Lately, we've been getting a lot of this medical billing stuff sent to our NOC account.



They all come from the same group of IPs, and SpamCop says the netblock owner (US LEC, who merged with PAETEC last February) doesn't accept abuse reports. So, doing a little more digging...

firefly:~ russ$ host 71.16.72.90
90.72.16.71.in-addr.arpa domain name pointer op14.officepubs.com.
 

Hmm, officepubs.com. They don't have a website, and barely any results from a Google search. In fact, it only shows up in some guy's blog where he publishes stats on the spam he receives. Not looking good.

So, checking further...

firefly:~ russ$ host officepubs.com
officepubs.com mail is handled by 0 op1.officepubs.com.
officepubs.com mail is handled by 10 op2.officepubs.com.
officepubs.com mail is handled by 20 op3.officepubs.com.
officepubs.com mail is handled by 30 op4.officepubs.com.
officepubs.com mail is handled by 40 op5.officepubs.com.
officepubs.com mail is handled by 50 op6.officepubs.com.
officepubs.com mail is handled by 51 op7.officepubs.com.
officepubs.com mail is handled by 52 op8.officepubs.com.
officepubs.com mail is handled by 53 op9.officepubs.com.
officepubs.com mail is handled by 54 op10.officepubs.com.
officepubs.com mail is handled by 55 op11.officepubs.com.
officepubs.com mail is handled by 56 op12.officepubs.com.
officepubs.com mail is handled by 57 op13.officepubs.com.
officepubs.com mail is handled by 58 op14.officepubs.com.
 

No A records and 14 mail exchangers? What legit organization would have a setup like that? I think we know the answer. It's probably safe to block these guys from sending us any more mail.