Blocking ColoCrossing Spam
Being a strong advocate of an open internet, I did not think I would one day be in favor of blocking off entire IP ranges. Having been under an aggressive spam attack by customers of a severely disengaged provider for about a week now, I see no other alternative for now.
I have sent 50+ spam reports via SpamCop to ColoCrossing which so far have been ignored in their entirety. This is not something a responsible provider of network services does. Having researched the company on the internets, it quickly became apparent that they are entangled in the business of sending spam email from as far back as 2010. At the time of writing, a whopping 76.25% of all messages coming from ColoCrossing IP ranges are considered spam. Several other sources also verify my suspicions about the provider. As abuse reports appear to be unsuccessful in resolving the issue, I just escalated to the nuclear option: blocking all of AS36352 for all mail servers on my networks.
This is very unfortunate. The strain put on the servers by an unrelenting onslaught of spam messages (they are responsible for close to 50% of all incoming spam email on my systems) leaves me with no other workable options for the time being.
To get all CIDRs for this provider, look up AS36352 here or just use the commands listed below.
whois -h whois.radb.net -- "-i origin AS36352" | grep '^route:' | awk '{print $2}'
whois -h whois.radb.net -- "-i origin AS36353" | grep '^route6:' | awk '{print $2}'