The blog of Steve Root

Spam Wars – on the trail of a serious spammer

I think I’m going to have to start a new category for these spam wars posts – there are getting to be so many!

Today I would like to report to you all a small success. Remember that domain mail-2204vf49.co.uk that had it’s address details hidden as it was registered to a non-trading individual who had opted out of displaying details in the registry? I spoke to nominet about that and they said if I could send them evidence that the domain was actually registered for a trading reason then they could ‘correct’ the opt out declaration and show the details (only non-trading individuals can opt out of the registry). I sent them a fax explaining the history of spam from this domain and extracts from my server log files and they agreed that the domain is really being used commercially. So here it
is, the owner of the spam sending domain is: [begin fanfare]

Domain name:
mail-2204vf49.co.uk

Registrant:
Tony Slater

Registrant type:
UK Individual

Registrant’s address:
du-pont house
Cranbrook
GH56 9JH
GB

WAIT!!! STOP THE FANFARE!!! … there’s something fishy about that address. Like no street name… and I don’t live far from Cranbrook and I happen to know that Cranbrook is in the TN postcodes, not GH. The Royal Mail website doesn’t even recognise the GH postcode.

What next? Well, I’ve sent Nominet an email asking what to do when an address is false in the registry. I think I’ll give company “T” another phone call as well. The man there admited sending us the spam though this domain, so perhaps he’ll tell me who owns it (perhaps I’m giving the benefit of doubt to often, but hey, perhaps they could have accidentally registered the name with completely incorrect details……)


.

Comments

4 responses to “Spam Wars – on the trail of a serious spammer”

  1. Nick

    I blame the opiginal registrar for not checking the details properly.

    In this case GLOBALREGISTRATIONSERVICES.COM in the US. they seem to be behind quite a few of these dodgy “companies” who send out spam.

    It seems to me that by being so negligent anyone could set up webistes and have e-mail capability. I suppose this is how criminals, pornographers and terrorists communicate in secret. Unfortunately companies like

    GLOBALREGISTRATIONSERVICES.COM

    don’t care enough to check the details and therefore are complicit in the supply of child pornography, the mass spamming of the internet and probably many other criminal activities from around the world. All this just for the money.

    Reply
  2. Will

    Yeah, well I doubt nominet will do much, they aren’t the most er….helpful of organisations really!

    Talking of spam, my mail server is getting very well trained nowadays, seems to be refusing about 99% of spams and it is very rare for a legit email to be flagged. Agressive use of blocklists, SPF & Domainkeys seem to have helped a lot. Also, I have enabled tarpitting which delays spammers by adding a delay when more than 2 RCPT commands have been recieved in 1 session.
    And the warning that I put on the server seems to stop a lot of the attempted relays too:

    220-Frantic-Hosting.co.uk
    220-Unauthorised access, including relay attempts are
    220-prohibited through this server.
    220-Any unauthorised relay attempts will be logged
    220-and IP addresses blocked.
    220-Relay attempts will be reported to the relevant
    220-authorities, and blocklist keepers as required.
    220-Strict spam filtering & blocklist checking policies
    220-are in place on this server.
    220-If you are on a dynamic IP address and your mails are
    220-being blocked I suggest you use your isp’s email server.
    220-Tarpitting is in place on this server also, more than
    220-2 RCPT commands in 1 session will incur delays.
    220 Do not spam this server!

    In my war against spam I seem to be winning.

    The only issues I have had with blocking legit mails is misconfigured mail servers that are configured stupidly, in which case I inform the admin to fix it.

    😉

    Reply
  3. Steve John

    Steve
    I found your report because I am getting fed up with emails from “biz-campaigns.co.uk”, they do carry an opt-out link “www.pics130506.com”, but this fails – what a surprise!
    The first domain is also registered by a “T Slater” at “Du pont House”. The second domain has a different name but no address, although both domains are hosted by the same server farm.
    If I can help you with any evidence needed to stop this prat, then I will gladly do so.
    I usually find that the opt-out links DO work, so I would like this to stop too.
    If a second approach (from me) to Nominet would help, please advise on the best course of action.

    Good luck

    Reply
  4. Steve John

    Steve
    Follow up to previous message. The email is coming off Fasthosts in Gloucester. Is this usefull? They do not have an abuse email address on the Whois register though.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Search this site

Free apps

  • birthday.sroot.eu – Your birthday or other celebration date based on [years on other planets] / [how many seconds/days] / [how far you’ve travelled around the sun]
  • stampulator.sroot.eu – Calculates the combination and how many 1st, 2nd, large 1st and large 2nd class Royal Mail stamps you need on large envelopes and packets

Recent posts

Archives

Categories