Our article yesterday about a serial spammer using dozens of XYZ domains, coincided with action by the XYZ Registry to shut them down.
Despite the considerable amount of spam dispatched by the spammer, the XYZ Registry maintains an abuse mitigation system for such cases.
Shayan Rostam, Global Director of Registry Operations for the XYZ Registry sent us this update:
“We are 100% on top of spam/abusive registrations in our zone.
We’ve gone above and beyond the calling of a registry operator by creating our own proprietary abuse mitigation system that proactively flags and suspends suspicious domains based on feeds we receive from the most respected sources online, such as Google, SURBL, and Spamhaus, among many others – adding 60+ more in the next couple weeks.”
Rostam mentioned that the domains in our coverage were already in a queue to be acted upon.
He also provided some statistical information about this serial spammer:
- 152 total domains registered.
- 50 had been suspended before yesterday, with the sponsoring registrar notified.
- Of the 102 still active, 72 were automatically flagged in the XYZ abuse system earlier, pending suspension.
- 30 remaining were yet to be discovered by the XYZ abuse system.
Due to the registration patterns of the abusive spammer, the remaining domains were suspended as well.
This is great news, however in the course of just two days, hundreds of emails were sent out, and the spammer continues to register fresh domains – here are a few registered today:
- Tattin.xyz
- Matternel.xyz
- Lavilet.xyz
The serial spammer’s info, as displayed by the WHOIS of these names:
Registrant Name: Admin Manager
Registrant Organization: Demographic Ads, Inc.
Registrant Street: 109 E. 17th St.
Registrant Street: Suite #4552
Registrant City: Cheyenne
Registrant State/Province: WY
Registrant Postal Code: 82001
Registrant Country: US
Registrant Phone: +1.3076382842
Registrant Phone Ext:
Registrant Fax: +1.3076382843
Registrant Fax Ext:
Registrant Email: admin@maviler.work
The domain name Maviler.work has been sending spam from dot .Work domains in recent weeks. Its administrative contact points to picksshutdown.com, a domain that has been blocked “for spam and abuse” by eNom.
We will continue to expose serial spammers and domain thieves; hopefully more domain registries will take a proactive approach to spam.
Copyright © 2024 DomainGang.com · All Rights Reserved.
Glad to see the registries taking control of this issue. Would like it if they would turn this info over to the FEDS, so they could really crack down on this. I personally have taken it a step farther. I have grey listing setup on my server which delays all incoming email for 5 minutes. After the first attempt I have a script that runs every 3 minutes and checks for any connections from what i consider rouge domains this includes .xyz .work .gq .click .space .biz .uy .democrat .science and many others. Any connections trying to send email from one of these domains instantly has is IP added to the firewall. If I see more than one IP from the same Class C block I add the entire class C to the firewall. Thus far I have eliminated 99% of spam from my server, and no complaints from clients not getting their emails. Its sad but unfortunately its the only way.
As a company, we receive around 40-50 “xyz” domain spams PER DAY and it’s been a huge issue for over a year now. I keep adding them to the blocked senders list but they keep making new ones. Incredible. Wish someone would do something about that for real.
adamantblack.xyz is one spam filled domain