Spam Wars - on the trail of a serious spammer

By Steve on May 19, 2006 2:24 PM | | Comments (1) | TrackBacks (0)

I think I'm going to have to start a new category for these spam wars posts - there are getting to be so many!

Today I would like to report to you all a small success. Remember that domain mail-2204vf49.co.uk that had it's address details hidden as it was registered to a non-trading individual who had opted out of displaying details in the registry? I spoke to nominet about that and they said if I could send them evidence that the domain was actually registered for a trading reason then they could 'correct' the opt out declaration and show the details (only non-trading individuals can opt out of the registry). I sent them a fax explaining the history of spam from this domain and extracts from my server log files and they agreed that the domain is really being used commercially. So here it
is, the owner of the spam sending domain is: [begin fanfare]

Domain name:
mail-2204vf49.co.uk

Registrant:
Tony Slater

Registrant type:
UK Individual

Registrant's address:
du-pont house
Cranbrook
GH56 9JH
GB

WAIT!!! STOP THE FANFARE!!! ... there's something fishy about that address. Like no street name... and I don't live far from Cranbrook and I happen to know that Cranbrook is in the TN postcodes, not GH. The Royal Mail website doesn't even recognise the GH postcode.

What next? Well, I've sent Nominet an email asking what to do when an address is false in the registry. I think I'll give company "T" another phone call as well. The man there admited sending us the spam though this domain, so perhaps he'll tell me who owns it (perhaps I'm giving the benefit of doubt to often, but hey, perhaps they could have accidentally registered the name with completely incorrect details......)

.

Categories:

0 TrackBacks

Listed below are links to blogs that reference this entry: Spam Wars - on the trail of a serious spammer.

TrackBack URL for this entry: http://mt.steveroot.co.uk/mt-tb.cgi/92

1 Comments

Will said:

Yeah, well I doubt nominet will do much, they aren't the most er....helpful of organisations really!

Talking of spam, my mail server is getting very well trained nowadays, seems to be refusing about 99% of spams and it is very rare for a legit email to be flagged. Agressive use of blocklists, SPF & Domainkeys seem to have helped a lot. Also, I have enabled tarpitting which delays spammers by adding a delay when more than 2 RCPT commands have been recieved in 1 session.
And the warning that I put on the server seems to stop a lot of the attempted relays too:

220-Frantic-Hosting.co.uk
220-Unauthorised access, including relay attempts are
220-prohibited through this server.
220-Any unauthorised relay attempts will be logged
220-and IP addresses blocked.
220-Relay attempts will be reported to the relevant
220-authorities, and blocklist keepers as required.
220-Strict spam filtering & blocklist checking policies
220-are in place on this server.
220-If you are on a dynamic IP address and your mails are
220-being blocked I suggest you use your isp's email server.
220-Tarpitting is in place on this server also, more than
220-2 RCPT commands in 1 session will incur delays.
220 Do not spam this server!

In my war against spam I seem to be winning.

The only issues I have had with blocking legit mails is misconfigured mail servers that are configured stupidly, in which case I inform the admin to fix it.

;-)

June 26, 2006 1:52 PM

Leave a comment

Search

About this Entry

This page contains a single entry by Steve published on May 19, 2006 2:24 PM.

Spam Wars - A busy day! was the previous entry in this blog.

Interesting Statistics for the new .eu domain is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

 

Powered by Movable Type 4.01