It should be noted that this technique is on the increase, legitimate
websites replicated under a similar domain name.. fake purchase, trying
to play off the legitimacy of others..
Takedowns are not only hard, but often expensive in time, effort, and
legal bills..
The IPs that list it, or allow it, and their operators are crucial to
the defense.. and providers that do not address it in a timely manner,
will of course risk reputation issues.
On the other hand, the provider can't just simply believe every report
of 'that site is a forgery'..
This problem is only expected to escalate.
We often see this now among spammers, who put up fake pages to attempt
to add legitimacy.. including contact information, maps etc.. to the
real owner's information.
I personally don't think this problem is totally solveable..
But your issue is a little simpler.. report the sending IP address to
your favourite RBL or malware service.. with the sample.. However,
these spammer who use typosquatting, or recently expired domains,
usually have such a 'brief' run before being taken down or blocked..
often by the time you report it, they have already stopped..
On 2026-02-18 09:05, Anael MOBILIA via mailop wrote:
Hello Mailop,
I have been informed of a fraudulent domain (typosquatting) sending
phishing emails (bank account changes, invoices collection, ...).
I've taken standard steps to take down this domain (hosting abuse,
registrar abuse, Google Safe Browsing listing, ICANN UDRP).
Since each of these actions can be time-consuming, I want to ensure that
any new malicious email sent, during this time, from this domain, could
be detected as spam...
Members of this mailing list usually share best practices for unblocking
emails. This time, I'm looking for effective methods to help blocking
fraudulent emails...! :-)
Do you have any advice or experiences to share on this topic?
Thanks,
Anael
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
