DomainFactory.com and spamming

[mole]

Anyone knows who this person is? I've received 7 different tracing routes for this spam. They change underware like a dog with diarrhea grrrr

 

[mole]

This is too much, my 11th SPAM MAIL from DomainFactory.com, all using illegal cloaking techniques - none similar. Bastards.

Register Your Domain for only $14.95

Have you always wanted to register your own custom domain name but could not afford it? Domain Factory now brings you affordable, low-cost domain registration services for only $14.95 per year. This all-inclusive fee includes DNS service, URL Forwarding, and access to an easy-to-use online Domain Manager. The best part is that this low rate applies to the most popular domain extensions available, including the new .biz and .info extensions.

These brand new domain extensions were recently approved by ICANN and have the same rights as the original .COM and .NET domain names. The biggest benefit is of-course that the .BIZ and .INFO domain names are currently more available. i.e. it will be much easier to register an attractive and easy-to-remember domain name for the same price. Visit:http://www.domainfactory.com today for more info.

Register your domain name today for just $14.95 at: http://www.domainfactory.com Registration fees include full access to an easy-to-use control panel to manage your domain name in the future.

Sincerely,

Domain Administrator
Domain Factory
http://www.domainfactory.com





To remove your email address from further promotional mailings from this company, please click here: http://www.emailremovals.com/cgi-bin/domain-remove.cgi


I1
6433tDck7-499EOTH3503fwIJ9-104GrVE5404wspQ1-820AlGB1194mPXU1-241l60
9913Qmcm9-274bOcu1557yWLS5-753jChG3829SyRb8-320ngGu4902hTrU8-719KdRV6118ohqzl72

Header trace for above cloak :

Received: from seductive.com [202.52.200.204] by ______
(SMTPD32-7.12) id A4618A00B0; Thu, 26 Dec 2002 09:38:25 -0500
Received: from 132.172.88.138 ([132.172.88.138]) by smtp.mixedthings.net with SMTP; 26 Dec 2002 03:39:39 +1100
Reply-To: "Phebie Prichard" <[email protected]>
Message-ID: <000001a2bb05$cab85871$2657805d@apptcjhp>
From: "Phebie Prichard" <[email protected]>
To: <__________>
Subject: do you understand? 5700mOvh0-651wpPY6237qTcj2-216o-29
Date: Thu, 26 Dec 2002 17:31:47 -0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00E0_75A75A7D.B4778C52"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Importance: Normal
X-RCPT-TO: <______________>
Status: U
X-UIDL: 340381507

Spamcop trace :-
Parsing header:

Received: from seductive.com [202.52.200.204] by imail7.innerhost.com (SMTPD32-7.12) id A4618A00B0; Thu, 26 Dec 2002 09:38:25 -0500
Possible spammer: 202.52.200.204
202.52.200.204 is not an MX for seductive.com
host seductive.com (checking ip) ip not found ; seductive.com discarded as fake.
205.158.62.24 is an MX for seductive.com
202.52.200.204 is not an MX for seductive.com
ips don't match; seductive.com discarded as fake
Taking name from IP...
host 202.52.200.204 (getting name) no name
Received line accepted

Received: from 132.172.88.138 ([132.172.88.138]) by smtp.mixedthings.net with SMTP; 26 Dec 2002 03:39:39 +1100
host 202.52.200.204 (getting name) no name
202.52.200.204 not listed in opm.blitzed.org
Possible spammer: 132.172.88.138
Taking name from IP...
host 132.172.88.138 (getting name) no name
Chain test:smtp.mixedthings.net =? 202.52.200.204
202.52.200.204 is not an MX for smtp.mixedthings.net
host smtp.mixedthings.net (checking ip) ip not found ; smtp.mixedthings.net discarded as fake.
no MXs for smtp.mixedthings.net
no MXs for mixedthings.net
host 202.52.200.204 (getting name) no name
Chain test failed
Routing details for 202.52.200.204
[refresh/show] Cached whois for 202.52.200.204 : [email protected]
Using last resort contacts [email protected]
Whois found [email protected]
Chain error smtp.mixedthings.net not equal to last sender received line discarded


Tracking message source:202.52.200.204:
Routing details for 202.52.200.204
[refresh/show] Cached whois for 202.52.200.204 : [email protected]
Using last resort contacts [email protected]
Whois found [email protected]
Yum, this spam is fresh!
202.52.200.204 not listed in formmail.relays.monkeys.com
202.52.200.204 not listed in opm.blitzed.org
202.52.200.204 not listed in relays.ordb.org.
202.52.200.204 not listed in query.bondedsender.org


Found link: http://www.domainfactory.com
[report history]
host www.domainfactory.com (checking ip) ip = 211.99.203.249


Tracking ip 211.99.203.249
Routing details for 211.99.203.249
[refresh/show] Cached whois for 211.99.203.249 : [email protected]
Using last resort contacts [email protected]
[email protected] redirects to [email protected]
De-referencing [email protected]
abuse net 21vianet.com = [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Whois found [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
[email protected] bounces (87277 sent : 43639 bounces)
Using abuse#[email protected] for statistical tracking.
[email protected] redirects to [email protected]
De-referencing [email protected]
abuse net 21vianet.com = [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] bounces (99 sent : 875 bounces)
Using webmaster#[email protected] for statistical tracking.
[email protected] bounces (99 sent : 875 bounces)
[email protected] redirects to [email protected]
[email protected] bounces (87277 sent : 43639 bounces)
I know this ISP's abuse address[email protected]
I know this ISP's abuse address[email protected]
[email protected] refuses SpamCop reports
Using postmaster#[email protected] for statistical tracking.
[email protected] refuses SpamCop reports
Using postmaster#[email protected] for statistical tracking.


Found link: http://www.emailremovals.com/cgi-bin/domain-remove.cgi
[report history]
host www.emailremovals.com (checking ip) ip = 61.188.13.252


Tracking ip 61.188.13.252
Routing details for 61.188.13.252
[refresh/show] Cached whois for 61.188.13.252 : [email protected], [email protected], [email protected]
abuse net cn.net = [email protected], [email protected], [email protected]
abuse net chinanet.cn.net = [email protected], [email protected], [email protected]
abuse net cn.net = [email protected], [email protected], [email protected]
abuse net chinanet.cn.net = [email protected], [email protected], [email protected]
Using last resort contacts [email protected] [email protected] [email protected] [email protected]
[email protected] bounces (99 sent : 23203 bounces)
Using anti-spam#[email protected] for statistical tracking.
[email protected] refuses SpamCop reports
Using shenjun#[email protected] for statistical tracking.
[email protected] bounces (99 sent : 20164 bounces)
Using postmaster#[email protected] for statistical tracking.
Whois found anti-spam#[email protected] shenjun#[email protected] postmaster#[email protected] [email protected]


Please make sure this email IS spam:
From: "Phebie Prichard" <[email protected]> (do you understand? 5700mOvh0-651wpPY6237qTcj2-216o-29)
Register Your Domain for only $14.95
Have you always wanted to register your own custom domain name but could not aff
View full message



Report Spam to:


Re:202.52.200.204 (Administrator of network where email originates)
To: [email protected] (Notes)

Re:http://www.domainfactory.com (Administrator of network hosting website referenced in spam)
To: abuse#[email protected] (Notes)
To: [email protected] (Notes)
To: [email protected] (Notes)
To: [email protected] (Notes)
To: [email protected] (Notes)
To: postmaster#[email protected] (Notes)
To: [email protected] (Notes)
To: [email protected] (Notes)
To: [email protected] (Notes)
To: webmaster#[email protected] (Notes)
To: [email protected] (Notes)


Re:http://www.emailremovals.com/cgi-bin

--------------------

 

[mole]

Address lookup
canonical name domainfactory.com.
aliases
addresses 211.99.203.249


Domain Whois record
Querying whois.internic.net with "dom domainfactory.com"...

Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: DOMAINFACTORY.COM
Registrar: TLDS, INC. DBA SRSPLUS
Whois Server: whois.srsplus.com
Referral URL: http://www.srsplus.com
Name Server: DNS1.CMAYA.COM
Updated Date: 17-oct-2002


>>> Last update of whois database: Thu, 26 Dec 2002 05:04:37 EST <<<

The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.


Querying whois.srsplus.com with "domainfactory.com"...

domainfactory.com

Registrant:
Vysoke Tatrin ([email protected])

Nam. Sv. Floriana 1002
Varin, NONE 013 03
SK
+421/89/692311


Domain Name: domainfactory.com



Admin Contact:
Vysoke Tatry ([email protected])

Nam. Sv. Floriana 1002
Varin, NONE 013 03
SK
+421/89/692311


Technical Contact:
Vysoke Tatry ([email protected])

Nam. Sv. Floriana 1002
Varin, NONE 013 03
SK
+421/89/692311


Billing Contact:
Vysoke Tatry ([email protected])
Domain Factory
Nam. Sv. Floriana 1002
Varin, NONE 013 03
SK
+421/89/692311




Record created on Jun 17 1996.
Record expires on Jun 16 2003.
Domain servers:
ns2.namedan.org
ns1.namedan.org


You have used the whois service 4 / 20

Network Whois record
Querying whois.arin.net with "211.99.203.249"...

Querying whois.apnic.net with "211.99.203.249"...

% [whois.apnic.net node-1]
% How to use this server http://www.apnic.net/db/
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 211.99.200.0 - 211.99.203.255
netname: DIALUP
descr: a-1 dialup net
descr: .com
descr: Beijing,China
country: CN
admin-c: YY86-AP
tech-c: YY86-AP
mnt-by: MAINT-CN-YANGYT
changed: [email protected] 20010427
status: ALLOCATED PORTABLE
source: APNIC

person: Yang yingtao
address: BOE Science Park,10 Jiuxianqiao Road,Chaoyang District
country: CN
phone: +86-1084562121
fax-no: +86-1084564234
e-mail: [email protected]
nic-hdl: YY86-AP
mnt-by: MAINT-CN-YANGYT
changed: [email protected] 20020517
source: APNIC



DNS records
name class type data time to live
domainfactory.com IN NS dns1.cmaya.com 86400s (1d)
domainfactory.com IN A 211.99.203.249 86400s (1d)
domainfactory.com IN MX preference: 10
exchange: cmaya.com
86400s (1d)
domainfactory.com IN SOA server: domainfactory.com
email: [email protected]
serial: 2002102000
refresh: 28800
retry: 14400
expire: 3600000
minimum ttl: 86400
86400s (1d)
99.211.in-addr.arpa IN SOA server: ns.cnc.ac.cn
email: [email protected]
serial: 2002120201
refresh: 10800
retry: 900
expire: 604800
minimum ttl: 86400
86400s (1d)

-- end --

 

[deepstar]

Contact their host, do a trace route to find all parties associated with this site and also email a report to [email protected]. That is all you can do legally.

Eric

 

[mole]

Done that already via Spamcop reporting and Nucem http://www.helpmesoft.com

Domainfactory.com is evidentially employing a professional spamming service to do the dirt for them, if you study the pattern.

They better watch it.

 

[TopNames.com]

FYI

This is NOT me. I was DNFactory.com before I bought TopNames.com but I never was DomainFactory.com.

regards,
Ken

 

[NamePopper.com]

Originally posted by TopNames.com
FYI

This is NOT me. I was DNFactory.com before I bought TopNames.com but I never was DomainFactory.com.

regards,
Ken

I'm glad you posted that Ken.

Since you had DomainNameFactory/DNFactory - it's important that people don't get you confused.

Damn spammers. Go get'em Mole!

 

[Ciqala]

True Ken sounds like you decided on the name change at the exact right time.

Mole have you seen a spammer through your spamcop service that sends a blank email with 2 attachments of varying file types and random subjects or a warning from a virus company for the klez virus with a supposed .exe fix for the problem???? i've been receiving 2 of these every 6 or so hours for the past 4 weeks and its pissing me off royally. So much i may be interested in taking up your service despite this being 1 of only 4 or so spams i receive regularly.

Ciq

 

[.biz]

I got over 200 e-mails from them.

nothing much you can do, except
1. use stolen credit card to buy thousands of their domains
2. write a script to send 1000 emails per minute to their admin contact, ceo contact, support contact, etc contact
3. DOS attack the server

well, nothing much you can do, really.

 

[mole]

Originally posted by Ciqala
True Ken sounds like you decided on the name change at the exact right time.

Mole have you seen a spammer through your spamcop service that sends a blank email with 2 attachments of varying file types and random subjects or a warning from a virus company for the klez virus with a supposed .exe fix for the problem???? i've been receiving 2 of these every 6 or so hours for the past 4 weeks and its pissing me off royally. So much i may be interested in taking up your service despite this being 1 of only 4 or so spams i receive regularly.

Ciq

Looks more like a spamming virus to me than a spam, ciq

Could be simply someone's computer with your email contact has been infected and everytime they boot up, it sends you that email morphed in different ways.

You could use Spamcop's email to auto-filter out these sort of emails before they hit your inbox.

There are actually a lot of solutions out there for these kinda things, so just do a google search and take your pick

 

[RMF]

I had a few email from him last week.

RMF

 

[domainguru]

Why the "nothing to be done approach"?

These spammers are obviously a reseller for an ICANN-accredited registrar. Why not scream at the registrar for harboring spammers???

You can never stop spammers from sending out spam but you can stop them from selling something.

 

[mole]

Originally posted by domainguru
You can never stop spammers from sending out spam but you can stop them from selling something.

Yup, I've hammered their web-host provider at least 5 times using Nucem.

 

[domainguru]

For the record, I was advising reporting them to their sponsoring ICANN registrar rather than using Nucem on their web hosting provider, ah well ...

 

[mole]

Registrars are hopeless in cases like these since they don't recognise AUP. The registry Netsol is even more hopeless. ICANN is totally hopeless.

The only way is to use AUP on ISPs and web-hosts with the threat of reporting the IP address to ORB and other blacklists.

 

[domainguru]

Well I know registrars that have shut down accounts of known spamming resellers, since it is a clear violation of their TOS.

Nothing like losing all their accumulated commissions to dent their their profits

You may need to put some pressure on the registrar - lots of e-mails to their compliance dept. + forums posts like "Why do registrar X support spammers?" should do the trick.

 

[.biz]

Originally posted by domainguru
Why the "nothing to be done approach"?

who said that? read my previous post between the line

 

[mole]

WHY DOES SRSPLUS.COM SUPPORT SPAMMERS? :upset:

 

[Drewbert]

>Well I know registrars that have shut down accounts of known spamming resellers, since it is a clear violation of their TOS.

Works with openSRS, but certainly not with eNom.

eNom's owners regard spam as a legitimate marketing exercise - I suspect they even do it themselves using fake reseller accounts.