Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Peter N. M. Hansteen via mailop]

This particular campaign did not rise above the normal background noise here, 
but
the previous campaigns that I have seen really do not differ much from the quite
ordinary, boring and perhaps even slightly incompetently run spamming 
campaigns. 

Apart from the content that seems to raise some eyebrouws, they only stand out
for their incompentence. In particular, their reliance on address lists that
have not been at all vetted.

So of course perpetrators should be subject to the usual measures, and any 
abuse@ worth their salt should act upon reports.

But also please convey to any users that it is almost certain that the 
embarrasing
videos do not in fact exist. Unless of course you think that a particular user
deserves to live in fear of just that.

All the best,
Peter

On Thu, Jan 25, 2024 at 05:58:07PM +0100, Peter N. M. Hansteen via mailop wrote:
> On Thu, Jan 25, 2024 at 07:10:13AM +0100, Hans-Martin Mosner via mailop wrote:
> > Tonight we received a huge wave of extortion spams from OVH hosted domains
> > trying to get bitcoin payments. The senders claim that recipients watched
> > child porn.
> 
> Your customers might find a tiny bit of solace in that rather conclusive 
> evidence exists that the supposed videos do not in fact exist, anywhere. 
> 
> A rather significant subset of my "imaginary friends" (aka spamtraps) are 
> at the receiving end of those campaigns at fairly frequent intervals. 
> 
> Your customers (and perhaps others) could usefully read my 2022 piece 
> "The Despicable, No Good, Blackmail Campaign Targeting ... Imaginary Friends?"
> (https://www.nxdomain.no/~peter/despicable_no_good_blackmail.html or with 
> nicer
> formatting plus G's trackers at 
> https://bsdly.blogspot.com/2022/12/the-despicable-no-good-blackmail.html).
> 
> Both versions have links to materials with more detailed information.
> 
> All the best,
> Peter
> 
> -- 
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Alexandre Dangreau via mailop]

Hello, 

We received alert from spamcop for thoses IP.  It’s a new account created after 
the termination of the previous one who send *.sbs mail. Account closed. If you 
send report to mailto:ab...@ovh.net (or ab...@ovh.ca) , don’t hesitate to send 
to me the abuseID (abuse#ABCDEFG) or the mail address to use to send reports to 
us. 


-- 
Alexandre Dangréau
Head of Trust & Safety 


__
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you.


De : mailop  au nom de Hans-Martin Mosner via mailop 

Répondre à : "mailop@mailop.org" 
Date : samedi 27 janvier 2024 à 23:03
À : "mailop@mailop.org" 
Objet : Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

Am 26.01.24 um 09:42 schrieb Simon Bressier via mailop:
Hi all, 

FYI Hans-Martin, I reached out to ovh team yesterday night to push your 
message, seems your abuse report has been processed by the proper team. No idea 
if they answered you, but at least, they have handled the report, and probably 
done the appropriate actions.
Actions maybe, appropriate probably not.
Today the spammers use .sbs domains on OVH IPs again:
mx.h.orku.sbs 51.68.81.175
mx.j.eown.sbs 51.89.230.64
mx.a.mykf.sbs 146.59.116.127
I can't see the content, as we refuse to accept anything from *.sbs at the 
moment, for good reasons.
Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Alexandre Dangreau via mailop]

Hello, 

We have some rules to prevent SPAM, but we don't have any software access to 
the customer's server. Each customer is responsible of his use regarding the 
law and our term and condition. After receiving an abuse report, we let enough 
time for the customer to solve the issue, and if don't we take actions against 
his services.

To prevent out-coming SPAM, we use the VADE antispam engine. As all automatic 
detection it can exist false positive and false negative. The other way for us 
to know if a customer has a bad behavior is to receive abuse reports.

For this specific case, the report was received and handled at the same time 
you "escalate" the case on this ML. 

For next case, you can send me a direct message 


-- 
Alexandre Dangréau
Head of Trust & Safety 
VU.Ethics & Compliance 

 

__ 
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you. 





Le 26/01/2024 20:16, « mailop au nom de Randolf Richardson, Postmaster via 
mailop » mailto:mailop-boun...@mailop.org> au nom 
de mailop@mailop.org > a écrit :


> According to Randolf Richardson, Postmaster via mailop 
> mailto:postmas...@inter-corporate.com>>:
> > I'm just chiming in here with some support for you because I know a 
> >few people who use OVH as well.
> >
> > Blocking on a case-by-case basis is the better approach so that 
> >legitimate (non-spamming) hosts aren't penalized.
> 
> When I look at my logs and see the amount of spam from OVH networks,
> it's just not worth the effort to try and pick out the trickle of
> non-spam.


Everyone has different experiences. When a network is a spam sewer 
that's dumping onto your systems, then blocking the entire network is 
certainly the more sensible option.


...and then making exceptions for the few who are "lost at sea on 
the wrong boat" in said network's polluted waters and who your users 
want/need to receive communications from. (It's terrible that the 
internet has come to this, and I remember a few people in NANAE, 
decades ago, predicting these types of problems.)


> If you want people to accept your mail, act like you do and send it
> from a network that doesn't gush spam.


I agree.


I remember setting up a Virtual Machine for a client on OVH many 
years ago. There were major limitations on OS installation, which 
was confirmed by their technical support, so we closed the account 
and chose a different provider. So, given that OVH runs a limited 
service (or maybe they don't do that anymore?), I'm surprised that 
they don't seem to be so stringent about their clients sending spam.


-- 
Postmaster - postmas...@inter-corporate.com 

Randolf Richardson, CNA - rand...@inter-corporate.com 

Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/ 




___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop 




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Simon Bressier via mailop]

Hi,

I don’t work there so I can’t do much, I have told them to register to that
ML, so they can react when there’s something about ovh.

Let’s see :)

Le sam. 27 janv. 2024 à 23:02, Hans-Martin Mosner via mailop <
mailop@mailop.org> a écrit :

> Am 26.01.24 um 09:42 schrieb Simon Bressier via mailop:
>
> Hi all,
>
> FYI Hans-Martin, I reached out to ovh team yesterday night to push your
> message, seems your abuse report has been processed by the proper team. No
> idea if they answered you, but at least, they have handled the report, and
> probably done the appropriate actions.
>
> Actions maybe, appropriate probably not.
>
> Today the spammers use .sbs domains on OVH IPs again:
>
> mx.h.orku.sbs 51.68.81.175
> mx.j.eown.sbs 51.89.230.64
> mx.a.mykf.sbs 146.59.116.127
>
> I can't see the content, as we refuse to accept anything from *.sbs at the
> moment, for good reasons.
>
> Cheers,
> Hans-Martin
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Philip Paeps via mailop]

On 2024-01-25 14:10:13 (+0800), Hans-Martin Mosner via mailop wrote:
Tonight we received a huge wave of extortion spams from OVH hosted 
domains trying to get bitcoin payments. The senders claim that 
recipients watched child porn.


I'm seeing these come in from several places.  They get trapped by 
content filters looking for bitcoin addresses (and other signals).


This is the final straw for me to add a rule to reject all mail 
traffic from OVH until the sender is whitelisted. OVH is completely 
unresponsive to abuse complaints, they won't even react when clearly 
criminal activity happens from their IP space.


Your network, your rules.

Unfortunately, for many of us, rejecting all email from OVH would 
increase our workload, not decrease it.  Surprisingly many legitimate 
organisations host their email at OVH.



The domains used were:

aoyn.sbs
bnop.sbs
burx.sbs
[...]


TempFailing mail from domains that don't resolve is uncontroversial and 
very effective.


Philip
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Hans-Martin Mosner via mailop]

Am 26.01.24 um 09:42 schrieb Simon Bressier via mailop:

Hi all,

FYI Hans-Martin, I reached out to ovh team yesterday night to push your message, seems your abuse report has been 
processed by the proper team. No idea if they answered you, but at least, they have handled the report, and probably 
done the appropriate actions.


Actions maybe, appropriate probably not.

Today the spammers use .sbs domains on OVH IPs again:

mx.h.orku.sbs 51.68.81.175
mx.j.eown.sbs 51.89.230.64
mx.a.mykf.sbs 146.59.116.127

I can't see the content, as we refuse to accept anything from *.sbs at the 
moment, for good reasons.

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Randolf Richardson, Postmaster via mailop]

> According to Randolf Richardson, Postmaster via mailop 
> :
> > I'm just chiming in here with some support for you because I know a 
> >few people who use OVH as well.
> >
> > Blocking on a case-by-case basis is the better approach so that 
> >legitimate (non-spamming) hosts aren't penalized.
> 
> When I look at my logs and see the amount of spam from OVH networks,
> it's just not worth the effort to try and pick out the trickle of
> non-spam.

Everyone has different experiences.  When a network is a spam sewer 
that's dumping onto your systems, then blocking the entire network is 
certainly the more sensible option.

...and then making exceptions for the few who are "lost at sea on 
the wrong boat" in said network's polluted waters and who your users 
want/need to receive communications from.  (It's terrible that the 
internet has come to this, and I remember a few people in NANAE, 
decades ago, predicting these types of problems.)

> If you want people to accept your mail, act like you do and send it
> from a network that doesn't gush spam.

I agree.

I remember setting up a Virtual Machine for a client on OVH many 
years ago.  There were major limitations on OS installation, which 
was confirmed by their technical support, so we closed the account 
and chose a different provider.  So, given that OVH runs a limited 
service (or maybe they don't do that anymore?), I'm surprised that 
they don't seem to be so stringent about their clients sending spam.

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Jaroslaw Rafa via mailop]

Dnia 25.01.2024 o godz. 22:00:08 John Levine via mailop pisze:
> 
> As I may have said once or twice before, when you pick the cheapest,
> crummiest option, often you get what you pay for.

s/the cheapest, crummiest option/the option you CAN actually afford/

Certainly you, John, are not the person who needs to be taught about the
fact that Internet is not only an American thing, and even more - it's not
only a "Western" thing, and that there are HUGE economic discrepancies
between countries in the world, as well as different financial regulations,
different currencies etc.

But even people who have extensive theoretical knowledge often fail to
actually apply it when it comes to practice.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Hans-Martin Mosner via mailop]

Am 26.01.24 um 09:42 schrieb Simon Bressier via mailop:

Hi all,

FYI Hans-Martin, I reached out to ovh team yesterday night to push 
your message, seems your abuse report has been processed by the proper 
team. No idea if they answered you, but at least, they have handled 
the report, and probably done the appropriate actions.


Thanks Simon!

Good to know the abuse address is not a black hole, although it would be 
a bit nicer if there were at least some feedback indicating that the 
something was done (not a bot feedback confirming receipt, although that 
would still be more than silence). Since the *.sbs spam stopped, I 
already assumed that the situation had been dealt with.


Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Simon Bressier via mailop]

Hi all,

FYI Hans-Martin, I reached out to ovh team yesterday night to push your
message, seems your abuse report has been processed by the proper team. No
idea if they answered you, but at least, they have handled the report, and
probably done the appropriate actions.

On Thu, Jan 25, 2024 at 7:13 AM Hans-Martin Mosner via mailop <
mailop@mailop.org> wrote:

> Tonight we received a huge wave of extortion spams from OVH hosted domains
> trying to get bitcoin payments. The senders claim that recipients watched
> child porn.
>
> This is the final straw for me to add a rule to reject all mail traffic
> from OVH until the sender is whitelisted. OVH is completely unresponsive to
> abuse complaints, they won't even react when clearly criminal activity
> happens from their IP space.
>
> The domains used were:
>
> aoyn.sbs
> bnop.sbs
> burx.sbs
> enux.sbs
> fojr.sbs
> hnls.sbs
> nbot.sbs
> ouhb.sbs
> pxur.sbs
> rnuh.sbs
>
> with the IP addresses
>
> 51.89.5.129
> 51.89.5.145
> 51.89.175.30
> 51.89.175.173
> 51.89.175.196
> 54.38.1.200
> 57.128.16.249
> 57.128.60.137
> 57.128.83.193
> 57.128.123.32
> 57.128.165.75
> 57.128.166.120
> 91.134.96.213
> 91.134.97.224
> 91.134.97.232
> 135.125.66.34
> 135.125.66.86
> 135.125.66.217
> 135.125.217.78
> 141.94.64.94
> 141.95.108.175
> 148.113.137.42
> 148.113.139.81
> 148.113.140.91
> 148.113.141.117
> 148.113.143.4
> 162.19.68.117
>
> It's probably pointless to call for a general OVH boycott, as much as I
> would like to do that :-)
>
> Cheers,
> Hans-Martin
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[John Levine via mailop]

According to Randolf Richardson, Postmaster via mailop 
:
>   I'm just chiming in here with some support for you because I know a 
>few people who use OVH as well.
>
>   Blocking on a case-by-case basis is the better approach so that 
>legitimate (non-spamming) hosts aren't penalized.

When I look at my logs and see the amount of spam from OVH networks,
it's just not worth the effort to try and pick out the trickle of
non-spam.

If you want people to accept your mail, act like you do and send it
from a network that doesn't gush spam.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[John Levine via mailop]

It appears that Jaroslaw Rafa via mailop  said:
>Dnia 25.01.2024 o godz. 07:10:13 Hans-Martin Mosner via mailop pisze:
>> It's probably pointless to call for a general OVH boycott, as much as I
>> would like to do that :-)
>
>I would be the first to object to that, because my server is hosted at OVH :)

As I may have said once or twice before, when you pick the cheapest,
crummiest option, often you get what you pay for.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Russell Clemings via mailop]

If the scammers actually had such a video, wouldn't they include a
screenshot?

On Thu, Jan 25, 2024 at 9:03 AM Peter N. M. Hansteen via mailop <
mailop@mailop.org> wrote:

> On Thu, Jan 25, 2024 at 07:10:13AM +0100, Hans-Martin Mosner via mailop
> wrote:
> > Tonight we received a huge wave of extortion spams from OVH hosted
> domains
> > trying to get bitcoin payments. The senders claim that recipients watched
> > child porn.
>
> Your customers might find a tiny bit of solace in that rather conclusive
> evidence exists that the supposed videos do not in fact exist, anywhere.
>
> A rather significant subset of my "imaginary friends" (aka spamtraps) are
> at the receiving end of those campaigns at fairly frequent intervals.
>
> Your customers (and perhaps others) could usefully read my 2022 piece
> "The Despicable, No Good, Blackmail Campaign Targeting ... Imaginary
> Friends?"
> (https://www.nxdomain.no/~peter/despicable_no_good_blackmail.html or with
> nicer
> formatting plus G's trackers at
> https://bsdly.blogspot.com/2022/12/the-despicable-no-good-blackmail.html).
>
> Both versions have links to materials with more detailed information.
>
> All the best,
> Peter
>
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
===
Russell Clemings

===
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Randolf Richardson, Postmaster via mailop]

> Dnia 25.01.2024 o godz. 07:10:13 Hans-Martin Mosner via mailop pisze:
> > It's probably pointless to call for a general OVH boycott, as much as I
> > would like to do that :-)
> 
> I would be the first to object to that, because my server is hosted at OVH :)

I'm just chiming in here with some support for you because I know a 
few people who use OVH as well.

Blocking on a case-by-case basis is the better approach so that 
legitimate (non-spamming) hosts aren't penalized.

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Peter N. M. Hansteen via mailop]

On Thu, Jan 25, 2024 at 07:10:13AM +0100, Hans-Martin Mosner via mailop wrote:
> Tonight we received a huge wave of extortion spams from OVH hosted domains
> trying to get bitcoin payments. The senders claim that recipients watched
> child porn.

Your customers might find a tiny bit of solace in that rather conclusive 
evidence exists that the supposed videos do not in fact exist, anywhere. 

A rather significant subset of my "imaginary friends" (aka spamtraps) are 
at the receiving end of those campaigns at fairly frequent intervals. 

Your customers (and perhaps others) could usefully read my 2022 piece 
"The Despicable, No Good, Blackmail Campaign Targeting ... Imaginary Friends?"
(https://www.nxdomain.no/~peter/despicable_no_good_blackmail.html or with nicer
formatting plus G's trackers at 
https://bsdly.blogspot.com/2022/12/the-despicable-no-good-blackmail.html).

Both versions have links to materials with more detailed information.

All the best,
Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Byung-Hee HWANG via mailop]

Hellow Jaroslaw,

On Thu, 2024-01-25 at 10:13 +0100, Jaroslaw Rafa via mailop wrote:
> Dnia 25.01.2024 o godz. 07:10:13 Hans-Martin Mosner via mailop pisze:
> > It's probably pointless to call for a general OVH boycott, as much
> > as I
> > would like to do that :-)
> 
> I would be the first to object to that, because my server is hosted
> at OVH :)

I agree. In the same vein, I cannot do anything that violates Google
Gmail policies. Because Gmail (soyeo...@gmail.com) is my final mailbox.


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Jaroslaw Rafa via mailop]

Dnia 25.01.2024 o godz. 07:10:13 Hans-Martin Mosner via mailop pisze:
> It's probably pointless to call for a general OVH boycott, as much as I
> would like to do that :-)

I would be the first to object to that, because my server is hosted at OVH :)
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

[Christopher Hawker via mailop]

If the abuse contact (ab...@ovh.net) is not responding to e-mails report the 
lack of response to RIPE NCC, the RIR that delegated the resources to them. I 
know that if members under APNIC fail to maintain an abuse and IRT contact 
their account is suspended until it is validated.

I already filter all mail traffic from OVH. They are notorious for failing to 
act on abuse reports.

Regards,
Christopher Hawker

From: mailop  on behalf of Hans-Martin Mosner via 
mailop 
Sent: Thursday, January 25, 2024 5:10 PM
To: mailop 
Subject: [mailop] Extortion spam from OVH-hosted *.sbs domains


Tonight we received a huge wave of extortion spams from OVH hosted domains 
trying to get bitcoin payments. The senders claim that recipients watched child 
porn.

This is the final straw for me to add a rule to reject all mail traffic from 
OVH until the sender is whitelisted. OVH is completely unresponsive to abuse 
complaints, they won't even react when clearly criminal activity happens from 
their IP space.

The domains used were:

aoyn.sbs
bnop.sbs
burx.sbs
enux.sbs
fojr.sbs
hnls.sbs
nbot.sbs
ouhb.sbs
pxur.sbs
rnuh.sbs

with the IP addresses

51.89.5.129
51.89.5.145
51.89.175.30
51.89.175.173
51.89.175.196
54.38.1.200
57.128.16.249
57.128.60.137
57.128.83.193
57.128.123.32
57.128.165.75
57.128.166.120
91.134.96.213
91.134.97.224
91.134.97.232
135.125.66.34
135.125.66.86
135.125.66.217
135.125.217.78
141.94.64.94
141.95.108.175
148.113.137.42
148.113.139.81
148.113.140.91
148.113.141.117
148.113.143.4
162.19.68.117

It's probably pointless to call for a general OVH boycott, as much as I would 
like to do that :-)

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Extortion spam from OVH-hosted *.sbs domains

[Hans-Martin Mosner via mailop]

Tonight we received a huge wave of extortion spams from OVH hosted domains trying to get bitcoin payments. The senders 
claim that recipients watched child porn.


This is the final straw for me to add a rule to reject all mail traffic from OVH until the sender is whitelisted. OVH is 
completely unresponsive to abuse complaints, they won't even react when clearly criminal activity happens from their IP 
space.


The domains used were:

aoyn.sbs
bnop.sbs
burx.sbs
enux.sbs
fojr.sbs
hnls.sbs
nbot.sbs
ouhb.sbs
pxur.sbs
rnuh.sbs

with the IP addresses

51.89.5.129
51.89.5.145
51.89.175.30
51.89.175.173
51.89.175.196
54.38.1.200
57.128.16.249
57.128.60.137
57.128.83.193
57.128.123.32
57.128.165.75
57.128.166.120
91.134.96.213
91.134.97.224
91.134.97.232
135.125.66.34
135.125.66.86
135.125.66.217
135.125.217.78
141.94.64.94
141.95.108.175
148.113.137.42
148.113.139.81
148.113.140.91
148.113.141.117
148.113.143.4
162.19.68.117

It's probably pointless to call for a general OVH boycott, as much as I would 
like to do that :-)

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop