On July 1, 2019 5:44:37 AM PDT, micah anderson <mi...@riseup.net> wrote:
>Grant Taylor <gtay...@tnetconsulting.net> writes:
>
>>> A very large number (nearly all, in fact) of the spams I receive
>these
>>> days involve domains registered with Namecheap. I've received
>hundreds
>>> of spams involving .icu domains from what appear to be the same
>spammer.
>>> I also receive a large number of scams impersonating Bitmain, again
>>> using domains involving Namecheap.
>>
>> Is Namecheap just the registrar? Or are they also hosting the DNS
>service?
>
>As a Namecheap customer, you are making me want to move. That is good,
>but its also something you should consider, before you block the entire
>registrar: there are a significant number of non-spamming Namecheap
>customers that you would be cutting off if you did this. I understand
>you want to put pressure on Namecheap, but the flip side of that is you
>will be cutting yourself off from those domains in the process.
Like all SA rules, registrar would be just one of many signals, so Namecheap
customers would only be cut off if their emails or IPs seem spammy in other
ways. And there's always the option of registering with dnswl.org.
>>> While Namecheap does suspend at least some domains within days of
>their
>>> being used in a campaign, it's clear that these are being treated as
>
>>> single-use domains, so this has very little impact on the spammers.
>
>This sounds like Fast Flux - and it is not something that happens only
>on Namecheap.
>
>> I think there are also lists of domains that have been recently
>> registered. Which might help if the single use domains were recently
>
>> registered.
>
>Having such a list would be very helpful for dealing with fast flux.
SA already has this. It used fresh.fmb.la to detect domains registered within
the past couple of weeks.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
