ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
The Register of Known Spam Operations
Suavemente/SplitInfinity/Innova Direct

Evidence Menu:

Suavemente/SplitInfinity/Innova Direct Index

Country: United States
State: CA
Operating under many names, Suavemente/ has provided spam support services for years. It offers the appearance of a normal ISP but--over and over again--it provides extensive services to spammers. Typical spam set-ups include large "snowshoe" ranges. Hijacked IP address space and GRE tunneling to "hide" the servers.

Suavemente/SplitInfinity/Innova Direct SBL Listings History
Current SBL Listings
Archived SBL Listings

MEDIA: blogger's experience with Taranto


Franklin Veaux's Journal

Anyone familiar with an outfit called Suavemente?

Aug. 15th, 2008 at 3:26 PM

So lately, my inbox has been flooded with an unusually large amount of spam This spam is advertising Web sites with URLs such as klhrvbhqw dot com, hyaiocgsk dot com, dcghffxba dot com, and ipwbquigi dot com -- you know, nonsensical domains made up of random letters, usually a sure bet that it's a throwaway spam domain the spammer plans to use once for a single spam run and discard.

All of these domains are hosted at the same ISP, an outfit I've never heard of before called Suavemente.

Now, two things about Suavemente scream "bulletproof spam host" to me. The first is they didn't bother to register the .com; their only URL is The second is that they're headquartered in the US, but their front page proudly screams High-speed offshore. In the world of ISPs, "offshore" normally means "we allow our users to violate American law, safe in the knowledge that their servers can not be subpoenaed or subject to American jurisdiction."

So at first blush, Suavemente stinks of "owned by spammers, run by spammers for spammers." However, I can't find them on the usual compilations of known rogue ISPs; they are listed in the ISP hall of shame <>, but that's about it.

And they respond to abuse complaints. They don't respond by shutting down their spammers, but they do respond nonetheless.

Return-Path: <>
Received: from ( []) by (v121_r2.11) with ESMTP id MAILINDA033-a8848a5c7f716; Fri, 15 Aug 2008 14:17:08 -0400
Received: from ( []) by (v121_r2.11) with ESMTP id MAILRELAYINDA088-a8848a5c7f716; Fri, 15 Aug 2008 14:16:23 -0400
Received: from ( [])
by (Postfix) with ESMTP id DF85A24F23E
for <>; Fri, 15 Aug 2008 11:16:19 -0700 (PDT)
Received: (from apache@localhost)
by (8.13.8/8.13.1/Submit) id m7FIGJ5m012091;
Fri, 15 Aug 2008 11:16:19 -0700
Message-Id: <>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/html; charset="us-ascii"
X-Mailer: MIME::Lite 3.020 (F2.74; T1.23; A2.02; B3.07; Q3.07)
From: "Suavemente Abuse Support" <>

Date: Fri, 15 Aug 2008 11:16:19 -0700
Content-Transfer-Encoding: quoted-printable
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_helo : n
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_822_from : +

Our customer was obviously not violating any regulation - they obviously got your email address from www.yourgiftpro [dot] com, i am not sure how much knowledge you have about regulations or permission based email, or if you actually read about legal email practices, i suggest you to re-read about it, grep about third parties, or opt out or call legal department, 801.316.0555 if you prefer by fax, 1-818-817-2100

Thank you.

Ariel Taranto
Thanks for using the help desk, if you have any further difficulties or are required to respond to your request, please login to the help desk

Now, several things about this strike me as weird. First, as anyone who's been reading this blog for any length of time knows, I'm about as likely to "opt in" to an advertising list at a place like yourgiftpro dot com as I am to shove a hot poker through my eyes.

Second, most spam-supporting ISPs just route abuse emails to /dev/null.

Third, it appears that our Mr. Ariel Taranto is awfully close to the spammers; his email would suggests that he believes, or he pretends, that he knows where the spammers got my email.

Fourth, the nonsensical domains being used by the spammers are, at least according to the Whois record, associated with a spam outfit calling itself pulsedemand dot com, a place entirely distinct from, and not even in the same state as, yourgiftpro dot com.

So. Is Suavemente a dirty, rogue ISP supporting spammers, or a clueless, kind of confused ISP inadvertently being played by spammers? Has anyone hard of Suavemente? What's the dirt on them in the anti-spam community?

Mood: aggravated

Tags: spam

(end quote)

Related URLs

The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is:

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy