Ways of Reporting Spammers With Bogus Domain Names

No replies
GraysonPeddie
GraysonPeddie's picture
Offline
Joined: 10/29/2006
Posts: 569

(Begin of update.)

PLEASE forget about my thread. I'm reading this: http://www.rickconner.net/spamweb/pop-find-registrar.html

:(

I've been bombarded by automatedtradingauctions.com (216.59.163.73) and BeautifulPolishingSupply.com, which does not resolve to 199.188.127.201. Both of them were rejected by Postfix.

(End of update.)

.
.
.
.
.
.
.

I've gotten eight e-mail messages coming from eight domain names that look exactly the same:

I've used DomainTools.com and when I try to look up 6 out of 8 of them (2 of the domains have already been reported to two different registrars), I get this:

Quote:Thank you for using the DomainTools for your domain research. To protect domain registrants we limit the number of anonymous whois lookups that are allowed. We wish that you will continue using our service for domain information but ask that you create and log into a DomainTools account before doing any more lookups.

I understand if it's to protect the legitimate domain owners, but that's like protecting spammers creating thousands of domain names per second!

Anyway, here's a message that I got (note that they are exactly the same from 8 domains that I've encountered so far):

IN THIS ISSUE:

To view this deal on a webpage click here
Special Tips, Advice and Deals
Chosen Just for You

START HERE »

Click For More »
Go To Site »
Read Full Article »

(Image URL: http://dairyfarmermarket.com/tthqdffathjyugafyxjeugjvtoezmjrijtjgmjbdhkjvtvjtauwjtxlijogjnrj/Image.ashx?id=1277)

The image contains a message to tell me to unsubscribe if I don't want to receive any e-mails from the mailing list which I don't bother to do so! Nope, I cannot do that as that will get my e-mail address to be verified by spammers so that they can send more spam!

Here's a sample of the header with my domain name removed):

Return-Path:
Delivered-To: admin@[...]
Received: from localhost (localhost [127.0.0.1])
by [...] (Postfix) with ESMTP id C11EB9C2CF2
for ; Sat, 11 Aug 2012 09:16:00 -0400 (EDT)
X-Virus-Scanned: amavisd-new at [...]
Authentication-Results: server1.[...] (amavisd-new); dkim=pass
header.i=[email protected]
Authentication-Results: server1.[...] (amavisd-new);
domainkeys=softfail (invalid, bad identity)
header.from=[email protected]
Received: from [...] ([127.0.0.1])
by localhost (server1.[...] [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id QX-ewrpQ0jFw for ;
Sat, 11 Aug 2012 09:15:48 -0400 (EDT)
Received: by [...] (Postfix, from userid 1005)
id EDD139C2D4D; Sat, 11 Aug 2012 09:15:47 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
server1.[...]
X-Spam-Flag: YES
X-Spam-Level: **
X-Spam-Status: Yes, score=2.3 required=2.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,SPF_HELO_PASS,SPF_PASS,
T_REMOTE_IMAGE autolearn=no version=3.3.2
X-Spam-Report:
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author‘s
* domain
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.0 T_REMOTE_IMAGE Message contains an external image
Received-SPF: pass (dairyfarmermarket.com: 207.152.147.111 is authorized to use ‘[email protected]‘ in ‘mfrom‘ identity (mechanism ‘ip4:207.152.147.0/24‘ matched)) receiver=[...]; identity=mailfrom; envelope-from="[email protected]"; helo=dairyfarmermarket.com; client-ip=207.152.147.111
Received: from dairyfarmermarket.com (unknown [207.152.147.111])
by [...] (Postfix) with ESMTP id 839F39C2CF2
for ; Sat, 11 Aug 2012 09:15:42 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; s=k1; d=dairyfarmermarket.com;
h=Message-ID:MIME-Version:From:To:Date:Subject:Content-Type:Content-Transfer-Encoding; i=[email protected];
bh=FsHxGxh8QxP4ESvGtAsm7s+6Ih0=;
b=Q0dDssrp43+9bbXliED6oqSulNmOP/+NsQRuZouag/Ey9C3/MV9nEG26c2mNBSIGxcykrRZ0Z+DY
3vBJuK2+lsMLhFes+EGRYsQD4V+TTdDJ220jVWdIzLiqjGC01tU3KeZKUgPaXxlaD6rnlO52PvUN
+gIe3Zf+DG1qRRHGuJE=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=dairyfarmermarket.com;
b=vj44930w4sVSueKC7WPrveyFbI0EpCbP+gIxKkFxvu7VK2criImEJc7+K4GbueW/76teKjxjKZhz
Qxt87iWTQLxWF0r62ro5CFJzDyrD9eKmQkUdA7GLA1xwPhG+9jFNyI0Fic8Ae1e8F1JKllBb56NK
auTmW5yff6xIf2G1cFY=;
Received: by dairyfarmermarket.com id h4pdfo0qknon for ; Sat, 11 Aug 2012 06:15:38 -0700 (envelope-from )
Message-ID:
MIME-Version: 1.0
From: "Medical Billing and Coding"

To: gp@[...]
Date: 11 Aug 2012 06:15:42 -0700
Subject: Learn what it takes to earn a medical coding degree
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

I'd like to congratulate spammers for passing the SPF (Sender Policy Framework) and DKIM (evolution of Yahoo's DomainKeys) test.

Should I just ignore them? I've got two email messages that landed in my inbox folder (score of 1.0) while 6 of them got landed up in the junk mail folder (score: 2.3) due to not having a reverse DNS setup or something. I'm using SpamAssassin and the score that is required to have mail sent to junk folder is set to 2.0. I'm trying to do whatever I can to combat them.

The following domain names that I've gotten spam are:

SpamAssassin score: 2.3:
commoditytradingauctions.com
goodmusicsample.com
smartdataorganizer.com
closurespecialistcars.com
markettradingauctions.com
dairyfarmermarket.com

SpamAssassin score: 1.0:
americanmanufacturedcommunications.com
miamifoodielove.com

These domains get registered from different registrars.

HTPC: AMD Athlon X2 4050e CPU with 780G ATX motherboard running Windows 8 DP (4GB) and Ubuntu; Server: AMD AII X2 240e CPU with 880G-based ATX motherboard running Ubuntu Server 10.04 LTS (8GB)

2 pairs of Insignia NS-B2111s (front/rear), Pioneer SP-C21 Center Speaker, and 12" Velodyne Sub

Just ordered HP Pavilion dv7-6165us from QVC. Will have it by next Friday.