What does a spam network look like? How do I tell if a host is a spam operation?
Often a spam network will have a front that looks to be something legitimate. Not always, but often. I've found a great example of how spam networks can be hiding in plain sight, and wanted to share: https://xsserver.eu/
What you see here, XSServer GmbH, is in fact a completely spam network. Don't be fooled into thinking this is just a host with a spam problem. Were that true, there might be some good traffic coming from the network.
Take a look at some of these:
Some of them look more questionable like this one:
But even that /24 is entirely spam, zero legitimate email going out of it.
When you're looking at a network to see if it's somewhere you might want to host, the DNS tabs at bgp.he.net are very revealing. Look for huge lines of PTR records with "mail" or "mta" in the subdomain, and look for a lot of newer/cheap TLDs like .xyz, .online, and .casa.
The next time you're looking at a new hosting provider, keep this in mind. Be sure to not accidentally support a spam operation.