Discuss June 2006

discuss@lists.surbl.org

8 participants
5 discussions

RE: [SURBL-Discuss] Rolex spam on hijacked domains
by Chris Santerre 30 Jun '06

30 Jun '06

> -----Original Message----- > From: Joe Wein [mailto:joewein@pobox.com] > Sent: Friday, June 30, 2006 10:13 AM > To: SURBL Discussion list > Subject: [SURBL-Discuss] Rolex spam on hijacked domains > > > I've seen at least two cases today of domains used in fake > Rolex etc. spams > that were untypically old. The oldest was > > Domain Name: ALLREDMETAL.COM > Registrar: ENOM, INC. > Whois Server: whois.enom.com > Referral URL: http://www.enom.com > Name Server: NS2.ALLREDMETAL.COM > Name Server: NS1.ALLREDMETAL.COM > Status: REGISTRAR-LOCK > EPP Status: clientDeleteProhibited > EPP Status: clientUpdateProhibited > EPP Status: clientTransferProhibited > Updated Date: 29-Jun-2006 > Creation Date: 03-Apr-1997 > Expiration Date: 04-Apr-2010 > Open Dir browsing: http://allredmetal.com/d1/ I'm going thru it now. Looks like they grabbed the domain or hijacked it. --Chris

2 1

Rolex spam on hijacked domains
by Joe Wein 30 Jun '06

30 Jun '06

I've seen at least two cases today of domains used in fake Rolex etc. spams that were untypically old. The oldest was Domain Name: ALLREDMETAL.COM Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: NS2.ALLREDMETAL.COM Name Server: NS1.ALLREDMETAL.COM Status: REGISTRAR-LOCK EPP Status: clientDeleteProhibited EPP Status: clientUpdateProhibited EPP Status: clientTransferProhibited Updated Date: 29-Jun-2006 Creation Date: 03-Apr-1997 Expiration Date: 04-Apr-2010 It is currently hosted in Russia even though it was the domain of a company in North Carolina. It was registered years ago and paid a few years in a advance. This does not look like a spammer domain at all. Here are the contact details of the owner obtained via archive.org: Allred Metal Stamping Works 1305 Thomasville Rd. High Point, NC 27260 M-F, 9 AM-5 PM EST 800.299.7421 336.886.5221 Fax: 336.841.6201 It almost looks like the domain registration was hijacked, because the domain was updated yesterday. Here is the corresponding spam: ===== Received: by mx0.webpack.hosteurope.de (theta.mc1.hosteurope.de) running EXperimental Internet Mailer (even more power) using esmtp from 86-63-112-191.asta-net.com.pl ([86.63.112.191] helo=BABY) id 1FwEsI-0004E4-U8 for MYEMAILACCOUNT; Fri, 30 Jun 2006 11:01:19 +0200 Message-Id: <00d301c69c1b$88371880$343d3681@vjyssa> From: "saunder mason" <wilmeraguilar(a)purinmail.com> To: "garald mckenna" <MYEMAILACCOUNT> Subject: Luxury Date: Fri, 30 Jun 2006 08:04:44 +0000 TOP BRANDS - LOW LOW PRICES Jewelry * Handbags * Pens * Watches * Neckties * Clutches * Wallets Leather, silk and white gold sound good? Visit our site for real photos. Everything comes with a certificate, tags and all the extras, plus a warranty. http://allredmetal.com/luxury/ salt prairie fly frame fresh-fallen corn shocker kettle net soul-imitating vacuum vessel snow hut chlorine azide sad-seeming feed store weight-lifting hermit warbler drift bottle wife-bound game bird trip catch bore meal key desk blue-glimmering gathering coal magnifying glass tone painting ten-hour blood baptism cotton plugger jack block ===== These hijacked domains all contain several folders, with mortgage spam sites, gambling sites, fake rolex sites, etc. The oldest folder on this site almost exactly matches the site renewal date. Here's another one: Domain Name: MINIEXAMINER.COM Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: NS2.MINIEXAMINER.COM Name Server: NS1.MINIEXAMINER.COM Status: ACTIVE EPP Status: ok Updated Date: 26-Jun-2006 Creation Date: 05-Apr-2001 Expiration Date: 05-Apr-2008 and ==== TOP BRANDS - LOW LOW PRICES Jewelry * Handbags * Pens * Watches * Neckties * Clutches * Wallets Leather, silk and white gold sound good? Visit our site for real photos. Everything comes with a certificate, tags and all the extras, plus a warranty. http://miniexaminer.com/luxury/ pig hutch integral cover fuzzy-legged para red terra orellana rub-dub rock basin lavender grass willow acacia singing master tariff treaty grid leak Nonintercourse act slow-contact single-hung gopher plum queer-tempered transmission bands cloth doubler long-stroke ginger root big bluestem Non-egyptologist plague-smitten sab-cat vice-librarian wheat thief ==== The month/day of expiration (ignoring the year) of both domains is almost the same. Both now point to the same server in Russia. And take a look at this - "domain pending transfer": ===== Registrant Contact: DICK HUSSEY ENTERPRISES NA NA (NA) NA Fax: PO BOX 500280 MALABAR, FL 32950-0280 US Administrative Contact: RegisterFly.com, inc. Domain Pending Transfer (transfers(a)registerfly.com) +1.9737362545 Fax: +1.9737361355 404 Main Street 4th Floor Boonton, NJ 07005 US Technical Contact: NA LLC Network Solutions (customerservice(a)networksolutions.com) +1.8886429675 Fax: +1.5714344620 13200 Woodland Park Drive Herndon, CO 20171-3025 US ===== Anybody else noticed anything like this? Joe Wein

1 0

RE: [SURBL-Discuss] RE: Requesting removal from blacklist
by Greg Schuler 26 Jun '06

26 Jun '06

Hi Jeff, I've subscribed to the to the mailing list. Regarding your comment below, should we ever decide to re-enter the email marketing business we will build our mailing list from scratch using a confirmed/verified/closed-loop opt-in process so there will be no doubt regarding permission to mail. I've noticed that aptimus.com is still on or has moved to the ws.surbl.org list. Is there other information I can provide to further my request for removal? Regards, Greg Schuler Aptimus, Inc. -----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Saturday, May 20, 2006 4:19 AM To: Greg Schuler Cc: William Stearns; ml-surbl-discuss Subject: Re: [SURBL-Discuss] RE: Requesting removal from blacklist On Friday, May 19, 2006, 3:08:23 PM, Greg Schuler wrote: > Hi Bill, > I appreciate your quick response. And I'm interested in what others > on the mailing list might have to say about this as well. Greg, You may want to subscribe: http://lists.surbl.org/mailman/listinfo/discuss (I had to manually approve your message since you're not subscribed. You can unsubscribe at any time.) > In answer to your questions: >>If you've assembled a live customer list with UBE for a few years, >>then stop sending UBE, doesn't that mean you get the benefits of that >>UBE even after you stop sending it? > I don't believe so. First, even though we didn't have a 100% > closed-loop opt-in list process, most of the email we sent was not > UBE. We only emailed names collected from what we believed were > legitimate transactions on our partner web sites. The consumer was > always presented with a privacy policy and terms of service that told > them they would be agreeing to receive future email offers by > completing the transaction. So while it wasn't perfect, we were making > an effort to be sure the email we sent had the end-user's permission. > We ultimately learned that this wasn't sufficient. > The fact that we ended up with spam traps and other "bad" > addresses in our email lists is proof that our process was flawed. So > we decided to exit the email business in December, 2005. Had we > continued to email "live customers" after that, then yes I suppose you > could say we were still benefiting from past practices. But we didn't > do that. One way to definitively solve this kind of problem is to mail your existing addresses and ask if they still want to get mail. If they don't reply or say no, you remove them. It's a pretty standard solution. Have you considered that? Jeff C. -- Don't harm innocent bystanders.

2 2

Merak
by Tom McGlinn 24 Jun '06

24 Jun '06

Hello all. SURBL/URIBL checks aren't working properly in Merak Mail server. We have been working with the vendor, providing examples of failures, as they try to make repairs. We run Merak Mail server. Is there another product that can be added separately to implement SURBL checks correctly? If not, will you kindly provide the name of a mail server that has proven to work very well with SURBL/URIBL? I view your work as such an effective tool against spam, that I'm willing to switch servers if IceWarp is ultimately unable to implement the functionality for this. Thank you, Tom

2 3

I can't find myself in multi.surbl.org but some software says I am - now what?
by milius＠milius.net 05 Jun '06

05 Jun '06

hello list, I'm here because I was just using some wiki software that told me I can not insert my domain: http://www.milius.net there because it's in this list: multi.surbl.org so I checked http://www.rulesemporium.com/cgi-bin/uribl.cgi and http://www.surbl.org/implementation.html but my domain does not seem to be in any blacklist or am I doing something wrong? could someone please help me to get my domain clean again? best, oliver

3 5

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss June 2006