On 5/1/2013 7:41 AM, Axb wrote:
On 05/01/2013 01:24 PM, doneshlaher wrote:
Hello All,
I am Donesh Laher and I work as a Cyber Security Analyst in the Abuse
Team
at .PW Registry.
We are aware of the recent spam outbreak from the .PW domain names
and have
already started taking actions against the abusive domain names that
have
been reported to us.
We request you all to report us with the domain names which are
involved in
any abusive activities, along with an appropriate evidence for the same.
Where do we send the invoices for the time spent on reporting?
For $5.-/domain you've just burnt your "product" for good.
I recommend not blaming them for having a low priced product that
spammers are abusing. Seems to me a bit like blaming the victim.
To me, it sounds like they are trying to get a handle on the outbreak
and better than many other registrars out there.
However, Donesh, I would like to hear more about what you will be doing
to have senior people try and stop the abusers. Is anyone looking for
accounts that are abusing the system to shutdown, stolen credit card
patterns, 24-hour holds on domains going active, etc.?
I've got spam showing these .pw domains for example:
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=visiondealz.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=besthotdealz.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=azontick.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=simplyhotdealz.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=impactincredible.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=mynews.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=allmedia.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=simplymedia.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=amonsved.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=aweeck.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=specialzbay.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=tophotdealz.pw;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;
d=neathotdealz.pw;
I'd like some assurance my time is worth it to report these domains
because so far I haven't seen any collateral damage / False Positives to
blocking the entire .pw TLD.
Regards,
KAM
