Telarin Posted May 21, 2008 Posted May 21, 2008 For those of you that aren't signed up with Knujon, they provided an interesting link in my reports this morning. By analyzing reports, they have rated the 10 worst registrars, based on the Proportion of spammed domains to total domains registered. Have a look here. I suggest we all boycott all of these registrars, as there is no reason for this level of irresponsibility from what is supposed to be an ICANN accredited registrar. http://www.knujon.com/registrars/
StevenUnderwood Posted May 21, 2008 Posted May 21, 2008 For those of you that aren't signed up with Knujon, they provided an interesting link in my reports this morning. By analyzing reports, they have rated the 10 worst registrars, based on the Proportion of spammed domains to total domains registered. Have a look here. I suggest we all boycott all of these registrars, as there is no reason for this level of irresponsibility from what is supposed to be an ICANN accredited registrar. Funny that Joker is on that list since SpamCop was originally registered through them until an (at the time) famous incident. http://www.julianhaight.com/jokerstupidity.shtml
ld650 Posted June 7, 2008 Posted June 7, 2008 For a while I was trying to document eNom's spam support on their wikipedia page, but one of their employees of their parent company (Demand Media) is on the friendly with a few wikipedia admins and has done a pretty decent job of scrubbing their page squeaky clean. A glance through the edit history is pretty revealing.
Merlyn Posted June 7, 2008 Posted June 7, 2008 For a while I was trying to document eNom's spam support on their wikipedia page, Enom's support or lack of it?
rconner Posted June 9, 2008 Posted June 9, 2008 Got a spam today (tracking link) calling out spam site at "heardgive dot cn." It was a botnet hosted domain (nslookup returned about 20 addresses). Here's what I got from domain-whois: $ whois heardgive . cn Domain Name: heardgive . cn ROID: 20071204s10001s42303010-cn Domain Status: ok Registrant Organization: theNoun Registrant Name: HimNil Administrative Email: goto[at]bedwoman.cn Sponsoring Registrar: 厦门åŽå•†ç››ä¸–网络有é™å…¬å¸ Name Server:ns0.nameedns1.com Name Server:ns0.renewwdns1.com Registration Date: 2007-12-04 21:00 Expiration Date: 2008-12-04 21:00 This is a pretty sorry registration record all the way around; you can't possibly make a case that this is any wise ICANN compliant. By the way, Systran gives the following translation for the "Sponsoring Registrar:" "Xiamen Chinese businessman prosperous times network limited company." Prosperous times, indeed. Limited, indeed. Sheesh. OK, ICANN, howz about these guys? -- rick
Farelf Posted June 10, 2008 Posted June 10, 2008 I have been complaining (in my usually shy and restrained way) about 厦门åŽå•†ç››ä¸–网络有é™å…¬å¸ - Xiamen group - in the SiteAdvisor reviews for months in relation to the endless succession of Google AdWords phishing sites they sponsor (and 广东时代互è”科技有é™å…¬å¸ - Guangdong - before them, though to the possible credit of the latter they may have stopped accepting the things). Forget about ICANN, this is the condoning or complicency in blatent criminality and, it's been going on for so long the same charge of corruption must surely apply to the regional government and perhaps to the PRC government as well. Though they may prefer to run with 'incompetence' for the usual political reasons. That and the fact that corruption in China can be a capital (no pun) offence - though I have the feeling that economic crimes against foreigners are more likely to be regarded as service to the state, call me unkind if you must. BUT, all that aside, I must say that is the most amusing set of fake registrant's data I have seen in many a day. No doubt it gave the registrar a few chuckles as well. The phish sites just use meaningless jumbles of letters (as are the domain names). No fun in them.
Devilwolf Posted June 17, 2008 Posted June 17, 2008 I've been going around with eNOM myself about all the spam sites with bogus contact info being registered thru their reseller Namecheap.com. When I faxed 10 pages of 30+ day old ICANN whois data problem reports that where unresolved. That finally got a response and they seem to be killing the domains, but so far have not taken action against namecheap's contrived ignorance. Anyone else have any experiences with Namecheap.com on the spam front? Almost all of the YAHOO SPIM I get comes from sites registered thru namecheap.
Farelf Posted June 19, 2008 Posted June 19, 2008 ...I've been going around with eNOM myself about all the spam sites with bogus contact info being registered thru their reseller Namecheap.com. When I faxed 10 pages of 30+ day old ICANN whois data problem reports that where unresolved. That finally got a response and they seem to be killing the domains, but so far have not taken action against namecheap's contrived ignorance. ...To go a little O/T - I suppose namecheap can always change services but maybe complaints to the referral service shouldn't be overlooked as another way to gain their attention. H:\>whosip -r Namecheap.com WHOIS Source: ARIN IP Address: 216.180.235.117 Country: USA - Georgia Network Name: GNAXNET Owner Name: Global Net Access, LLC From IP: 216.180.224.0 To IP: 216.180.255.255 Allocated: Yes Contact Name: Global Net Access, LLC Address: 1100 White St SW, Atlanta Email: engineering[at]gnax.net Abuse Email: abuse[at]gnax.net Phone: +1-404-230-9150 Fax: ... # ARIN WHOIS database, last updated 2008-06-18 19:10 Global Net Access, LLC abuse[at]gnax.net GNAX TOS doesn't get specific but ...Customer will not, and will not permit others to, use any Service(s) (i) for any unlawful or illegal purpose or in connection with or in furtherance of any unlawful or illegal activity, (ii) in violation of any applicable law or regulation, (iii) in a manner that will, or is likely to, infringe the copyright, trademark, trade secret or other intellectual property rights of others or violate the right of privacy, publicity or other personal rights of others, or (iv) in connection with any conduct or activity that is, in the sole opinion of GNAX, defamatory, indecent, obscene, offensive, threatening, abusive, hateful, tortious or violative of the rights of any other person or entity;...certainly covers some possible grounds.
Devilwolf Posted June 19, 2008 Posted June 19, 2008 Well its looks like the Yahoo Spimmer has moved to a new register after eNOM started killing his domains with 20 mins of me reporting them. He is now using estdomains. Maybe that article has put some fear into eNOM as a US company.
rconner Posted June 19, 2008 Posted June 19, 2008 Well its looks like the Yahoo Spimmer has moved to a new register after eNOM started killing his domains with 20 mins of me reporting them. He is now using estdomains. Maybe that article has put some fear into eNOM as a US company. Awesome. I looked at some of these domains myself, and they are looking like the Wicked Witch of the West when the house fell on her. Good job! -- rick
Devilwolf Posted June 19, 2008 Posted June 19, 2008 As much as I hate the spam, its kind of fun peeling back the layers. A lot of the SPIM has been advertising a dating site in florida... Registered with a real address, but fake ph#... Today I had the inspiration of running the domain owner's name thru the Dept of Corp site in Florida, and low and behold she filed her corporation papers with her correct home ph#. Call the number, and the women who answered did not say I had the wrong number when I asked for the women named, but when I told her I was calling about spam, she then denied that she was the person listed. I think she is just a front for the real owners here in California, but I'd guess she is not gonna be happy about her boss' spam victims having her home ph#.
Devilwolf Posted June 26, 2008 Posted June 26, 2008 estdomains should be added to the worst list. When I finally beat the SPIMMER off Namecheap and ENOM he moved to estdomains. When I sent estdomains the same proof of SPIM reports that eNOM would act on, here is that they said (after taking a week). Hello, Kindly note that Estdomains is the Domain Registrar, not the hosting company, thus, according to the ICANN rules, we are dealing only with the domains, which are involved in Email spam, child pornography distribution, or display Inaccurate Whois Information. We ask you not to send us any letters regarding the domains registered with us, which are involved in any other type of activity. The responsibility for such domains is on their hosting company, thus, you should better write them. You can find this information using different web-services, we recommend you to use http://www.whois.sc/, it gives you all information about hosting company when you search for a domain and after that click on IP address at the right of the page. Regards, Abuse Team Estdomains appears to have no AUP, and is listed in some reviews as being the register of choice for scammers next to Joker.
btech Posted June 26, 2008 Posted June 26, 2008 I use the Complainterator for the domain and nameserver reporting... love it.
Devilwolf Posted June 29, 2008 Posted June 29, 2008 Maybe Estdomains has a lurker on here, as they promptly emailed me after I posted that, and killed the domain. Complainterator seems to blow chunks on my computer, may it doesn't like Firefox 3
DavidT Posted July 4, 2008 Posted July 4, 2008 All this week, I've been battling a steady stream of spams hitting my wife's email address (which then forwards to a SpamCop email account). Almost 100% of them were spamvertising products/scams on domains registered at MONIKER, which was #6 on the KnujOn list (but 2nd highest for site volume, and 1st for innaccuracy count). All of the spams originated on IPs belonging to Krypt.com, a webhost in Southern California, but from somewhere around 50 unique IPs, rather than just a few. All of the domains/websites are hosted by E-insites.com of Washington. I processed SpamCop reports on all of the items, and then called Krypt.com a few days into the spam run to see if they had a clue. They told me that spam reports shouldn't be going to their "hostmaster" or "info" addresses, but rather to "abuse" at either Krypt or VPLS, their parent company. I then added that address to my subsequent reports, and even sent a bunch of items directly to them, but the spamming continued, unabated. So, I posted negative messages on WebHostingTalk.com about the spamming coming from Krypt, and because they advertise there regularly, one of their reps got wind of my post and rose to their defense ("we have White Hat status from SpamHaus," yada yada...). I kept up the pressure until he agreed to private communications about the problem and after going through the usual excuses ("we notified the customer, but they have 48 hours to respond"), action was finally taken and the spamming seems to have stopped. I also sent "To Whom It May Concern" warnings to E-insites and to the owner of Moniker (Monte Cahn), advising them that I've seen lawsuits against them and would be willing to join in and testify about their apparent "bulletproof spam hosting" arrangements. I doubt they'll respond, but it's fun tweaking their beaks. In any case, I think Krypt was very cooperative and killed the account(s) responsible for the actual transmission of the spam, so this is at least a partial "confirmed kill." Part of my success with Krypt was that before my reporting, their SenderBase/IronPort reputation was "good" but after a few dozen of my reports, I saw it degraded to "neutral." They seemed interested in protecting their server reputation. DT
g4mby Posted July 6, 2008 Posted July 6, 2008 Anyone else have any experiences with Namecheap.com on the spam front? A few months ago I found several domains used for spamming had been dumped in the Namecheap Marketplace, for sale at around $5 to $15. As far as I could see they were first registered at Namecheap and not transferred in. The common link was that they were all for sale by the same Namecheap user whose user-name revealed some interesting references when searched for in Google. What surprised me was the implied size of the spamming operations that some of these domains had been used for. The SenderBase site confirmed some of my findings. These domains should of course been killed rather than made available to an innocent party wanting to pick-up a cheap domain with an attractive name. I now look at Namecheap in a slightly different light.
Devilwolf Posted July 9, 2008 Posted July 9, 2008 [at]g4mby Should post your namecheap story on the "Namecheap supports spammers?" thread on webhosting talk... The Owner of NC hang out on there, and he has such entertaining temper tantrums when people post about she spammy clients. [at]davidT - read your posts on WHT... Great! I've found posting on WHT is often a good way to either get some humor, or occasionally shame a reg/host into taking action. They really seem to hate anti-spam activists over there.
DavidT Posted July 10, 2008 Posted July 10, 2008 [at]davidT - read your posts on WHT... Great! I've found posting on WHT is often a good way to either get some humor, or occasionally shame a reg/host into taking action. They really seem to hate anti-spam activists over there. I'm getting that impression...but I don't care if they like me, as long as my postings either elicit positive response from recalcitrant/irresponsible hosts, or shine some light on spam-friendly hosts. I've got a new one today....I think I'll post a new topic here, since it's not specifically registrar-related. DT
Devilwolf Posted July 15, 2008 Posted July 15, 2008 Dynadot in San Mateo CA seems to be a spam/spim friendly anonymous register. Here is their reply to the Better Business Bureau in regards to SPIM for a domain that they allow to hide behind their proxy service. Contact Name and Title: Dynadot Staff Contact Phone: (650)585-1961 Contact Email: abuse at dynadot Hello, First of all, please note that Mr. ______ is not our customer. He does not have a Dynadot account with us. Mr. Falk is submitting a complaint against the actions of our customer, Mike Smith, who has registered zonebone dot com with Dynadot. Also, this complaint is in regards to a Yahoo IM (instant message) 'spam' message. The current laws state that spam is a bulk and unsolicited email message. There are no laws concerning IM 'spam' messages. Furthermore, Dynadot has no control over Yahoo's IM service. Shouldn't Mr. Falk be submitting a complaint against Yahoo! since he is technically a customer of their instant messaging service? We ask that the BBB dismiss this case completely since it appears that Mr. Falk is submitting his complaint in regards to the wrong company. Best Regards, Dynadot Staff Does it appear to my fellow readers that Dynadot has just admitted to allowing its customer to spam, and is unrepentant about it? zonebone Registrant: Mike Smith c/o Dynadot Privacy PO Box 701 San Mateo, CA 94401 US Mike Smith may be the spammer, but his business address is Dynadot, and Dynadot is getting paid to hide his real address and contact info.
rconner Posted July 16, 2008 Posted July 16, 2008 Does it appear to my fellow readers that Dynadot has just admitted to allowing its customer to spam, and is unrepentant about it?Their response certainly points in that direction, but domain registrations are, as always, very squishy things. I assume you have tried quoting Dynadot's TOS back at them. I loooked at the Dynadot TOS (which is here), and it is certainly up to snuff as these policies go. They say that they may suspend services to any customer who uses their services "...in association with morally objectionable activities," which are denoted with an open-ended definition that includes "...the transmission of unsolicited mail or 'spam' (or) activities that ... defame, slander, harass, embarrass, threaten, abuse, or harm third parties." One might well put continued IM spamming into one or more of these buckets. This definition doesn't even seem to require that the immoral activities be carried out directly using Dynadot resources (e.g., mail hosts), which is pretty comprehensive as spam policies go. Of course, they have given themselves an out by saying that they "may suspend" (not "will suspend") violators of the policy. If "Mike Smith" is a long-time customer without much history of complaints, or perhaps the beneficiary of a "pink contract" with Dynadot, it could be hard to get Dynadot to dislodge him as a practical matter. Their claim that you need to take this up with Yahoo might be defensible by analogy with SMTP spam (because as far as I know IM, Yahoo actually is the "spam source" -- as well as the sink -- of the offending IM messages). However, the fact that Yahoo may also be responsible does not let Dynadot or its registrant off the hook, especially given the comprehensive wording of Dynadot's TOS. It's their policy, they wrote it, they should carry it out or else stand in breach of it. The business about IM not being e-mail is a bit disingenuous on their part, and might be an avenue worthy of further pursuit. "Electronic mail" is a descriptive term, not a defining one: it could apply to dinosaurs like X.400 or PROFS, or proprietary systems like MS Exchange, just as well as it does to SMTP. One can even put SMS and IM into this category without much mental effort. I took a look at CAN spam to see whether there might be a crisp definition of "email message" (i.e., one that might include SMTP but exclude IM, SMS, or the like), but I didn't find one, so the lawyers and their expert witnesses could choose up sides to argue as to whether an IM is or is not an electronic mail message. To me, however, saying that IM isn't a form of electronic mail may be setting up a distinction without a difference (as my semantics prof used to say). To sum up, I'd argue that the continued IM spamming constitutes "morally objectionable activity" under one or more clauses of Dynadot's own published TOS, so the onus is on Dynadot to show why they need not enforce the TOS on the registrant. Nor does their claim that "IM is not e-mail" stand much scrutiny (at least not where CAN spam is involved). -- rick
Farelf Posted July 16, 2008 Posted July 16, 2008 ...Does it appear to my fellow readers that Dynadot has just admitted to allowing its customer to spam, and is unrepentant about it?...No question about it. But they are saying it is legal/lawful which may be the case (though the line between spim & spam ... is pretty nebulous with 'convergence' and all)....Mike Smith may be the spammer, but his business address is Dynadot, and Dynadot is getting paid to hide his real address and contact info.IIUC a registrar may 'proxy' for a registrant but is then responsible (to all intents and purposes *is* the registrant). But 'Dynadot Privacy' (along with PrivacyProtect.org and others of like nature) don't quite do that - they supposedly just protect the data from misuse/scraping. Until shown to do otherwise - and to do 'otherwise' in a systematic or habitual way, I suppose. In practice of course, they surely are mere refuges for many spammers - and (who knows?) maybe some few 'legitimate' persons of a 'retiring disposition'. I get the impression that the Dynadot people are quite adept at skating on thin ice. Unfortunately it is not hard for such mavericks to be smarter than the legislators and other 'rule makers'.
Devilwolf Posted July 16, 2008 Posted July 16, 2008 Well correct me if I'm wrong, but email does seem to imply that a sender has some level of legal right to send their data thru another company servers. When I email mom, I don't have to agree to a TOS/AUP for every computer my email crosses - just my ISP. But in order to send an IM, you have to have an acct with an IM provider, and most IM providers have policies that prohibit SPIMming, BOTnets, auto-responders, using automated CAPTCHA breakers. So the spimmer is accessing a computer that they don't have permission to access, which should make the act of spimming a form of illegal computer access. It would be nice if Yahoo got off their ass, but they are on verge of bankruptcy or waiting to be acquired by someone, so they have probably fired the one guy working the abuse desk... they have never shown the level of aggressiveness against spammers that microsoft, AOL and even Earthlink have. But even if spimming is "legal", I think dynadot screwed up by allowing some abuse desk jockey to answer my compliant with the BBB in such a off handed way, since it shows willful blindness, and they have not yet gotten the complaints I filed with the CA attorney general office. I'm playing up the "what about the children" angle with them, because the sites that spimmer advertises have XXX porn right on the welcome screen, and we all know that chldren's heads explode when they see porn (and our Gov Terminator has his panties in knot about child porn right now, he is looking for companies to bully similar to how the NY AG made all the major ISP (RR, AOL, AT&T, Sprint) eliminate Usenet access last month). Also if I state that I'm not satisfied with their response (which I'm not) it counts as a black mark with the BBB (and they are a paying member). Bill Smith can't be that important a client, he is a new client, started with them on July 1st after I drove him off Namecheap, eNOM, and Estdomians, but I guess times are tough, and every spam Dollars counts. Oh Dynadot is in San Mateo, CA. That is also the regional HQ for the US Postal Inspectors... I wonder if Dynadot has a CMRA permit
Devilwolf Posted July 16, 2008 Posted July 16, 2008 There is an article today in the LA Times about Demand Media, which owns eNom. Its seems we're seeing the same revolving door of spammers and spyware distributors who get caught, get a slap on the wrist, and then "re-invent themselves". Demand Media is run by Richard Rosenblatt who has had... brushes with controversy. The Federal Trade Commission sued IMall (founded by Rosenblatt) and two other founders -- but not Rosenblatt -- in 1999, accusing them of misleading customers with unrealistic tales about the money they could earn selling ads on their Web pages. In 2005, then-New York Atty. Gen. Eliot Spitzer sued Intermix (run by Rosenblatt), alleging that it conned millions of consumers into installing ad-spewing spyware on their computers. Both of those cases settled for millions of dollars without admissions of guilt. Still pending is a suit brought by Intermix investors who say Rosenblatt and other directors sold the Los Angeles company to News Corp. too cheaply because of sweetheart deals that included accelerated stock-option vesting and indemnification for any alleged misdeeds. Rosenblatt said he was proud of the price he won for a company with a 2004 market value of $70 million. Big Business loves spammers its since Demand Media has gotten Oak Investment Partners invested in 2006, as did Spectrum Equity Investors. Goldman, Sachs & Co. joined them in 2007. Their stakes value the company at $1 billion, and they hope to sell stock to the public next year. We really need to work up the social stigma of being a spammer/malware distributor to at least that of pedophile... Although his desire for Venture Capital is probably why one of Rosenblatt;s minions at DM was so quick to kill off 20+ spammer domains when I started threaten to file regulator complaints.
ugnn Posted July 18, 2008 Posted July 18, 2008 ...but I don't care if they like me, as long as my postings either elicit positive response from recalcitrant/irresponsible hosts, or shine some light on spam-friendly hosts. Careful how and where you post. I posted to CastleCops following the KnujON post "Should KnujOn back off of rogue registrars" I gave a resounding YES, and followed with several links to my articles ANTI-spam, ANTI-KITING, ANTI-DOMAIN TASTING Several hours later one of my domains was knocked out, and I had to sift through 5,845 spams which were received in a 1-hour period. Lost two days of email sorting things out. Not a pretty sight. :angry:
Recommended Posts
Archived
This topic is now archived and is closed to further replies.