anybody know about vendaregroup.com?

mikea mikea at mikea.ath.cx
Thu Feb 8 16:42:18 CET 2007


On Wed, Feb 07, 2007 at 08:58:08PM -0500, Jeff A. Earickson wrote:
> Gang,
> 
> I've noticed over the last couple of weeks that a lot of the outbound
> email sitting in my delay queue (ie, the stuff that isn't moving) was
> to be returned to vendaregroup.com.  I started investigating.  The
> source addresses varied widely, but the common thread was that when I
> did a dig on the domain name, the CNAME always pointed to them, eg:
> 
> dig kingofjeans.com
> ...
> ;; ANSWER SECTION:
> kingofjeans.com.        35815   IN      CNAME   dpweb.vendaregroup.com.
> dpweb.vendaregroup.com. 713     IN      A       72.5.175.90
> (etc)
> 
> I googled on vendare and didn't really find much nefarious info on
> them.  They just seem to be squatting on lots of domain names.
> 
> So...  I then added the following to my sendmail access db file:
> 
> vendaregroup.com    "550 Domain does not exist."
> 
> rebuilt my access.db file, and started watching the syslogs.
> Whoohoo!!  I am rejecting a fair amount of what is obviously spam
> right at my MTA, stuff that gets noted as "may be forged" and the
> like.
> 
> Anybody else notice this?  Anybody know anything more about
> vendaregroup.com?

You might want to use Google Groups, concentrating on the                  
news.admin.net-abuse.* newsgroups, to search for vendaregroup.             

I blocked them long ago, as sturdy and unregenerate spam-sources, both at
home and at work, with no complaints whatsoever about the block from any of
my users at work.

-- 
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin 


More information about the MailScanner mailing list