | arcserve.countrymark.com |
| 2004-09-12 | 63.225.160.137 | mail.air-commodities.com | air-smtp.air-commodities.com |
| 2004-06-21 | 64.39.129.247 | mailgate.colquitt.k12.ga.us | mailgate.colquitt.k12.ga.us |
| 2004-06-30 | 64.69.125.26 | Merlin.OrangeResearch.com | wizard.orangeresearch.com |
| 2004-07-02 | 64.122.140.35 | cuningham.com | SMTPIN.cuningham.com |
| 2005-01-29 | 64.215.91.195 | mail.edmundsassoc.com | NTServer.edmundsassoc.com |
| 2005-01-13 | 65.89.156.134 | srvcrpgw.truckenterprises.com | srvcrpgw.truckenterprises.com |
| 2005-05-22 | 65.113.7.2 | \N | viruscheck.mmgworldwide.com |
| 2005-06-14 | 65.116.76.6 | bulldog.abam.com | bulldog.abam.com |
| 2004-12-06 | 65.126.201.2 | \N | wfb.com |
| 2004-07-09 | 65.161.163.44 | emailscanner.onsetcomp.com | emailscanner.onsetcomp.com |
| 2004-06-18 | 65.173.135.203 | mail.ufreight.com | insidemx1.ufreight.com |
| 2004-06-29 | 65.197.29.80 | \N | neosav.medinetwork.net |
| 2004-09-30 | 65.208.59.13 | mail3.tpi.net | TPI-GW1.tpi-na.com |
| 2004-09-16 | 65.220.101.226 | 226.planetcsi.com(forged) | 226.planetcsi.com |
| 2004-12-01 | 65.222.188.7 | savgw.citizen.org | savgw.citizen.org |
| 2004-08-28 | 65.242.153.19 | navgw.cbainfo.net | navgw.cbainfo.net |
| 2005-03-13 | 66.15.121.190 | mx02.thompsoncataloggroup.com | mx02.thompsoncataloggroup.com |
| 2004-07-18 | 66.47.18.122 | user-112u4jq.biz.mindspring.com | navgw.source-t.com |
| 2005-03-13 | 66.72.1.3 | \N | 66-147-138-163.focaldata.net |
| 2004-11-23 | 66.178.175.4 | riof5.pape.com(forged) | navmail.ackleytools.com |
| 2004-11-02 | 66.238.255.94 | mail.bankjobs.com | mail.bankjobs.com |
| 2004-07-20 | 67.39.50.216 | gtw.windway.com | gtw.windway.com |
| 2004-10-18 | 67.71.227.219 | mail.bfsent.com | smtp-gateway.bfsent.com |
| 2004-06-22 | 67.128.244.254 | mailhub01.huttig.com(forged) | HBP-MAILHUB01.huttig.com |
| 2005-02-08 | 68.22.4.67 | fw3.abcwarehouse.com | [68.22.4.67] |
| 2004-07-27 | 68.23.203.202 | eomalliance.eohiomach.com | eomalliance.eohiomach.com |
| 2005-06-12 | 69.39.1.7 | mail3.1cis.com | mail3.dev.1cis.com |
| 2004-09-20 | 69.63.64.3 | webs.swazi.net | webs.swazi.net |
| 2004-11-03 | 129.49.1.4 | mail.ic.sunysb.edu | mail.ic.sunysb.edu |
| 2004-09-06 | 129.49.2.175 | ms.cc.stonybrook.edu | ms.cc.sunysb.edu |
| 2004-07-23 | 131.165.63.84 | mail3.kmd.dk | mail3.kmd.dk |
| 2004-09-14 | 132.250.83.3 | s2.itd.nrl.navy.mil | s2.itd.nrl.navy.mil |
| 2004-08-11 | 134.115.4.48 | phobos.murdoch.edu.au | phobos.murdoch.edu.au |
| 2004-09-30 | 134.115.4.49 | deimos.murdoch.edu.au | deimos.murdoch.edu.au |
| 2004-11-03 | 137.155.12.12 | mail.cnu.edu | messenger.cnu.edu |
| 2004-07-25 | 137.155.12.210 | drake.cnu.edu | drake-hme0.cnu.edu |
| 2004-09-13 | 144.74.151.68 | symav5.cc2.rpslmc.edu | symav5.cc2.rpslmc.edu |
| 2004-07-02 | 146.110.2.4 | bors.bkae.hu | bors.bkae.hu |
| 2004-10-09 | 149.31.5.22 | mailscan.newschool.edu | mailscan.newschool.edu |
| 2004-10-16 | 151.198.85.180 | \N | 2kmx1.burgesssteel.com |
| 2004-06-18 | 161.24.13.170 | navgw2.ita.cta.br | navgw.ita.cta.br |
| 2004-12-24 | 165.190.1.35 | woodstock.cr.duq.edu | woodstock.cr.duq.edu |
| 2005-02-18 | 168.8.238.250 | mail.chattooga.k12.ga.us | w2k-fs2.chattooga.k12.ga.us |
| 2005-05-17 | 193.41.118.22 | mailwash01.dnsdrift.net | mailwash01.dnsdrift.net |
| 2004-09-07 | 193.232.193.52 | \N | vs1.cemi.rssi.ru |
| 2004-08-12 | 194.67.27.194 | \N | ns1.metric.ru |
| 2004-07-26 | 194.84.225.3 | www.dti.ru | www.dti.ru |
| 2004-08-24 | 194.113.247.123 | mail02.duesseldorf.de | mail02.duesseldorf.de |
| 2004-07-24 | 194.228.18.34 | ns.cpoj.cz | ns.cpoj.cz |
| 2004-09-30 | 195.69.156.67 | ns.icmm.ru | ns.icmm.ru |
| 2004-06-17 | 195.245.202.101 | \N | av02.informatikk.no |
| 2005-03-13 | 198.29.191.38 | icewall2.ceco.com | icewall2.ceco.com |
| 2004-10-11 | 198.141.197.63 | lhr063a.dhl.com | gateway3c.dhl.com |
| 2004-07-06 | 198.237.209.131 | navgw.scesd.k12.or.us | navgw.scesd.k12.or.us |
| 2005-03-07 | 202.181.97.92 | www282.sakura.ne.jp | www282.sakura.ne.jp |
| 2004-06-18 | 202.214.244.196 | cscusm4.cybernet.co.jp | cscusm4.cybernet.co.jp |
| 2005-01-25 | 203.26.190.3 | tat2fire1.tnt.com.au | tnt.com.au |
| 2004-07-17 | 203.176.88.121 | fes02.lc-2.la.inter.net | fes02.lc-2.la.inter.net |
| 2004-07-24 | 204.130.175.8 | baker.odp.com | baker.odp.com |
| 2004-08-29 | 204.130.249.17 | 017.249-130-204-pasco.com(forged) | p17.pasco.com |
| 2004-10-18 | 204.166.104.11 | firewall.princesshouse.com | navgw.princesshouse.com |
| 2005-02-08 | 206.47.252.147 | navgw1.ozoptics.com | navgw1.ozoptics.com |
| 2004-09-08 | 206.142.97.95 | mail.jalsys.com | mail.jalsys.com |
| 2005-02-11 | 206.154.208.134 | mailgw.ddiglobal.com | nav1.ddiglobal.com |
| 2004-10-01 | 207.59.63.213 | \N | emailav.guc.com |
| 2004-07-26 | 207.102.25.34 | ivlreports.ivl.ca(forged) | ivlreports.ivl.ca |
| 2004-07-19 | 207.157.122.40 | avgateway2.usouthal.edu | avgateway2.usouthal.edu |
| 2004-12-04 | 207.175.35.204 | mail2.lospadresbank.com | gate.lospadresbank.com |
| 2004-08-10 | 208.159.153.32 | saturn2.yaskawa.com | saturn2.yaskawa.com |
| 2005-04-13 | 208.217.9.173 | mail.arcnow.com | mail.alrc.com |
| 2005-02-04 | 208.230.169.70 | nahangwy.nahan.com | nahangwy.nahan.com |
| 2005-02-17 | 209.190.239.98 | 62.efbed1.client.atlantech.net | exchsrvr.nasddds.org |
| 2004-06-25 | 209.232.1.178 | smtp-la01.lausd.k12.ca.us | navex.lausd.net |
| 2004-06-03 | 209.239.36.83 | host2.siteaction.com | host2.siteaction.com |
| 2004-09-30 | 209.241.11.24 | nav.aston-hotels.com | NAV-EMAIL3.aston-hotels.com |
| 2004-08-13 | 209.251.35.199 | scanner2.syssrc.com | scanner2.syssrc.com |
| 2005-03-04 | 210.71.44.165 | \N | smtp.ndu.edu.tw |
| 2004-10-06 | 210.145.176.80 | post1.nttnavi.co.jp | post1.nttnavi.co.jp |
| 2004-06-18 | 210.156.37.2 | poplar.hachinohe-ct.ac.jp | poplar.hachinohe-ct.ac.jp |
| 2004-06-02 | 210.188.184.244 | namesvr.bunkyo.ac.jp | namesvr.bunkyo.ac.jp |
| 2004-06-22 | 212.192.106.58 | gis.green.tsu.ru | gis.corp.green.tsu.ru |
| 2004-07-30 | 212.248.125.102 | Novatek.Moscow.access.comstar.ru(forged) | proxy.novatek.ru |
| 2005-03-09 | 213.26.242.43 | pop.piaggio.com | mercurio.piaggio.COM |
| 2004-08-29 | 213.55.64.53 | gateway.telecom.net.et | gateway.telecom.net.et |
| 2005-01-23 | 216.109.50.71 | \N | mail.tcss.net |
| 2005-06-12 | 216.139.42.67 | smtp.specialized.com | smtp.specialized.com |
| 2004-09-20 | 216.164.119.2 | rcnns1.wit.edu | rcnns1.wit.edu |
| 2004-09-16 | 217.66.145.2 | ns2.spbmts.ru | sandra.spbmts.ru |
| 2004-09-02 | 217.71.64.55 | mx1.cr-surfing.net | mx1.cr-surfing.net |
| 2004-07-05 | 217.71.64.56 | sun-net-b.cr-surfing.net | sun-net-b.cr-surfing.net |
| 2004-10-10 | 218.219.145.77 | mgw.skz.or.jp | mgw.skz.or.jp |
According to press releases, sending mail such as that which prompted the blocking
indicated above, is a known and deliberate spam setting in the software, common in the
anti-virus community. According to such reports, the software can be set to NOT send
such spam, but they're fine with having their customers become spammers in their behalf.
A similar situation exists with the Barracuda Spamming Firewall, QMail, and Plesk. Then,
there's Microsoft Exchange in a class by itself, although some may also be listed above.
Some even spew this out their trusted Domain Nameservers.
The above listed sites are already participants in a DDoS attack, as
described and widely
warned against in a 2004 white paper.
See also: DDoS Attack Hosts
>>This<< webpage was first
posted at the end of
January 2005.
Note: Some hosts named "SAV" might be Sophos Antivirus instead of Symantec.