Telefonica.es (AS3352) #1 on Spamhaus ISP SBL

17Jan10

According to  Spamhaus Top 10 Network offenders on its Spamhaus Block List Advisory, an ISP called AS3352 TELEFONICA-DATA-ESPANA has the most SBLs on Spamhaus list as of January 17th, 2010. Based on Spamhaus‘ research, this ISP is considered the current “World’s Worst Network.”  At time of this post, there are 95 SBLs belonging to Telefonica.es.

Spamhaus: The 10 Worst Spam Support ISPs
As at 17 January 2010 the ISPs with the poorest abuse control of spammers are:

Rank / SBL #  ISP domain / ASN / URL
1. 95 telefonica.es AS3352 / http://www.telefonica.es/
2. 64 ovh.net  AS16276 / http://ovh.net/
3. 59 telefonica.com.ar AS22185 /  http://www.telefonica.com.ar/
4. 46 tiscali.it AS3257 /  http://www.tiscali.it/
5. 44 xo.com AS2828 /  http://www.xo.com/
6. 38 integratelecom.com AS7385 / http://integratelecom.com/
7. 38 charter.com AS20115 / http://www.charter.com/
8. 38 ono.com AS6739 / http://www.ono.es/
9. 35 verizon.com AS19262 / http://www.verizon.com/
10. 34 telecom.com.ar AS7303 / http://www.telecom.com.ar/

Many SBLs of telefonica.es (Telefonica de Espana, AS3352, netname: RIMA ) are /32 (1 IP address) blacklistings with lots of ROKSO Canadian Pharmacy listings. Many of the Telefonica.es SBLs were added from October to December 2009. ROKSO is a list compiled by Spamhaus of the worst spamming organizations. ROKSO stands for Registry of Known Spam Operatives.

While Second ranking OVH’s listings are /32 as well, not so many current SBLs are those of ROKSO spammers. OVH.net offers both dedicated and shared hosting; unfortunately, spammers are attracted to either one. OVH.net was noted as the Worst Offending ISP on this blog back in December 2009. The good news about OVH is that it appears the admins are working on riding its network of spammers. Telefonica.com.ar is in 3rd place with 59 SBLs has larger blocklistings, such as numerous /24 which are 256 IP addresses. The ROKSO spammer’s listings on tiscali.it is  Fabio Petta – Jnternet.

One note about this top 10 list is the number of Spanish-speaking ISPs. For example: telefonica.es and ono.com / ono.es are located in Spain, while Argentina is represented by telefonica.com.ar and telecom.com.ar. Telefónica explains on its website that it is one of the largest telecommunications companies by market (Spain, Europe and Latin America).

The 2 other Euoropean-based ISPs are OVH of France and Tiscali.it in Italy. The 4 US-based providers on the Spamhaus Block List are:  XO, Charter, Integra Telecom and Verizon.  XO.com is a large  Tier-2 NSP (network service provider), while Integra Telecom is a regional ISP in the midwest and western US states, and Charter is a regional ISP.  Verizon (made up of Baby Bell companies) as an ISP is offered in most markets in the US. Verizon is also a leading wireless cell phone provider.

Spamhaus’ SBL ranking is based on Spamhaus own research of spam and so the list has its own limitations.  Among the reasons: ISPs have to contact Spamhaus to get their SBLs removed, so the SBL list is a manual process, and not automated like CBL.

If a researcher wants to know more volumes of ISP spam emiters, one can use other online tools available such as Spamcop’s list by hostname/ IP. Though much smaller in scope than Spamcop, German Powerweb’s DNSBL.de has a top 20 providers list on its main page by spam volume based on the ASN (Autonomous System Number) which is used to identify a network by the Internet Protocol addresses authorities.

Advertisements


3 Responses to “Telefonica.es (AS3352) #1 on Spamhaus ISP SBL”

  1. 1 nycbuygirl

    I keep getting this ip address as searching a page that is limited to just me, i have tried to see if it is a false IP address, everytime this telefonice de espana comes up it is with a different IP address. Is this someone using a third party to get into my site?
    Can you help me?

    11.Red-79-146-214.dynamicIP.rima-tde.net
    IP Address 79.146.214.11 [Label IP Address]
    Country Spain
    Region Andalucia
    City San Roque
    ISP Telefonica De Espana
    Returning Visits

    • 2 reportscams

      Sorry to not see your post earlier, I only update this blog roughly once a month. I am not sure what you mean. What is the IP doing? 79.146.214.11 Is it in your log files or in a search engine results? Either way it sounds potentially malicious or compromised. When I searched the IP in MXToolbox.com, only Spamhaus Zen was blacklisting it due to: “End-user Non-MTA IP addresses set by ISP outbound mail policy” Now that a lot of time has passed since your post, did you find the answer?

  2. 3 nycbuygirl

    this person keeps logging into a page of mine on flickr that is private…i have changed my password and they are still getting in to it.

    251.Red-83-63-185.staticIP.rima-tde.net
    IP Address 83.63.185.251 [Label IP Address]
    Country Spain
    Region Andalucia
    City San Fernando
    ISP Telefonica De Espana
    Returning Visits 0
    Visit Length Multiple visits spread over more than one day
    VISITOR SYSTEM SPECS

    the isp is always the same but the ip address is different. how can i tell if this is a valid address or someone is hacking in to my stuff


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: