ROKSO Lists 10 Most Wanted Spammers

ROKSO Lists Most Wanted SpammersUp to 80% of spam targeted at Internet users in North America and Europe is generated by a hard-core group of around 100 known professional spam gangs whose names, aliases and operations are documented in Spamhaus’ Register of Known Spam Operations (ROKSO) database.

ROKSO is a “3 Strikes” register. To be listed in ROKSO a spammer must first be terminated by a minimum of 3 consecutive ISPs for AUP violations. IP addresses under the control of ROKSO-listed spammers are automatically and preemptively listed in the Spamhaus Block List (SBL).  For Law Enforcement Agencies there is a special version of this ROKSO database which gives access to records with information, logs and evidence too sensitive to publish here.

The “TOP 10 chart of ROKSO-listed spammers” is based on those whom Spamhaus views as the highest threat. They are the worst of the career spammers causing the most damage on the Internet currently.  Spamhaus flags these as a priority for Law Enforcement Agencies.

80% of spam received by Internet users in North America and Europe can be traced via redirects, hosting locations, domains and aliases, to a hardcore group of just 200 known spam outfits, almost all of whom are listed here in the ROKSO database and are operating illegally. These professional spammers are loosely grouped into gangs (”spam gangs”) and move from network to network seeking out Internet Service Providers (”ISPs”) known for lax enforcing of anti-spam policies.  These are the spammers you definitely do NOT want on your network.

Many of these spam operations pretend to operate ‘offshore’ using servers in Asia and South America to disguise the origin.  Those who don’t pretend to be ‘offshore’ pretend to be small ISPs themselves, claiming to their providers that spam is not being sent by them but by their non-existent ‘customers’. Some set up as fake networks, pirate or fraudulently obtain large IP allocations from ARIN/RIPE and use routing tricks to simulate a network, fooling real ISPs into supplying them connectivity. When caught, almost all use the age old tactic of lying to each ISP long enough to buy a few weeks more of spamming and when terminated simply move on to the next ISP already set up and waiting.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • StumbleUpon
  • del.icio.us
  • Slashdot
  • Technorati
  • Reddit
  • NewsVine
  • Facebook
  • Google
  • TwitThis
  • Mixx
  • Furl
  • Live
  • Ma.gnolia
This entry was written by Carl E. Reid and posted on November 25, 2008 at 5:12 pm and filed under Fighting spam, anti spam. Bookmark the permalink. Follow any comments here with the RSS feed for this post.

Related Posts

Leave a Reply