Got a spam mentioning photo.com and some chat site. The chat site may be spammy but does anyone know anything about photo.com?
Seems to be several years old:
Registrant: Calumet Photographic Inc. 890 Supreme Dr. Bensenville, IL 60106 US
Domain Name: PHOTO.COM
Administrative Contact: Perazella, Tom tom.perazella@CALUMETPHOTO.COM Calumet Photographic, Inc. 890 Supreme Dr. Bensenville, IL 60106 US (630) 860-7447 fax: 999 999 9999
Technical Contact: Fischer, Douglas doug.fischer@calumetphoto.com 890 Supreme Drive Bensenville, IL 60106 US 630-860-7447 X3204 fax: 123 123 1234
Record expires on 06-Apr-2006. Record created on 07-Apr-1998. Database last updated on 28-Aug-2005 04:09:30 EDT.
Domain servers in listed order:
NS1.PRIMARYDEVELOPMENT.NET 38.119.37.68 NS3.PRIMARYDEVELOPMENT.NET 38.119.37.120 NS2.PRIMARYDEVELOPMENT.NET 38.119.37.69
Jeff C. -- Don't harm innocent bystanders.
Got a spam mentioning photo.com and some chat site. The chat site may be spammy but does anyone know anything about photo.com?
Seems to be several years old:
It is, and the registered owners (Calumet Photo) have been around since before WWII in a west-side suburb of Chicago, from what a little research found. I saw the spams in question (got several of them this weekend in the spamtrap), and my guess is that the photo.com site might have been compromized or trojaned. I'd recommend a phone call to Calumet Photo on Monday with evidence and paths of offending photographs in hand, to discuss things.
Meanwhile.... Until this rash of spams, I'd never heard of photo.com before, and it's been around since 1998. That tells me that the chances of it being an innocent bystander are pretty high. I wouldn't list it in SURBL, not unless/until we get evidence that it's been taken over by bad guys and can't be taken back from them.
Got a spam mentioning photo.com and some chat site. The chat site may be spammy but does anyone know anything about photo.com?
Update -- the graphic referenced in the spam run, and the directory it was in, are gone from the server/404 compliant. I think this was a compromised server, but it looks like someone got in touch with the owners and they took care of it quickly. (Now, if they'd just update their buggy Apache 1.3x software to the latest Apache 2.x, that would be perfect.) :)
On Sunday, August 28, 2005, 1:10:20 PM, Catherine Hampton wrote:
Got a spam mentioning photo.com and some chat site. The chat site may be spammy but does anyone know anything about photo.com?
Update -- the graphic referenced in the spam run, and the directory it was in, are gone from the server/404 compliant. I think this was a compromised server, but it looks like someone got in touch with the owners and they took care of it quickly. (Now, if they'd just update their buggy Apache 1.3x software to the latest Apache 2.x, that would be perfect.) :)
Thanks for the research Catherine. I'm going to whitelist photo.com. We can always unwhitelist in the unlikely event that spammers take over or compromise this domain in future.
High value domain names like this generally tend to be pretty well taken care of, AFIACT.
Jeff C. -- Don't harm innocent bystanders.
-
ariel@spambouncer.org -
Jeff Chan