Road Runner is definitely the champion of spam if you view the traffic from the past few weeks. It seems that whomever is generating the Road Runner spam is randomly generating email addresses to try to find addresses that are not in use. It seems like they take an address that was once valid and alter it slightly to come up a with a new address.
For instance bill@microsoft.com might become ill@microsoft.com or tbill@microsoft.com
This kind of goes back to my idea that someone is trying to find addresses that are NOT valid on a network and send emails around that won't get to a legitimate end user but allows the "spammers" to filter these messages through the Internet. Is this some kind of covert messaging?
Another possible reason I conjured up was that perhaps they are taking previous email addresses that are now being rejected (with the help of Postini) and altering them to try to figure out what the address has changed to. Not sure - just imaging the reasons.
Or perhaps they are looking for unused addresses to try to use those addresses on unsecured mail systems to hijack the business of the other company.
As for Joe's Datacenter - someone responded to one email telling me they have gotten rid of the customer causing the spam. However it seems like the spam is not one customer but filtering through their different customers and IP ranges. Has one master device or computer been hacked? Is someone internally who supports all these systems generating this spam? Are the servers not patched and up to date? Who knows.
At any rate here are some spammers for the week:
75.127.101.248
OrgName: Global Net Access, LLC
NetRange: 75.127.64.0 - 75.127.127.255
Sat, 24 Jan 2009 14:41:37 -0800 (PST)
Sat, 24 Jan 2009 12:18:18 -0800 (PST)
Fri, 23 Jan 2009 09:15:20 -0800 (PST)
66.69.125.73
OrgName: Road Runner HoldCo LLC
NetRange: 66.68.0.0 - 66.69.255.255
Sat, 24 Jan 2009 13:10:33 -0800 (PST)
76.164.209.162
OrgName: R & D Technologies, LLC
NetRange: 76.164.192.0 - 76.164.239.255
Sat, 24 Jan 2009 12:41:39 -0800 (PST)
Sat, 24 Jan 2009 18:16:19 -0800 (PST)
Sat, 24 Jan 2009 22:23:51 -0800 (PST)
Sun, 25 Jan 2009 08:47:30 -0800 (PST)
208.94.240.219
Aarons.Net JOESDATACENTER (NET-208-94-240-0-1)
208.94.240.0 - 208.94.247.255
DataTran Systems, LLC. JDC-CUST-1173-240-209 (NET-208-94-240-208-1)
208.94.240.208 - 208.94.240.223
Sat, 24 Jan 2009 08:16:38 -0800 (PST)
208.94.244.30
Aarons.Net JOESDATACENTER (NET-208-94-240-0-1)
208.94.240.0 - 208.94.247.255
Provectus, Inc JDC-CUST-1101-244-1 (NET-208-94-244-0-1)
208.94.244.0 - 208.94.244.31
Fri, 23 Jan 2009 21:12:19 -0800 (PST)
208.85.3.23
OrgName: Turnkey Internet Inc.
NetRange: 208.85.0.0 - 208.85.7.255
Fri, 23 Jan 2009 21:12:19 -0800 (PST)
Fri, 23 Jan 2009 03:26:19 -0800 (PST)
72.12.80.251
OrgName: Oxford Networks
NetRange: 72.12.64.0 - 72.12.95.255
Thu, 22 Jan 2009 23:29:46 -0800 (PST)
207.36.1.66
Affinity Internet, Inc AFFINITY-207-36-0-0 (NET-207-36-0-0-1)
207.36.0.0 - 207.36.255.255
Affinity Dedicated AFFIN-DED-207-36-0 (NET-207-36-0-0-2)
207.36.0.0 - 207.36.8.255
Sun, 25 Jan 2009 00:33:59 -0800 (PST)
64.38.65.173
OrgName: Curatel, LLC
NetRange: 64.38.64.0 - 64.38.95.255
Sun, 25 Jan 2009 01:25:16 -0800 (PST)
64.150.180.60
OrgName: Abacus America Inc.
NetRange: 64.150.176.0 - 64.150.191.255
Sun, 25 Jan 2009 07:24:03 -0800 (PST)
NOTE: Abacus America has long been in the spammer IP range list - for years I have seen them send spam to my accounts. What is up over there?
38.98.244.88
OrgName: PSINet, Inc.
NetRange: 38.0.0.0 - 38.255.255.255
Sun, 25 Jan 2009 12:20:43 -0800 (PST)
NOTE: Cogentco is another network range that is notoriously generating spam of all kinds - from garbage traffic on my web server using various bots to spam in my in box. They are on the Performance Systems International network.
67.216.82.105
OrgName: Travail Systems, LLC
NetRange: 67.216.80.0 - 67.216.95.255
Sun, 25 Jan 2009 12:22:13 -0800 (PST)
Travail Systems continues to spam - repeatedly.
Mzima Networks, Inc. NETBLK-MZIMA-04 (NET-67-201-0-0-1)
67.201.0.0 - 67.201.63.255
Sirius Telecom MZIMA04-CUST-SIRIUSTELE04 (NET-67-201-20-0-1)
67.201.20.0 - 67.201.20.255
209.250.246.167
OrgName: RackVibe LLC
NetRange: 209.250.224.0 - 209.250.255.255
Sun, 25 Jan 2009 13:48:01 -0800 (PST)