I use a command line tool from www.whoisview.com that works well for both domains and IP blocks.
Occasionally I run into a domain that doesn't resolve, but when that happens I also have trouble from registrar sites like netsol and godaddy. www.freewho.com generally works well, though. Darin. ----- Original Message ----- From: "Colbeck, Andrew" <[EMAIL PROTECTED]> To: <declude.junkmail@declude.com> Sent: Thursday, September 06, 2007 7:40 PM Subject: RE: [Declude.JunkMail] Interesting Spam Well, the easy part is answering your question about the domains. Each of the payload domains was registered today, so whatever service you're using to look up the registrations is probably using a database at least a day behind. I use (for example) this site to my satisfaction: http://whois.domaintools.com/sdsdm.com Andrew. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dave Beckstrom > Sent: Thursday, September 06, 2007 3:07 PM > To: declude.junkmail@declude.com > Subject: [Declude.JunkMail] Interesting Spam > > We're getting a rash of spam that doesn't score high enough > to be blocked. > In the past I've looked up the domain owner of the site > listed in the spam > and been able to identify sometimes dozens of domains owned > by the spammer, > then I've put that list into a filter and blocked the domains > before they > were all used in new spam sent to us. > > I did a whois on some of the domains and they all show as > available and > unregistered. Yet when I go to the domain, it does take me > to the spammers > site. How can these domains be functional and show as available to be > registered at the same time? > > Below is a paste of one of the spams. I added 3 additional > domains that > have appeared in this same asshole's spam so that you can see > the pattern of > domains he is using. > > How do I block these? > > Dave > > > > X-Note: ======================================== > X-Note: Spam Score: [18] > X-Note: Scan Time: 16:47:18 on 06 Sep 2007 > X-Note: Spool File: 35111367.eml > X-Note: Server Name: dsl88-233-31730.ttnet.net.tr > X-Note: SMTP Sender: [EMAIL PROTECTED] > X-Note: Reverse DNS & IP: dsl88-233-31730.ttnet.net.tr > [88.233.123.242] > X-Note: Country Chain: TURKEY->destination > X-Note: Failed Weights: SORBS-WEB [5], FIVETENSRC [4], HELOBOGUS [5], > SPFUNKNOWN [1], Filter_Country [8], WEIGHT10 [10], WEIGHT14 [14] > X-Note: ======================================== > > > -----Original Message----- > From: Tam Genois [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 06, 2007 1:15 PM > Subject: [SPAM]- Score (12)tuile > > How it is going Genois > Do you want to have an average to small penis all of your > life? No, you > don't > > dae Hays > http://soltepec.com/ > http://selenan.com/ > http://www.seriia.com/ > http://www.sdsdm.com/ > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.