Jump to content

http://www.refifast.biz not reported by SC


victory3x3

Recommended Posts

Posted

These hosers have been sending out spam for weeks now, and yet SC doesn’t seem to consistently report the site to anyone. ?

http://www.samspade.org/t/lookat?a=http%3A...ww.refifast.biz

Shows data can be found on them

Only intermittently SC sends reports to:

1075557751 ( http://www.refifast.biz/aff/affiliate.php?uid=53 )

To: nospam[at]hanaro.com

1075557740 ( http://www.refifast.biz/aff/affiliate.php?uid=53 )

To: spamrelay[at]certcc.or.kr

The rest of the time SC completely ignores the site. ?

Any idea why the inconsistency? They are obviously in the business of mass-spamming. I'd love to see them lose their resources.

Posted

Sometimes the spamcop.net parser does not detect links, so it does not file a report.

Cancelling and resubmitting sometimes works better.

There are some web hosts that ignore spamcop.net reports, and based on what you have provided, this web site is on one of them.

As web site reports do not feed the blocking lists, it really does not seem to matter if a report is sent to an ISP that ignores spamcop.net complaints or not.

According to posts on news.admin.net-abuse.email, the SpamAssasin 3.0 Beta knows how to lookup the I.P. addresses of web sites againsts the sbl-xbl.spamhaus.org which allows the detection of this type of spam.

In most cases the web site that the spammer is using is already listed in the sbl-xbl.spamhaus.org.

If you really want to damage the web sites, learn about how to use the whois tools on the internet to look up the owner record of the domain being spamvertised.

Those records are required to be accurate, and the domain registrar is required to suspend the domain if they are not. Other spamfighters have reported success in getting domains removed.

And if you go that route, concentrate on domains that are used for the DNS servers for spammers.

In this case the domain is a U.S. domain, so if the spam was not compliant with the U.S. can-spam law, and the domain registration is accurate, than if you are also in the U.S. it should be a trivial case for your ISP or the your State Attorney general to file charges against them. If the registration is wrong, then you should be able to get the domain suspended.

-John

Personal Opinion Only

Posted

One of the latest spams from refifast.biz was missing the quotes on the URLs in the HREF tags (quoted-printable encoding). Interestingly all the IMG tags had the quotes. The SC parser did not find any of the HREF tags. Inserting the quotes fixed that problem, but it might be pointing to a bug in the parser. Off the top of my head, I don't recall whether the quotes are required by the HTML spec.

Posted

Often the parser will claim no links were found but if you simply reload the page to reprocess it, it will find them. It's still a nuisance, and you often don't know if only some links are missed.

A lot of things work in html for one or more kinds of browser but which are not part of one of the many standards. If a link is live and works in some email html display it should be reported. If it is not live but displays a functioning spam domain it should still be reported.

Reporting spammers to domain registrars has mixed results. Sometimes they pay attention but often don't bother. One type of spam domain that can occasionally be removed that way is a .us top level domain name with a foreign registrant address. Sometimes even a resistrant's foreign email is phony, and that is grounds enough for canning the domain name.

You can also sometimes get the spammer's domain registration address removed by his ISP, then go after the domain, but it is often difficult or impossible to get the ISP to pay attention to the complaint; they filter out and trash all complaints without their IP address in the headers because they don't want to bother with forged From addresses. Likewise for functioning spammer addresses in the body of the spam. It's of course impossible to get anyone to pay attention to your explanation because they don't even look at your attempts to communicate with them. It's the email equivalent of telephone menu maze operators trained to be a barrier between customers and anyone with responsibility on anything they don't want to bother with ("let me transfer you" -- infinite hold -- dead line -- start over in menu maze, etc.). There should be a way to blacklist ISPs who ignore such complaints.

Posted
Inserting the quotes fixed that problem, but it might be pointing to a bug in the parser.

Please note, it is against spamcop rules to modify the spam in any way in order to find links it would not ordinarily find.

Posted
Inserting the quotes fixed that problem, but it might be pointing to a bug in the parser.

Please note, it is against spamcop rules to modify the spam in any way in order to find links it would not ordinarily find.

...Is that really true? I thought the prohibition was only against submitting reports of such modified spams.

Posted

Actually, Steve T. is more accurate than I was. You can modify the spam to get it to parse, but if you hit the Submit reports button, you are breaking the rules.

Posted
Actually, Steve T. is more accurate than I was.

<snip>

...Oh, boy, now we're all going to get to see hell freezing over! :D <g>

Posted

I've got some good news...www.REFIFAST.BIZ has been suspended. Look at the email I received from GoDaddy.com on 22 June...

Thank you for contacting the GoDaddy.com spam and Abuse Department.

We have suspended the REFIFAST.BIZ domain name for violations of our

spam and Abuse policies. Please allow 24-48 hours for this action to take

full effect.

Sincerely,

spam and Abuse Department

GoDaddy.com

Take a look at the WHOIS info now...

Domain servers in listed order:

NS1.SUSPENDED-FOR.spam-AND-ABUSE.COM

NS2.SUSPENDED-FOR.spam-AND-ABUSE.COM

YEEHAH (for now).

:lol:

Now if I can only get dvdsforabuck.com to leave me alone...

:angry:

Jeanine

Posted

Congrats Jeanine !!!!! These kinds of feedback messages are just so special <g> Though suspecting that you weren't the only person reporting this issue, you must take credit for aiding and assisting for sure. A job well done. Thanks for the work and the feedback <g>

Posted

Well, I've got bad news...

The person who was behind the REFIFAST.BIZ is under another domain (and registrar). It is called REFIDIRECT.INFO under gandi.net. I'm getting slammed with spam. What the hell do I do now?? It's like this guy jumps from registrar to registrar with the frequency of a cheap ham radio...

WHOIS INFO

Domain ID:D5995848-LRMS

Domain Name:REFIDIRECT.INFO

Created On:15-Jun-2004 22:12:59 UTC

Expiration Date:15-Jun-2005 22:12:59 UTC

Sponsoring Registrar:R191-LRMS

Status:ACTIVE

Status:OK

Registrant ID:C4845072-LRMS

Registrant Name:Olson Financial Services, SA

Registrant Organization:James Olson

Registrant Street1:424 E. Central Blvd, #3304

Registrant City:Orlando

Registrant State/Province:Florida

Registrant Postal Code:32801

Registrant Country:US

Registrant Email:d1a57c2fab110c850b8d14fd735356ac-851951[at]owner.gandi.net

Admin ID:C4844981-LRMS

Admin Name:James Olsen

Admin Organization:Olsen Financial Services, SA

Admin Street1:424 E. Central Blvd., #3304

Admin City:Orlando

Admin State/Province:Florida

Admin Postal Code:32801

Admin Country:US

Admin Phone:+1.3212068203

Admin Email:olson[at]tcfbmail.com

Billing ID:C1249598-LRMS

Billing Name:CONTACT NOT AUTHORITATIVE see http://www.gandi.net/whois

Billing Organization:GANDI sarl

Billing Street1:see also whois.gandi.net

Billing City:Paris

Billing Postal Code:F-75003

Billing Country:FR

Billing Email:support[at]gandi.net

Tech ID:C1249598-LRMS

Tech Name:CONTACT NOT AUTHORITATIVE see http://www.gandi.net/whois

Tech Organization:GANDI sarl

Tech Street1:see also whois.gandi.net

Tech City:Paris

Tech Postal Code:F-75003

Tech Country:FR

Tech Email:support[at]gandi.net

Name Server:NS1.REFIGROUP.INFO

Name Server:NS2.REFIGROUP.INFO

Posted

That sucks ... you noted GoDaddy's remarks as being dated 22 June, yet this new listing shows;

reg_created: 2004-06-15 22:12:59

expires: 2005-06-15 22:12:59

created: 2004-06-16 00:13:01

changed: 2004-06-16 00:13:01

Looks like they were ready for the GoDaddy whacking. Or possibly like the Ralsky mode of operation, burn a half-dozen domain names a day ..???

Posted

The wonderful people who brought us REFIFAST.BIZ and REFIDIRECT.INFO has another spam-filled domain called WEBREFI.INFO. Got more spam...guess I really pissed him off...I don't know why... B)

Questions: Why is Gandi supplying the tech and billing support for them and what exactly does "CLIENT HOLD" mean? Suspended or just a slap on the wrist from the principal?

Domain ID:D5995849-LRMS

Domain Name:WEBREFI.INFO

Created On:15-Jun-2004 22:13:02 UTC

Last Updated On:23-Jun-2004 15:54:19 UTC

Expiration Date:15-Jun-2005 22:13:02 UTC

Sponsoring Registrar:R191-LRMS

Status:CLIENT HOLD

Status:OK

Registrant ID:C4845072-LRMS

Registrant Name:Olson Financial Services, SA

Registrant Organization:James Olson

Registrant Street1:424 E. Central Blvd, #3304

Registrant City:Orlando

Registrant State/Province:Florida

Registrant Postal Code:32801

Registrant Country:US

Registrant Email:d1a57c2fab110c850b8d14fd735356ac-851951[at]owner.gandi.net

Admin ID:C4844981-LRMS

Admin Name:James Olsen

Admin Organization:Olsen Financial Services, SA

Admin Street1:424 E. Central Blvd., #3304

Admin City:Orlando

Admin State/Province:Florida

Admin Postal Code:32801

Admin Country:US

Admin Phone:+1.3212068203

Admin Email:olson[at]tcfbmail.com

Billing ID:C1249598-LRMS

Billing Name:CONTACT NOT AUTHORITATIVE see http://www.gandi.net/whois

Billing Organization:GANDI sarl

Billing Street1:see also whois.gandi.net

Billing City:Paris

Billing Postal Code:F-75003

Billing Country:FR

Billing Email:support[at]gandi.net

Tech ID:C1249598-LRMS

Tech Name:CONTACT NOT AUTHORITATIVE see http://www.gandi.net/whois

Tech Organization:GANDI sarl

Tech Street1:see also whois.gandi.net

Tech City:Paris

Tech Postal Code:F-75003

Tech Country:FR

Tech Email:support[at]gandi.net

Name Server:NS1.REFIGROUP.INFO

Name Server:NS2.REFIGROUP.INFO

Posted
The wonderful people who brought us REFIFAST.BIZ and REFIDIRECT.INFO has another spam-filled domain called WEBREFI.INFO

Just had someone posting over in the newsgroups this morning, doing her happy dance, as she'd just received her copy of the GoDaddy e-mail you referenced ... I felt so bad by posting that she needed to come over here and see how short your victory dance turned out to be <g>

what exactly does "CLIENT HOLD" mean

I would generally take it (also based on the dates involved in these last two domain registrations) that it would appear that more fuel has been added to the last suggested "Ralsky mode" ... the "client hold" at this point would suggest that this domain is just "parked" at present, such that it's not necessarily "active" .. probably just waiting for the second one you identified to get closed. Then this one will bet "turned on"

Why is Gandi supplying the tech and billing support

There are a number of hosting services these days offering a means of "hiding" the real owner and addresses of the actual domain holder/registrant, usually for a bit of an extra fee. In looking through Gandi's site last evening, I could get to "login" points for these accounts, but of course, not having the password <g> But there does seem to be some remote configuration capability allowed, which probably includes setting up DNS and such ...

Posted

I'll do another snoopy dance...please read the following from Gandi...

The domain webrefi.info was suspended by Gandi for violations of our

contract.

If AR41-gandi appears as technical and billing contact does not mean

that we are their hosting company.

For somes registries we cannot create one administrative technical and

billing contact for each domain;

For .ORG .BIZ .INFO .NAME and .BE domain names, the Whois displays

Gandi [*] for some contacts.

Some registries have limited the number of administrative, technical

and billing contacts. Moreover we need to standardize the contacts for

all the registries. Thus we have decided to send to these registries the

Gandi contact.

As the Whois is an extract from their databases, your domain name may

appear with some contacts associated to Gandi (except the registrant's

one).

It does not mean that you can not manage your domain: in Gandi's

database, we have registered your handle properly.

We have improved our Whois display. So you can see two things: the

registry's database and Gandi's database (whois -h whois.gandi.net format

for the experts).

[*] according to the registry:

AR41-GANDI for .ORG .BIZ .NAME .COM .NET

C1249598-LRMS for .INFO

ga457, ar962 and gb1738 for .BE

If you need to contact us again regarding the same issue,

please reply this message and leave the tracking number,

[225517-1088011322], in the subject of your e-mail.

Best regards,

Soraya

GANDI Support Team

I"ll just do a quick "YAY" before the other boot falls...

Posted
I"ll just do a quick "YAY" before the other boot falls...

That's a great plan, Jeanine ... if it's of any value, sharing your "YAY" has been a bright spot in the day! Thanks.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...