We're getting a rash of spam that doesn't score high enough to be blocked. In the past I've looked up the domain owner of the site listed in the spam and been able to identify sometimes dozens of domains owned by the spammer, then I've put that list into a filter and blocked the domains before they were all used in new spam sent to us.
I did a whois on some of the domains and they all show as available and unregistered. Yet when I go to the domain, it does take me to the spammers site. How can these domains be functional and show as available to be registered at the same time? Below is a paste of one of the spams. I added 3 additional domains that have appeared in this same asshole's spam so that you can see the pattern of domains he is using. How do I block these? Dave X-Note: ======================================== X-Note: Spam Score: [18] X-Note: Scan Time: 16:47:18 on 06 Sep 2007 X-Note: Spool File: 35111367.eml X-Note: Server Name: dsl88-233-31730.ttnet.net.tr X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Reverse DNS & IP: dsl88-233-31730.ttnet.net.tr [88.233.123.242] X-Note: Country Chain: TURKEY->destination X-Note: Failed Weights: SORBS-WEB [5], FIVETENSRC [4], HELOBOGUS [5], SPFUNKNOWN [1], Filter_Country [8], WEIGHT10 [10], WEIGHT14 [14] X-Note: ======================================== -----Original Message----- From: Tam Genois [mailto:[EMAIL PROTECTED] Sent: Thursday, September 06, 2007 1:15 PM Subject: [SPAM]- Score (12)tuile How it is going Genois Do you want to have an average to small penis all of your life? No, you don't dae Hays http://soltepec.com/ http://selenan.com/ http://www.seriia.com/ http://www.sdsdm.com/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.