You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Loren Wilton <lw...@earthlink.net> on 2004/08/09 01:48:31 UTC

Is this a sign of a spammer registrar?

[Querying whois.internic.net]
[Redirected to whois.directi.com]
[Querying whois.directi.com]
[whois.directi.com]
Domain Name: CPACCESS1.COM

-----------------------------------
Domain Expiration Date: 07-Jan-2005
Domain Creation Date: 07-Jan-2004
Domain Status: ACTIVE

-----------------------------------
Domain servers in listed order:
    ns1.cpaccess1.com
    ns2.cpaccess1.com

Registrant:
    Undisclosed
    Undisclosed        (Undisclosed@Undisclosed.com)
    Undisclosed
    Undisclosed
    null,123456
    IN
    Tel. +91.1111111

Administrative Contact:
    Undisclosed
    Undisclosed        (Undisclosed@Undisclosed.com)
    Undisclosed
    Undisclosed
    null,123456
    IN
    Tel. +91.1111111

Technical Contact:
    Undisclosed
    Undisclosed        (Undisclosed@Undisclosed.com)
    Undisclosed
    Undisclosed
    null,123456
    IN
    Tel. +91.1111111

Billing Contact:
    Undisclosed
    Undisclosed        (Undisclosed@Undisclosed.com)
    Undisclosed
    Undisclosed
    null,123456
    IN
    Tel. +91.1111111

RE: Is this a sign of a spammer registrar?

Posted by "David J. Duffner - NWCWEB.com" <we...@nwcweb.com>.

	Not necessarily a spammer Registrar, but certainly
one that shouldn't be allowed to register and maintain
domains!  Looks more like their systems allow someone
to punch in anything that looks remotely close to a
valid answer and then that gets propagated into the
networks.

	In this case the domain, which may be at an HSP
or at least has it's own DNS on that server, is at a
host who certainly allows spammy stuff to fly.

	Best course of action is to do a traceroute 
on the IP you ended up with and see if it leads you to
any clues on who this domain is registered to.  Also
snap a nice nastygram to 'Directi', though that'll go
unanswered or have a reply like 'not our problem, 
have a nice day'.  You can file a complaint with ICANN
on it, wouldn't hurt, but again it takes a large stream
of complaints to them about a Registrar to get any
movement.

	Any the whole thing coud be a smokescreen for a
forged IP anyways, which makes all the work pointless.

	Sorry there isn't a better answer, we've been 
fighting them off like mad lately too! Starting to see
a rash of completely blank and half-filled header e-mails
with no easy tracebacks and no way to block them out.

      David J. Duffner
      VP Operations
      NWC Corporation
      NWCWEB.com
      
============================================
NWCWEB.com - Your Design & Hosting Solution!
Featuring Ensim Pro/Linux Servers, Hosted
Accounts, Web Design and e-Commerce services
NWC Corporation - Global e-Pay Solutions
============================================
 



>-----Original Message-----
>From: Loren Wilton [mailto:lwilton@earthlink.net] 
>Sent: Sunday, August 08, 2004 7:49 PM
>To: SpamAssassin Mailing List
>Subject: Is this a sign of a spammer registrar?
>
>
>[Querying whois.internic.net]
>[Redirected to whois.directi.com]
>[Querying whois.directi.com]
>[whois.directi.com]
>Domain Name: CPACCESS1.COM
>
>-----------------------------------
>Domain Expiration Date: 07-Jan-2005
>Domain Creation Date: 07-Jan-2004
>Domain Status: ACTIVE
>
>-----------------------------------
>Domain servers in listed order:
>    ns1.cpaccess1.com
>    ns2.cpaccess1.com
>
>Registrant:
>    Undisclosed
>    Undisclosed        (Undisclosed@Undisclosed.com)
>    Undisclosed
>    Undisclosed
>    null,123456
>    IN
>    Tel. +91.1111111
>
>Administrative Contact:
>    Undisclosed
>    Undisclosed        (Undisclosed@Undisclosed.com)
>    Undisclosed
>    Undisclosed
>    null,123456
>    IN
>    Tel. +91.1111111
>
>Technical Contact:
>    Undisclosed
>    Undisclosed        (Undisclosed@Undisclosed.com)
>    Undisclosed
>    Undisclosed
>    null,123456
>    IN
>    Tel. +91.1111111
>
>Billing Contact:
>    Undisclosed
>    Undisclosed        (Undisclosed@Undisclosed.com)
>    Undisclosed
>    Undisclosed
>    null,123456
>    IN
>    Tel. +91.1111111
>
>
>
>-- 
>Message scanned by MailScanner, and is believed to be clean.  
>CONFIDENTIALITY NOTICE:  This transmission intended for the
>specified destination and person.  If this is not you, this
>e-mail must be deleted immediately.     www.nwcweb.com
>


-- 
Message scanned by MailScanner, and is believed to be clean.  
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.nwcweb.com