Ways of Reporting Spammers With Bogus Domain Names

No replies
GraysonPeddie's picture
Joined: 10/29/2006
Posts: 570

(Begin of update.)

PLEASE forget about my thread. I'm reading this: http://www.rickconner.net/spamweb/pop-find-registrar.html


I've been bombarded by automatedtradingauctions.com ( and BeautifulPolishingSupply.com, which does not resolve to Both of them were rejected by Postfix.

(End of update.)


I've gotten eight e-mail messages coming from eight domain names that look exactly the same:

I've used DomainTools.com and when I try to look up 6 out of 8 of them (2 of the domains have already been reported to two different registrars), I get this:

Quote:Thank you for using the DomainTools for your domain research. To protect domain registrants we limit the number of anonymous whois lookups that are allowed. We wish that you will continue using our service for domain information but ask that you create and log into a DomainTools account before doing any more lookups.

I understand if it's to protect the legitimate domain owners, but that's like protecting spammers creating thousands of domain names per second!

Anyway, here's a message that I got (note that they are exactly the same from 8 domains that I've encountered so far):


To view this deal on a webpage click here
Special Tips, Advice and Deals
Chosen Just for You


Click For More »
Go To Site »
Read Full Article »

(Image URL: http://dairyfarmermarket.com/tthqdffathjyugafyxjeugjvtoezmjrijtjgmjbdhkjvtvjtauwjtxlijogjnrj/Image.ashx?id=1277)

The image contains a message to tell me to unsubscribe if I don't want to receive any e-mails from the mailing list which I don't bother to do so! Nope, I cannot do that as that will get my e-mail address to be verified by spammers so that they can send more spam!

Here's a sample of the header with my domain name removed):

Delivered-To: admin@[...]
Received: from localhost (localhost [])
by [...] (Postfix) with ESMTP id C11EB9C2CF2
for ; Sat, 11 Aug 2012 09:16:00 -0400 (EDT)
X-Virus-Scanned: amavisd-new at [...]
Authentication-Results: server1.[...] (amavisd-new); dkim=pass
[email protected]
Authentication-Results: server1.[...] (amavisd-new);
domainkeys=softfail (invalid, bad identity)
[email protected]
Received: from [...] ([])
by localhost (server1.[...] []) (amavisd-new, port 10024)
with ESMTP id QX-ewrpQ0jFw for ;
Sat, 11 Aug 2012 09:15:48 -0400 (EDT)
Received: by [...] (Postfix, from userid 1005)
id EDD139C2D4D; Sat, 11 Aug 2012 09:15:47 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Flag: YES
X-Spam-Level: **
X-Spam-Status: Yes, score=2.3 required=2.0 tests=DKIM_SIGNED,DKIM_VALID,
T_REMOTE_IMAGE autolearn=no version=3.3.2
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author‘s
* domain
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.0 T_REMOTE_IMAGE Message contains an external image
Received-SPF: pass (dairyfarmermarket.com: is authorized to use [email protected] in ‘mfrom‘ identity (mechanism ‘ip4:‘ matched)) receiver=[...]; identity=mailfrom; envelope-from="[email protected]"; helo=dairyfarmermarket.com; client-ip=
Received: from dairyfarmermarket.com (unknown [])
by [...] (Postfix) with ESMTP id 839F39C2CF2
for ; Sat, 11 Aug 2012 09:15:42 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; s=k1; d=dairyfarmermarket.com;
h=Message-ID:MIME-Version:From:To:Date:Subject:Content-Type:Content-Transfer-Encoding; [email protected];
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=dairyfarmermarket.com;
Received: by dairyfarmermarket.com id h4pdfo0qknon for ; Sat, 11 Aug 2012 06:15:38 -0700 (envelope-from )
MIME-Version: 1.0
From: "Medical Billing and Coding"

To: gp@[...]
Date: 11 Aug 2012 06:15:42 -0700
Subject: Learn what it takes to earn a medical coding degree
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

I'd like to congratulate spammers for passing the SPF (Sender Policy Framework) and DKIM (evolution of Yahoo's DomainKeys) test.

Should I just ignore them? I've got two email messages that landed in my inbox folder (score of 1.0) while 6 of them got landed up in the junk mail folder (score: 2.3) due to not having a reverse DNS setup or something. I'm using SpamAssassin and the score that is required to have mail sent to junk folder is set to 2.0. I'm trying to do whatever I can to combat them.

The following domain names that I've gotten spam are:

SpamAssassin score: 2.3:

SpamAssassin score: 1.0:

These domains get registered from different registrars.

PC: Tt Core V21; Kaveri APU, 16GB RAM, GTX 960, Arch Linux
Server: Rosewill Legacy V6-S, AMD Athlon 5350 APU, 8GB RAM, 90W DC-IN PSU, Ubuntu Server