Recap: In How To Shake Fleas Off Your Mail Servers, we told you how, by simply changing the IP address of our email gateway, we exposed the IP address ranges used by some very aggressive email… marketers. We started tracking PactWeb-related sites. The more we dug the dirtier we got. Our shovels: Openrbl and Whois Source.

A reverse IP lookup on pactweb.com at Whois Source was revealing. Eighty six urls use 216.219.109.135. Here’s a taste: booleanstrategies.com, boolstratab.com, boolstratbc.com, crysholab.com, crysholbc.com, crysholcd.com, crysholde.com, crystalholdings.com, estratbc.com, estratcd.com, estratde.com, estrategics.com, pactab.com, pactbc.com, squibab.com, squibbc.com, squibnetworks.com, squibno.com, winsomab.com, winsombc.com, winsomcd.com, winsomgroup.com, winsommn.com, winsomno.com. Of course, none are listed by DMOZ or Yahoo.

To find the outside edges of the PactWeb range, we consulted our firewall logs. Within the “216.219.109.0″ family, failed SMTP connects ran from 216.219.109.135 to 216.219.109.230 (or pactweb.com to squibno.com). Openrbl reported addresses immediately below 216.219.109.135 as “unresolved”.

At 216.219.109.236 (ap.accip25.com), we tripped over another interesting operation, whose base domain, accip25.com reversed to 216.219.109.89. A partial word search with Whois Source Domain Explorer revealed a range of urls starting with “accip”, from accip01.com to accip55.com. Every url we checked was registered to Accipter Marketing, Inc. Several fell in a different IP group: 64.28.85.30 - 64.28.85.106. (On the outside edges of that group, there’s yet another outfit, using variations on “esmgifts”, but we’ll save that for another day.)

Our curiosity got the better of us. We checked all the way up the C Class. Cypher Marketing had 216.219.109.237 - 254, with domains that included kool-offers.net, best-offerings.net and netspecialoffers.net. The base domains all reverse to 216.21.229.197, which is shared by over 240,000 other “parked” urls.

Upshot: We ran out of time. At the firewall, we blocked 216.219.109.1 - 216.219.109.254 and 64.28.85.30 - 64.28.85.106. As we get time to track down the other leads, we’ll let you know. Call us lazy.