Getting very close Sorbs implemented a spamtrap as follows:
Netblock: 203.87.155.0/24 (203.87.155.0-203.87.155.255)
Record Created: Sun Dec 24 00:28:08 2006 GMT
Record Updated: Sun Dec 31 18:41:45 2006 GMT
Additional Information: spamvertised gefraing.com. 5M IN A 203.87.155.69
Currently active and flagged to be published in DNS
So it may very well be this person is getting by the trap by changing their message ID. I really want this persons name and address. So the authorities can bust their door down.
I ran a check on all domains residing on the server using the swiss army knive. I know the answer lies somewhere in the posts already made. Man is this fustrating!
The domains you listed are all using the Apache Web Server on Red Hat Linux.
greek39