On Tuesday, September 7, 2004, 5:40:47 PM, Joe Wein wrote:
Chris Santerre wrote:
Domain List matching contacts_email of hostmaster@1and1.com
* 1: 1-asian-sex.com * 2: 1and1.com...
* 48: uptimesoftware.com * 49: wonderfulldeals.com
I think you're missing the point, Chris. The domain 1and1.com is unlikely to be listed in spam, let alone *only* listed in spam. Furthermore, of the domains you list I had a hard time finding one that was both active and SURBL-listed.
I hope Chris was showing us some other domains with similar registration information. That said, *registrar* information isn't to useful except in the case of mostly blackhat registrars.
Schlund+Partner AG (the company behind the domain) is one of the largest web hosters in Germany and incidentally hosts my site too.
Given the size of their business they may well host some spammy sites from time to time (along with some 40,000 non-spam sites in their German data centre alone), but they are not a blackhat. Their abuse department is one of the more responsive in the business. When they get evidence more than once, they do take action.
A definite whitelist case.
Schlund+Partner AG is probably not a blackhat registrar then, so listing all of their domains probably isn't too useful, even the spammy ones. If this is a large hosting provider with many legitimate customers, then we can't assume that any domain they host is spammy. Otherwise we would need to assume Joe's domain is spammy.... On the other hand Joe's domain probably doesn't appear in spams too often (unless it gets joe jobbed, no pun intended), so we probably would not even see his registration information very often.
Far more useful is the registrant information, i.e. who is registering them, though of course that can be and often is forged by the bad guys. On the other hand as people who track spam domain registration data know, there are many repeated or similar fake registrant names, addresses, etc. in the registrant data. Those probably are useful to note since they can be used to more quickly identify new domains as likely spammy. For example see the "Aruba" domains or the "Eugene Oregon USA" domains. When I see one of those familiar (fake?) addresses in a registration, I can be pretty sure they belong to the same old (lazy) spammer. Other spammers randomize their registrations.
A useful thing about listing domains and not IP addreses (or name servers or registrars) is that we can list just the specific bad guy domains and not the registrar, IP blocks, nameservers, etc. It's an approach that focusses more directly on the actual abuse. It also means that if they change ISPs, registrars, servers, etc. we still have their domains listed. :-)
Jeff C.