> -----Original Message-----
> From: Joe Wein [mailto:joewein@pobox.com]
> Sent: Friday, June 30, 2006 10:13 AM
> To: SURBL Discussion list
> Subject: [SURBL-Discuss] Rolex spam on hijacked domains
>
>
> I've seen at least two cases today of domains used in fake
> Rolex etc. spams
> that were untypically old. The oldest was
>
> Domain Name: ALLREDMETAL.COM
> Registrar: ENOM, INC.
> Whois Server: whois.enom.com
> Referral URL: http://…
[View More]www.enom.com
> Name Server: NS2.ALLREDMETAL.COM
> Name Server: NS1.ALLREDMETAL.COM
> Status: REGISTRAR-LOCK
> EPP Status: clientDeleteProhibited
> EPP Status: clientUpdateProhibited
> EPP Status: clientTransferProhibited
> Updated Date: 29-Jun-2006
> Creation Date: 03-Apr-1997
> Expiration Date: 04-Apr-2010
>
Open Dir browsing:
http://allredmetal.com/d1/
I'm going thru it now. Looks like they grabbed the domain or hijacked it.
--Chris
[View Less]
I've seen at least two cases today of domains used in fake Rolex etc. spams
that were untypically old. The oldest was
Domain Name: ALLREDMETAL.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS2.ALLREDMETAL.COM
Name Server: NS1.ALLREDMETAL.COM
Status: REGISTRAR-LOCK
EPP Status: clientDeleteProhibited
EPP Status: clientUpdateProhibited
EPP Status: clientTransferProhibited
Updated Date: 29-Jun-2006
…
[View More]Creation Date: 03-Apr-1997
Expiration Date: 04-Apr-2010
It is currently hosted in Russia even though it was the domain of a company
in North Carolina.
It was registered years ago and paid a few years in a advance. This does not
look like a spammer domain at all. Here are the contact details of the owner
obtained via archive.org:
Allred Metal Stamping Works
1305 Thomasville Rd.
High Point, NC 27260
M-F, 9 AM-5 PM EST
800.299.7421
336.886.5221
Fax: 336.841.6201
It almost looks like the domain registration was hijacked, because the
domain was updated yesterday.
Here is the corresponding spam:
=====
Received: by mx0.webpack.hosteurope.de (theta.mc1.hosteurope.de) running
EXperimental Internet Mailer (even more power) using esmtp
from 86-63-112-191.asta-net.com.pl ([86.63.112.191] helo=BABY)
id 1FwEsI-0004E4-U8
for MYEMAILACCOUNT; Fri, 30 Jun 2006 11:01:19 +0200
Message-Id: <00d301c69c1b$88371880$343d3681@vjyssa>
From: "saunder mason" <wilmeraguilar(a)purinmail.com>
To: "garald mckenna" <MYEMAILACCOUNT>
Subject: Luxury
Date: Fri, 30 Jun 2006 08:04:44 +0000
TOP BRANDS - LOW LOW PRICES
Jewelry * Handbags * Pens * Watches * Neckties * Clutches * Wallets
Leather, silk and white gold sound good? Visit our site for real photos.
Everything comes with a certificate, tags and all the extras, plus a
warranty.
http://allredmetal.com/luxury/
salt prairie fly frame fresh-fallen
corn shocker kettle net soul-imitating
vacuum vessel snow hut chlorine azide
sad-seeming feed store weight-lifting
hermit warbler drift bottle wife-bound
game bird trip catch bore meal
key desk blue-glimmering gathering coal
magnifying glass tone painting ten-hour
blood baptism cotton plugger jack block
=====
These hijacked domains all contain several folders, with mortgage spam
sites, gambling sites, fake rolex sites, etc. The oldest folder on this site
almost exactly matches the site renewal date.
Here's another one:
Domain Name: MINIEXAMINER.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS2.MINIEXAMINER.COM
Name Server: NS1.MINIEXAMINER.COM
Status: ACTIVE
EPP Status: ok
Updated Date: 26-Jun-2006
Creation Date: 05-Apr-2001
Expiration Date: 05-Apr-2008
and
====
TOP BRANDS - LOW LOW PRICES
Jewelry * Handbags * Pens * Watches * Neckties * Clutches * Wallets
Leather, silk and white gold sound good? Visit our site for real photos.
Everything comes with a certificate, tags and all the extras, plus a
warranty.
http://miniexaminer.com/luxury/
pig hutch integral cover fuzzy-legged
para red terra orellana rub-dub
rock basin lavender grass willow acacia
singing master tariff treaty grid leak
Nonintercourse act slow-contact single-hung
gopher plum queer-tempered transmission bands
cloth doubler long-stroke ginger root
big bluestem Non-egyptologist plague-smitten
sab-cat vice-librarian wheat thief
====
The month/day of expiration (ignoring the year) of both domains is almost
the same. Both now point to the same server in Russia. And take a look at
this - "domain pending transfer":
=====
Registrant Contact:
DICK HUSSEY ENTERPRISES
NA NA (NA)
NA
Fax:
PO BOX 500280
MALABAR, FL 32950-0280
US
Administrative Contact:
RegisterFly.com, inc.
Domain Pending Transfer (transfers(a)registerfly.com)
+1.9737362545
Fax: +1.9737361355
404 Main Street
4th Floor
Boonton, NJ 07005
US
Technical Contact:
NA
LLC Network Solutions (customerservice(a)networksolutions.com)
+1.8886429675
Fax: +1.5714344620
13200 Woodland Park Drive
Herndon, CO 20171-3025
US
=====
Anybody else noticed anything like this?
Joe Wein
[View Less]
Hi Jeff,
I've subscribed to the to the mailing list.
Regarding your comment below, should we ever decide to re-enter the
email marketing business we will build our mailing list from scratch
using a confirmed/verified/closed-loop opt-in process so there will be
no doubt regarding permission to mail.
I've noticed that aptimus.com is still on or has moved to the
ws.surbl.org list. Is there other information I can provide to further
my request for removal?
Regards,
Greg Schuler
Aptimus, Inc.
…
[View More]
-----Original Message-----
From: Jeff Chan [mailto:jeffc@surbl.org]
Sent: Saturday, May 20, 2006 4:19 AM
To: Greg Schuler
Cc: William Stearns; ml-surbl-discuss
Subject: Re: [SURBL-Discuss] RE: Requesting removal from blacklist
On Friday, May 19, 2006, 3:08:23 PM, Greg Schuler wrote:
> Hi Bill,
> I appreciate your quick response. And I'm interested in what others
> on the mailing list might have to say about this as well.
Greg,
You may want to subscribe:
http://lists.surbl.org/mailman/listinfo/discuss
(I had to manually approve your message since you're not subscribed.
You can unsubscribe at any time.)
> In answer to your questions:
>>If you've assembled a live customer list with UBE for a few years,
>>then stop sending UBE, doesn't that mean you get the benefits of that
>>UBE even after you stop sending it?
> I don't believe so. First, even though we didn't have a 100%
> closed-loop opt-in list process, most of the email we sent was not
> UBE. We only emailed names collected from what we believed were
> legitimate transactions on our partner web sites. The consumer was
> always presented with a privacy policy and terms of service that told
> them they would be agreeing to receive future email offers by
> completing the transaction. So while it wasn't perfect, we were making
> an effort to be sure the email we sent had the end-user's permission.
> We ultimately learned that this wasn't sufficient.
> The fact that we ended up with spam traps and other "bad"
> addresses in our email lists is proof that our process was flawed. So
> we decided to exit the email business in December, 2005. Had we
> continued to email "live customers" after that, then yes I suppose you
> could say we were still benefiting from past practices. But we didn't
> do that.
One way to definitively solve this kind of problem is to mail your
existing addresses and ask if they still want to get mail.
If they don't reply or say no, you remove them.
It's a pretty standard solution.
Have you considered that?
Jeff C.
--
Don't harm innocent bystanders.
[View Less]
Hello all.
SURBL/URIBL checks aren't working properly in Merak Mail server. We have
been working with the vendor, providing examples of failures, as they try to
make repairs.
We run Merak Mail server. Is there another product that can be added
separately to implement SURBL checks correctly? If not, will you kindly
provide the name of a mail server that has proven to work very well with
SURBL/URIBL?
I view your work as such an effective tool against spam, that I'm willing to
…
[View More]switch servers if IceWarp is ultimately unable to implement the
functionality for this.
Thank you,
Tom
[View Less]