Re: .pw / Palau URL domains in spam

Hello All, Firstly, I would like to thank you all for helping us fight against this massive spam outbreak. Let me give you a quick feedback about this issue and our mitigation policies to curb the spam outbreak. Ever since the spam outbreak on .pw, we as the Registry have spent the past month and

Re: .pw / Palau URL domains in spam

>well, I do not know anybody at Palau and so have no real need to exchange >mails, but I >feel that this attitude seems somewhat drastic. The .PW domain isn't really a country domain. It's being sold as a fake generic domain by Directi, an Indian registrar who has never been able to manage abuse

Re: .pw / Palau URL domains in spam

>> >> >> On 5/7/2013 11:02 PM, Steve Prior wrote: >> > On 5/7/2013 1:44 AM, Benny Pedersen wrote: >> >> Chris Santerre skrev den 2013-05-06 17:27: >> >>> 10 days and still being abused badly. Recommending for everyone to >> >>> just refuse any .pw >> >> >> >> time for spamhaus ? :=) >> >> >> >>>

Re: .pw / Palau URL domains in spam

On 5/7/2013 11:02 PM, Steve Prior wrote: > On 5/7/2013 1:44 AM, Benny Pedersen wrote: >> Chris Santerre skrev den 2013-05-06 17:27: >>> 10 days and still being abused badly. Recommending for everyone to >>> just refuse any .pw >> >> time for spamhaus ? :=) >> >>> for those wanting an SA rule, her

Re: .pw / Palau URL domains in spam

Jason Haar skrev den 2013-05-09 09:43: On 09/05/13 17:38, Benny Pedersen wrote: hope its not needed to do same with urls We're received spam with non-.pw headers but .pw urls. I'm blocking (ie scoring high) anything with .pw/ urls at the moment - it's so bad :-( sorry i did not see this befo

Re: .pw / Palau URL domains in spam

On 09/05/13 17:38, Benny Pedersen wrote: > > hope its not needed to do same with urls > We're received spam with non-.pw headers but .pw urls. I'm blocking (ie scoring high) anything with .pw/ urls at the moment - it's so bad :-( -- Cheers Jason Haar Information Security Manager, Trimble Naviga

Re: .pw / Palau URL domains in spam

Michael Orlitzky skrev den 2013-05-08 17:24: (replying randomly in the thread) We've been getting complaints about these, so while I don't like to target a TLD indiscriminately, I think I'd like to add a few points to mail from *.pw for a couple of months until things clear up. What's the cor

Re: .pw / Palau URL domains in spam

Karsten Bräckelmann skrev den 2013-05-08 01:03: Reporting abuse of a domain specifically registered with the clear intention to spam, to the very domain's abuse@ address, is pointless. It's like letting the spammers know you've read it... that is correct if pw domains using there own mailserve

Re: .pw / Palau URL domains in spam

Steve Prior skrev den 2013-05-08 05:02: Problem went away completely, sorry Palau. postmap -q localpw.org hash:/path/to/map it should not reject that one :) bind9 rpz zone will be better solution, *.pw.rpz.localhost cname . and then follow it with bind9 guide on setup the rpz in bind its n

Re: .pw / Palau URL domains in spam

Hypotheticians might want to look at jwhois, which is a caching whois client. Cache expiration time is configurable ... On 05/08/2013 06:45 AM, Chris Santerre wrote: > RE: .pw / Palau URL domains in spam > > Hypothetically if one were running a reputation system and didn't want >

RE: .pw / Palau URL domains in spam

o:mich...@orlitzky.com] > Sent: 2013-05-08 11:24 > To: users@spamassassin.apache.org > Subject: Re: .pw / Palau URL domains in spam > > > (replying randomly in the thread) > > We've been getting complaints about these, so while I don't like to > target a TLD indi

Re: .pw / Palau URL domains in spam

(replying randomly in the thread) We've been getting complaints about these, so while I don't like to target a TLD indiscriminately, I think I'd like to add a few points to mail from *.pw for a couple of months until things clear up. What's the correct way to do this? A regexp on the from/return-

Re: .pw / Palau URL domains in spam

On 5/7/2013 7:03 PM, Karsten Bräckelmann wrote: On Sun, 2013-05-05 at 22:49 +0200, Benny Pedersen wrote: John Hardin skrev den 2013-05-05 22:44: We request you to report the domain names at abuse.alert @registry.pw and also cc the same mail to abuse.alert @directi.com. why does abuse @any-send

RE: .pw / Palau URL domains in spam

-07 23:02 > To: users@spamassassin.apache.org > Subject: Re: .pw / Palau URL domains in spam > *snip* > > I blocked everything from TLD pw at the Postfix level so the > email gets rejected > without ever hitting spamassassin. *snip* > Problem went away completely, sorry Palau. > > Steve >

Re: .pw / Palau URL domains in spam

On 5/7/2013 1:44 AM, Benny Pedersen wrote: Chris Santerre skrev den 2013-05-06 17:27: 10 days and still being abused badly. Recommending for everyone to just refuse any .pw time for spamhaus ? :=) for those wanting an SA rule, here: header PW_IS_BAD_TLD From =~ /.pwb/ describe PW_IS_BAD_TLD

Re: .pw / Palau URL domains in spam

On Sun, 2013-05-05 at 22:49 +0200, Benny Pedersen wrote: > John Hardin skrev den 2013-05-05 22:44: > > > > We request you to report the domain names at abuse.alert @registry.pw > > > > and > > > > also cc the same mail to abuse.alert @directi.com. > > > > > > why does abuse @any-sender-domain.pw

Re: .pw / Palau URL domains in spam

>>> On 5/7/2013 at 2:01 AM, Benny Pedersen wrote: > Joe Acquisto-j4 skrev den 2013-05-06 22:16: >> And how, exactly, is a sender to determine someone read an email one >> has sent? > > there was something last year that was called rfc-ignorant.org :) > > if one of there listed domains wanted to

Re: .pw / Palau URL domains in spam

Joe Acquisto-j4 skrev den 2013-05-06 22:16: And how, exactly, is a sender to determine someone read an email one has sent? there was something last year that was called rfc-ignorant.org :) if one of there listed domains wanted to be unlisted thay must reply to a link sent to ab...@listed.exam

Re: .pw / Palau URL domains in spam

John Hardin skrev den 2013-05-06 18:08: Sorry, I was assuming that abuse-alert@ was being offered *instead of* rather than in addition to abuse@ no need to sorry, there is alot of admins that assume the same, only rule is to start with abuse@ If there is a working abuse@ address that *isn'

Re: .pw / Palau URL domains in spam

Neil Schwartzman skrev den 2013-05-06 14:58: Disagreed. So long as abuse@ is working, the domain is compliant with RFCs. There is nothing wrong with having an alternate address, particularly since abuse@ tends to garner a ton of spam. problem is to know what email to "spam" abuse reports to, n

RE: .pw / Palau URL domains in spam

Chris Santerre skrev den 2013-05-06 17:27: 10 days and still being abused badly. Recommending for everyone to just refuse any .pw time for spamhaus ? :=) for those wanting an SA rule, here: header PW_IS_BAD_TLD From =~ /.pwb/ describe PW_IS_BAD_TLD PW TLD ABUSE score PW_IS_BAD_TLD 3 here i

Re: .pw / Palau URL domains in spam

On 06.05.13 16:16, Joe Acquisto-j4 wrote: And how, exactly, is a sender to determine someone read an email one has sent? Seems to me, the best one can do is be satisfied with no DSN. That's why I wrote "if it's visibly ignored, trashed, dropped" (according to old explanation of D.J.Balling in

Re: .pw / Palau URL domains in spam

And how, exactly, is a sender to determine someone read an email one has sent? Seems to me, the best one can do is be satisfied with no DSN. joe a. . Chiming in here, the 'abstract' of the same RFC clearly states: This specification enumerates and describes Internet mail addresses (m

Re: .pw / Palau URL domains in spam

Hello, We have an email address ab...@registry.pw in place. The mails sent on this email address will be processed within 24-48 hours, which is our SLA. However, if an email is sent on abuse.al...@registry.pw and abuse.al...@directi.com, it reaches to us directly on our mailboxes and it will be t

Re: .pw / Palau URL domains in spam

On 06-05-13 19:55, Neil Schwartzman wrote: > > > On May 6, 2013, at 10:39 AM, Matus UHLAR - fantomas > wrote: > >>> On May 6, 2013, at 9:08 AM, John Hardin >> > wrote: If there is a working abuse@ address that *isn't being ignored*, they

Re: .pw / Palau URL domains in spam

On May 6, 2013, at 10:39 AM, Matus UHLAR - fantomas wrote: >> On May 6, 2013, at 9:08 AM, John Hardin wrote: >>> If there is a working abuse@ address that *isn't being ignored*, they're >>> compliant. > > On 06.05.13 09:55, Neil Schwartzman wrote: >> heh, i don't think 'don't ignore' is part

Re: .pw / Palau URL domains in spam

On May 6, 2013, at 9:08 AM, John Hardin wrote: If there is a working abuse@ address that *isn't being ignored*, they're compliant. On 06.05.13 09:55, Neil Schwartzman wrote: heh, i don't think 'don't ignore' is part of the RFC, but yeah. well, if it clearly is not working, it's not complian

Re: .pw / Palau URL domains in spam

heh, i don't think 'don't ignore' is part of the RFC, but yeah. On May 6, 2013, at 9:08 AM, John Hardin wrote: > If there is a working abuse@ address that *isn't being ignored*, they're > compliant.

Re: .pw / Palau URL domains in spam

On Mon, 6 May 2013, Neil Schwartzman wrote: On May 5, 2013, at 7:04 PM, John Hardin wrote: On Sun, 5 May 2013, Benny Pedersen wrote: John Hardin skrev den 2013-05-05 22:44: abuse-alert on any domain is not rfc compliant Agreed. Disagreed. So long as abuse@ is working, the domain is com

RE: .pw / Palau URL domains in spam

10 days and still being abused badly. Recommending for everyone to just refuse any .pw for those wanting an SA rule, here: header PW_IS_BAD_TLDFrom =~ /\.pw\b/ describe PW_IS_BAD_TLDPW TLD ABUSE score PW_IS_BAD_TLD3 Change score to whatever you want. Enjoy. --Chris

Re: .pw / Palau URL domains in spam

On May 5, 2013, at 7:04 PM, John Hardin wrote: > On Sun, 5 May 2013, Benny Pedersen wrote: > >> John Hardin skrev den 2013-05-05 22:44: >> >> abuse-alert on any domain is not rfc compliant > > Agreed. Disagreed. So long as abuse@ is working, the domain is compliant with RFCs. There is noth

Re: .pw / Palau URL domains in spam

On Sun, 5 May 2013, Benny Pedersen wrote: John Hardin skrev den 2013-05-05 22:44: > > We request you to report the domain names at abuse.al...@registry.pw > > and > > also cc the same mail to abuse.al...@directi.com. > why does ab...@any-sender-domain.pw not work ? Because that's the r

Re: .pw / Palau URL domains in spam

John Hardin skrev den 2013-05-05 22:44: We request you to report the domain names at abuse.al...@registry.pw and also cc the same mail to abuse.al...@directi.com. why does ab...@any-sender-domain.pw not work ? Because that's the responsibility of the domain owner, not the registrar. abuse

Re: .pw / Palau URL domains in spam

doneshlaher skrev den 2013-05-05 22:23: Can you please provide with the email address by adding spaces to it. As I can only see [hidden email], in place of the actual email. napple problems is not my problem Authentication-Results: duggi.junc.org/BB74625C041; dmarc=none header.from=directi.

Re: .pw / Palau URL domains in spam

On Sun, 5 May 2013, Benny Pedersen wrote: doneshlaher skrev den 2013-05-05 18:58: We request you to report the domain names at abuse.al...@registry.pw and also cc the same mail to abuse.al...@directi.com. why does ab...@any-sender-domain.pw not work ? Because that's the responsibility of

Re: .pw / Palau URL domains in spam

Hello Benny, Can you please provide with the email address by adding spaces to it. As I can only see [hidden email], in place of the actual email. Thanks Regards Donesh Laher Cyber Security Analyst .PW Registry -- View this message in context: http://spamassassin.1065346.n5.nabble.com/pw-

Re: .pw / Palau URL domains in spam

doneshlaher skrev den 2013-05-05 18:58: We request you to report the domain names at abuse.al...@registry.pw and also cc the same mail to abuse.al...@directi.com. why does ab...@any-sender-domain.pw not work ? -- senders that put my email into body content will deliver it to my own trashcan

Re: .pw / Palau URL domains in spam

Hello Axb, The domain will be on ServerHold. A status of ServerHold will be displayed in whois. Regards Donesh Laher Cyber Security Analyst .PW Registry -- View this message in context: http://spamassassin.1065346.n5.nabble.com/pw-Palau-URL-domains-in-spam-tp104383p104552.html Sent from th

Re: .pw / Palau URL domains in spam

On 05/05/2013 06:55 PM, doneshlaher wrote: Hello Axb, All the domain names provided in the pastebin link have been suspended. In the case of "suspended" domains you mention, what should whois look like? Please post an example.

Re: .pw / Palau URL domains in spam

Hey Dave, It would be great if you provide us with the email headers also. As it would act as an evidence for us and for the registrar too. Thanks Regards Donesh Laher Cyber Security Analyst .PW Registry -- View this message in context: http://spamassassin.1065346.n5.nabble.com/pw-Palau-U

Re: .pw / Palau URL domains in spam

Donesh, Thanks for your prompt response. Do you just want the domain names or do you also want copies of the spam? Dave On Sun, 5 May 2013, doneshlaher wrote: Hello Dave Funk, Thank you for providing us with the list of domain names. We are acting on them and will be taken down within 24/48

Re: .pw / Palau URL domains in spam

Hello Dave Funk, Thank you for providing us with the list of domain names. We are acting on them and will be taken down within 24/48 hours. We request you to report the domain names at abuse.al...@registry.pw and also cc the same mail to abuse.al...@directi.com. Regards Donesh Laher Cyber Secur

Re: .pw / Palau URL domains in spam

Hello Axb, All the domain names provided in the pastebin link have been suspended. We request you to report as much domain names as possible, which are involved in spamming or any other abusive activities and I assure you that we will take them down within 24 - 48 hours. Regards Donesh Laher Cyb

Re: .pw / Palau URL domains in spam

On Wed, 1 May 2013, doneshlaher wrote: Hello Axb, Thank you for providing with the domain names. We will be suspending all these reported domain names. However, in the mean time may i know what kind of spams have been received ?? also can you please forward us the email headers of few of the r

Re: .pw / Palau URL domains in spam

On 05/01/2013 03:15 PM, Axb wrote: On 05/01/2013 03:02 PM, Kevin A. McGrail wrote: On 5/1/2013 8:17 AM, Axb wrote: On 05/01/2013 01:24 PM, doneshlaher wrote: Hello All, I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse Team at .PW Registry. We are aware of the recent spam

RE: .pw / Palau URL domains in spam

> Date: Wed, 1 May 2013 16:34:48 +0200 > From: axb.li...@gmail.com > To: users@spamassassin.apache.org > Subject: Re: .pw / Palau URL domains in spam > > On 05/01/2013 04:28 PM, hospice admin wrote: > > I don't care what some folks are saying about .pw, compared

Re: .pw / Palau URL domains in spam

On 05/01/2013 05:25 PM, John Levine wrote: Nominet is a registrar No, Nominet is THE .co.uk registry R's, John thanks for the correction. Still - fixing after abuse is putting us back 10 years.

Re: .pw / Palau URL domains in spam

> Kindly report all the complaints at abuse.al...@registry.pw and CC to > abuse.al...@directi.com. Hmmn. Is there some reason you don't take abuse reports at ab...@registry.pw and at cont...@registry.pw, which is the only address on the web site? Remember, everyone who sends you an abuse repor

Re: .pw / Palau URL domains in spam

>Nominet is a registrar No, Nominet is THE .co.uk registry R's, John >Directi is acting as THE .pw registry

Re: .pw / Palau URL domains in spam

On 05/01/2013 04:28 PM, hospice admin wrote: I don't care what some folks are saying about .pw, compared to Nominet they totally rock. When was the last time anyone saw Nominet suspend a .UK spammer? Judy You miss the point. Nominet is a registrar Directi is acting as THE .pw registry Registr

RE: .pw / Palau URL domains in spam

I don't care what some folks are saying about .pw, compared to Nominet they totally rock. When was the last time anyone saw Nominet suspend a .UK spammer? Judy > Date: Wed, 1 May 2013 06:58:41 -0700 > From: dones...@directi.com > To: users@spamassassin.apache.org > Subject: Re

Re: .pw / Palau URL domains in spam

On 5/1/2013 9:58 AM, doneshlaher wrote: Dear Kevin A. McGrail, Thank you very much for reporting the domain names. We have suspended all the reported 13 domain names. And that's good to hear and I applaud you for reaching out to the mailing list about this issue. And as a consumer, I like che

Re: .pw / Palau URL domains in spam

On 05/01/2013 04:06 PM, doneshlaher wrote: Hello Axb, Thank you for providing with the domain names. We will be suspending all these reported domain names. However, in the mean time may i know what kind of spams have been received ?? snowshoe / pillz / you name it also can you please forwar

Re: .pw / Palau URL domains in spam

Hello Axb, Thank you for providing with the domain names. We will be suspending all these reported domain names. However, in the mean time may i know what kind of spams have been received ?? also can you please forward us the email headers of few of the reported domain names. This would help u

Re: .pw / Palau URL domains in spam

Dear Kevin A. McGrail, Thank you very much for reporting the domain names. We have suspended all the reported 13 domain names. Regards Donesh Laher Cyber Security Analyst .PW Registry -- View this message in context: http://spamassassin.1065346.n5.nabble.com/pw-Palau-URL-domains-in-spam-tp10

Re: .pw / Palau URL domains in spam

Hello Axb, The whois information can be fetched from multiple public whois websites. Below are the whois websites from where whois can be fetched. www.registry.pw/whois www.drwhois.com www.who.is www.port43.com and many more. However, if any particular whois website is not fetching the whois inf

Re: .pw / Palau URL domains in spam

On 05/01/2013 03:11 PM, Kevin A. McGrail wrote: I recommend not blaming them for having a low priced product that spammers are abusing. Seems to me a bit like blaming the victim. To me, it sounds like they are trying to get a handle on the outbreak and better than many other registrars out th

Re: .pw / Palau URL domains in spam

On 05/01/2013 03:02 PM, Kevin A. McGrail wrote: On 5/1/2013 8:17 AM, Axb wrote: On 05/01/2013 01:24 PM, doneshlaher wrote: Hello All, I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse Team at .PW Registry. We are aware of the recent spam outbreak from the .PW domain names

Re: .pw / Palau URL domains in spam

On 5/1/2013 7:41 AM, Axb wrote: On 05/01/2013 01:24 PM, doneshlaher wrote: Hello All, I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse Team at .PW Registry. We are aware of the recent spam outbreak from the .PW domain names and have already started taking actions agains

Re: .pw / Palau URL domains in spam

On 5/1/2013 8:17 AM, Axb wrote: On 05/01/2013 01:24 PM, doneshlaher wrote: Hello All, I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse Team at .PW Registry. We are aware of the recent spam outbreak from the .PW domain names and have already started taking actions agains

Re: .pw / Palau URL domains in spam

On 05/01/2013 01:24 PM, doneshlaher wrote: Hello All, I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse Team at .PW Registry. We are aware of the recent spam outbreak from the .PW domain names and have already started taking actions against the abusive domain names that have

Re: .pw / Palau URL domains in spam

On 05/01/2013 01:24 PM, doneshlaher wrote: Hello All, I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse Team at .PW Registry. We are aware of the recent spam outbreak from the .PW domain names and have already started taking actions against the abusive domain names that have

Re: .pw / Palau URL domains in spam

Hello All, I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse Team at .PW Registry. We are aware of the recent spam outbreak from the .PW domain names and have already started taking actions against the abusive domain names that have been reported to us. We request you all to

Re: .pw / Palau URL domains in spam

In article <517f122c.3050...@trimble.com> you write: >I agree. We've seen a huge increase in ".pw" email - 100% spam > >I see one antispam vendor is telling its customers to just block >anything containing .pw references - I'm rapidly warming to the idea... You can report them to ab...@registry.pw

Re: .pw / Palau URL domains in spam

I agree. We've seen a huge increase in ".pw" email - 100% spam I see one antispam vendor is telling its customers to just block anything containing .pw references - I'm rapidly warming to the idea... http://www.fortantispam.com/top-level-pw-domain-source-of-spam-outbreak/ -- Cheers Jason Haar

Re: .pw / Palau URL domains in spam

On 04/26/2013 05:56 PM, Axb wrote: @home I'm not expecting mail with Palau URIs if (version >= 3.004000) blacklist_uri_host pw endif Maybe old news: Directi to relaunch .pw as an open TLD http://domainincite.com/10705-directi-to-relaunch-pw-as-an-open-tld Directi involved? nuff said.