maxmillion Posted January 27, 2006 Share Posted January 27, 2006 Hi, I'm new to this forum though I have been a subscriber of the spamcop service for almost a year. I receive spam from a prolific spammer, who offers business seminars. I receive around 200 and rising every 4 to 10 days. I have a catchall email setup for my domain, and the spammer is exploiting that by sending to a[at]mydomain .com, then b[at]mydomain, then c[at] etc. You get the picture? Clearly these are not addresses I would use, and certainly would never have used them to register for anything anywhere. In addition, I run my business alone, so there are no other users of my domain email. The spammer sends html spam which I am loathe to open and report because I understand they can track them and thereby confirm the validity of an email addy. Consequently, I report two spams each time they arrive (and always the same To: address). I also use a service called Cloudmark SafetyBar which is now called Cloudmark Desktop. This enables me to mark the messages as spam without opening them. It is very effective in keeping my main inbox clear, but it doesn't stop the spammer when they change servers or domains or IP addresses. Now here's the thing. The spam being sent does not appear to be forged headers or some such. But they appear to be sent from a valid (and different!) domain each time. These domains are registered with a particular web host - and since I started tracking this, I have noticed the same details for each domain that has been registered; these are the four most recent; biteseminars.co.uk, bitereplied.co.uk, vf-businessmail.co.uk and now ukseminarcompany.co.uk. Each has the same or similar registrant - Paul Smythe or Paul Smith. All are registered with Registrant type: UK Individual All provide this disclaimer for Registrant's address: The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service. All have the same Registrant's agent: PIPEX Communications Hosting Ltd t/a 123-Reg.co.uk [Tag = 123-REG] URL: http://www.123-reg.co.uk And almost all are registered around the time of the spam - the latest, ukseminarcompany.co.uk has this date. Relevant dates: Registered on: 27-Jan-2006 Inside the mail they have a phone number to call in order to request removal. Of course they never answer that phone. The "office" address is a mailbox in a nearby village. Sorry, it is a long message... but nearly done And my query? 1) Why do they register as non-trading when they clearly are traders? Who polices nominet or the registration service? Have they not lied on their registration form? 2) If the Registrant's agent is the same in each case, surely they can refuse any additional domain registrations by the spammer? 3) and then share that information with nominet and other agents to prevent spammers like this from registering other domains for the express purpose of sending spam. 4) Could the registrant's agent be in cahoots with the spammer? I have provided detailed headers etc, but they respond with very inane and inappropriate answers, and have the attitude "It's nothing to do with us". 5) In addition, Trading Standards Dept for the area (where the spammers mailbox is) appear unwilling or unable to take action. So what should or could be done? I appreciate your answers and advice. I did read through the FAQ's but could find nothing similar. If anybody wants headers, body etc, I am happy to supply. Thanks Michael Hoeben in Milton Keynes, UK Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.