Post on Slashdot

Martin.Hepworth martinh at
Fri Sep 5 17:30:50 IST 2008

Second what Matt days.

We've have info from my wifes domain info used in two fraudilent attempts to get loans. The information was very specific to a couple of unusual things in that were in the domain registration.

Given the low use of the domain and the amount of hassle these two attempts gave us we've dropped the domain completely. (oh yeah and complete dis-interest from the Police as well didn't help).

Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at
> [mailto:mailscanner-bounces at] On Behalf
> Of Matt Hayes
> Sent: 05 September 2008 17:22
> To: MailScanner discussion
> Subject: Re: Post on Slashdot
> Alex Neuman van der Hans wrote:
> > I saw this post on Slashdot and wanted to share - see if
> you have any
> > insights, suggestions, etc.
> >
> > ----
> > Use the information against the spammers? (Score:4, Interesting) by
> > Seriph (466197) on Friday September 05, @08:49AM (#24886827)
> >
> > I've been doing some digging into this over the last few months and
> > noticed an awful lot of spamvertized sites seem to have
> their domains
> > registered with such privacy protecting registrars.
> >
> > I've been thinking about how to use the fact that a domain is
> > registered with such a registrar as part of a spam scoring
> metric and
> > whether anyone else has already done work on this? Just on the mail
> > passing through my systems, I'm seeing a very strong correlation
> > between a mail being spam and it referring to a domain
> registered with
> > such a registrar, with the domain nameservers being on dynamic IP
> > space, and with the DNS for the spam domain having a very
> low TTL value set.
> >
> > It's also interesting to track back the nameservers for any domains
> > referred to in the NS records of the spam domain. By doing so I can
> > find fairly large networks of interrelated spam domains and spam
> > websites, the addresses of many of which already appear on
> the likes
> > of the Spamcop and Spamhaus SBL/XBL lists or appear there
> shortly afterwards.
> >
> > The point is, is it practical to use this sort of
> information against
> > spammers and is anyone already doing it?
> > -----
> >
> >
> To me, private registration is a fine thing.  I do it with my domains.
> If people start scoring spam because of a private
> registration, I would say a lot of false positives are going
> to happen.  The private registration just means that the
> contact info posted is a "proxy" to the real person.  All in
> all, you can still get a hold of the right people, just takes
> a little bit longer.
> -Matt
> --
> MailScanner mailing list
> mailscanner at
> Before posting, read
> Support MailScanner development - buy the book off the website!

Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom

More information about the MailScanner mailing list