Saturday, February 16, 2008


who protects Herbal King?

I get more spam from the Herbalking gang than from any other spammer. That's because Herbalking is so confident that he is "bullet proof" that he sends spam to postmaster@ addresses. Those addresses are less heavily filtered than regular users'. Spamhaus seems to think the gang, to the degree that these gangs are based in any particular country, is Indian.

Herbalking sends through botnets. My system rejects spam from most consumer-residential bots, but Herbalking also has bots on compromised web hosts and "small business" and academic servers. Those are the ones that get through here. Every few days I pick one and inform the owner of the compromised server. Unfortunately, hardly anybody else does that. More often than not, the owner's published contact info is wrong, or the reports just disappear. Of the ones who reply, most are grateful. Perhaps a fifth insist that I am wrong, and either the spam could not possibly have come from their equipment or someone else is responsible for that equipment. These people tend to be ignorant of the basics of computer networking and security, and believe that an SMTP sender IP address can be "spoofed" or that their equipment is invulnerable because they bought an "anti virus" product.

Herbalking's "pharmacy" mail order sites are mostly hosted on the rogue ISP "ZBYD" in Beijing. As far as I know, ZBYD is owned and operated by spammers. It's connected to the Internet through Great Wall Broadband Network Service Co., Ltd of Beijing, and its route to North America is through an undersea fiber operated by China Netcom, which terminates in a neutral exchange point in Los Angeles. That's three layers of companies you can't even contact. The only thing that could affect ZBYD would be if the major consumer service providers decided to block traffic from its IP addreses. They won't even talk about doing that. They're lazy and indifferent, and they're not under any real pressure to do it, and recently they've become paranoid about creating the appearance of not offering "net neutrality."

This page is powered by Blogger. Isn't yours?