Email & Spam

Bruce Labitt bruce.labitt at myfairpoint.net
Wed Mar 8 16:54:23 EST 2023 

Radix?  That name did not show in my $ whois output.

$ whois --version
Version 5.5.13.

Well I did send all the message source info to godaddy when I filed the 
abuse complaint.  I also sent the same info to my ISP.  There's 
practically been no change so far, just a new "sender" has arrived to 
take the previous one's place.

Apparently this is an ongoing battle. Are there any better ISP's that 
are more aggressive about taking this spam issue more seriously?  Are 
there any anti spam laws in NH, or the US?  There is the CAN-SPAM act, 
according to the FTC, but these spammers put in enough info to 
technically be close to compliance.

The fact that many of these spams are

X-Origin-Country: RU

Gives me pause.


On 3/8/23 4:24 PM, Bryan Borsa wrote:
> The registry is Radix
> The registrar is GoDaddy
>
> My command line whois outputs more info than what is below ( the 
> registry info for example ) , but the Registrar info is the same.
>
> Domains By Proxy is also GoDaddy, well, owned by the same guy that 
> founded it anyway, they’re connected. It is almost certain that this 
> domain name was purchased from them.
>
> To know where a spam email originated from though, you would have to 
> parse the email headers, which would list the IP address of every mail 
> server it went through.  Reporting those IP’s is generally more 
> effective at stopping spam than reporting domain names.
>
> There are likely automated ways of doing that, but I am not familiar 
> with them.  I do know that mail server reputation is something that 
> mail providers / businesses care about ( to some extent anyway, and 
> some more than others ), because they get shut off if it gets too low. 
> ( other people won’t take their mail ).
>
>
>
>  - Bryan
>
>
>
>
>
>
>
>
>> On Mar 8, 2023, at 2:06 PM, Bruce Labitt 
>> <bruce.labitt at myfairpoint.net> wrote:
>>
>> Perhaps I am misunderstanding how to interpret the output.  This is 
>> one of the outputs of whois
>>
>> $ whois aagyemang.store
>> Domain Name: AAGYEMANG.STORE
>> Registry Domain ID: D345146502-CNIC
>> Registrar WHOIS Server: whois.godaddy.com
>> Registrar URL: https://www.godaddy.com/
>> Updated Date: 2023-02-23T09:25:07.0Z
>> Creation Date: 2023-01-23T21:28:02.0Z
>> Registry Expiry Date: 2024-01-23T23:59:59.0Z
>> Registrar: Go Daddy, LLC
>> Registrar IANA ID: 146
>> Domain Status: serverTransferProhibited 
>> https://icann.org/epp#serverTransferProhibited
>> Domain Status: clientRenewProhibited 
>> https://icann.org/epp#clientRenewProhibited
>> Domain Status: clientTransferProhibited 
>> https://icann.org/epp#clientTransferProhibited
>> Domain Status: clientUpdateProhibited 
>> https://icann.org/epp#clientUpdateProhibited
>> Domain Status: clientDeleteProhibited 
>> https://icann.org/epp#clientDeleteProhibited
>> Registrant Organization: Domains By Proxy, LLC
>> Registrant State/Province: Arizona
>> Registrant Country: US
>> Registrant Email: Please query the RDDS service of the Registrar of 
>> Record identified in this output for information on how to contact 
>> the Registrant, Admin, or Tech contact of the queried domain name.
>> Admin Email: Please query the RDDS service of the Registrar of Record 
>> identified in this output for information on how to contact the 
>> Registrant, Admin, or Tech contact of the queried domain name.
>> Tech Email: Please query the RDDS service of the Registrar of Record 
>> identified in this output for information on how to contact the 
>> Registrant, Admin, or Tech contact of the queried domain name.
>> Name Server: NS37.DOMAINCONTROL.COM
>> Name Server: NS38.DOMAINCONTROL.COM
>> DNSSEC: unsigned
>> Billing Email: Please query the RDDS service of the Registrar of 
>> Record identified in this output for information on how to contact 
>> the Registrant, Admin, or Tech contact of the queried domain name.
>> Registrar Abuse Contact Email: abuse at godaddy.com
>> Registrar Abuse Contact Phone: +1.4805058800
>> URL of the ICANN Whois Inaccuracy Complaint Form: 
>> https://www.icann.org/wicf/
>> >>> Last update of WHOIS database: 2023-03-08T18:40:36.0Z <<<
>>
>> For more information on Whois status codes, please visit 
>> https://icann.org/epp
>>
>> >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
>> https://www.centralnic.com/support/rdap <<<
>>
>> The Whois and RDAP services are provided by CentralNic, and contain
>> information pertaining to Internet domain names registered by our
>> our customers. By using this service you are agreeing (1) not to use any
>> information presented here for any purpose other than determining
>> ownership of domain names, (2) not to store or reproduce this data in
>> any way, (3) not to use any high-volume, automated, electronic processes
>> to obtain data from this service. Abuse of this service is monitored and
>> actions in contravention of these terms will result in being permanently
>> blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
>>
>> Access to the Whois and RDAP services is rate limited. For more
>> information, visit 
>> https://registrar-console.centralnic.com/pub/whois_guidance.
>>
>>
>> Registrar is godaddy.  I did contact abuse at godaddy.com.  Is there a 
>> more automated (scripted?) way of getting this done?  So it doesn't 
>> take so much of my time? It feels like tilting at windmills, but, it 
>> would be good to fight back a little.  Domains by Proxy is the 
>> intermediary - a corporation set up to "manage unsolicited contacts 
>> from third parties and keeping the domains owners' personal 
>> information secret". https://en.wikipedia.org/wiki/Domains_by_Proxy
>>
>> Is abuse at godaddy.com the only (legitimate) mechanism available to me?
>>
>> What does the domain status above mean?  That the status is 
>> unavailable to me?  Or something else?
>>
>>
>>
>>
>> On 3/8/23 1:36 PM, Bryan Borsa wrote:
>>> The Registry and Registrar should still be visible regardless of 
>>> domain registrant privacy settings.
>>>
>>>
>>>
>>>> On Mar 8, 2023, at 1:31 PM, Bruce Labitt 
>>>> <bruce.labitt at myfairpoint.net> wrote:
>>>>
>>>> I did a whois, and due to privacy cr*p, there's no longer a way to get
>>>> to the registrants.  I can see why this might be, but it does make it
>>>> harder to report people
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20230308/6665eb36/attachment-0001.html

More information about the gnhlug-discuss mailing list