cancel
Showing results for 
Search instead for 
Did you mean: 

Free new domain - NEW SPAM

smillie-world
Grafter
Posts: 62
Registered: 30-07-2007

Free new domain - NEW SPAM

I'm slightly concerned. I registered my free new domain just before the weekend. Yesterday I sent a test e-mail to my new domain. I used my Google mail account (spam free I will add), and sent the e-mail to the new domain e-mail account, i.e. test@newdomain.co.uk. Test is not a configured mailbox, and was caught by the catchall address.

As yet I have not used the new domain e-mail address anywhere, I've not registered with any website, not added it to an address book, not sent from it, etc. I've sent one test e-mail to it.

Today I've received a spam mail to my new domain e-mail. It has a prefix (i.e. before the @ symbol) that I have never used.

Clearly after the recent security issue PlusNet has suffered, I'm concerned that somehow this could be related or yet another security hole (sorry PlusNet I don't want to blame you, but I'm a little cynical and paranoid, especially as throughout my entire membership to PlusNet I had remained spam free until recently).

If I need to raise a ticket so be it, or if it would be best to forward this mail on somewhere let me know.

Obviously I could have been unlucky enough to register a domain that was once heavily spammed - is there a way to tell? If this is the case, what now? I registered the new domain to get away from the spam, not sign up for more.
11 REPLIES
N/A

Free new domain - NEW SPAM

Was it postmaster or webmaster before the @ symbol

These are common targets for spam since most domains have a webmaster and technically postmaster is a required address for a domain.

If you'd like me to take a look at the mail for you, drop me a PM and I'll give you an email address you can send the mail to and I'll see if I can help you out.

Steve
smillie-world
Grafter
Posts: 62
Registered: 30-07-2007

Free new domain - NEW SPAM

No, it was lea@newdoamin.co.uk. And it wasn't even flagged by PlusNet's spam catcher, and Outlook's junk mail filter didn't catch it either (which is usually very good).
salts
Grafter
Posts: 64
Registered: 04-08-2007

Free new domain - NEW SPAM

I also got some spam to my new domain, but it looks like it was to a mailbox of the previous registrant. Fortunately they don't have the same name as me (now that would have been bad luck), so I could block it.

Is your domain likely to have been registered before?
smillie-world
Grafter
Posts: 62
Registered: 30-07-2007

Free new domain - NEW SPAM

Well when doing some research for my domain, such as searching for it in Google, i.e. newdomain.co.uk only two sites were listed, one supposedly selling it and one had it on a massive extensive list of domain names. The site selling it had said it had been available since 2005.
N/A

Free new domain - NEW SPAM

Quote
No, it was lea@newdoamin.co.uk. And it wasn't even flagged by PlusNet's spam catcher, and Outlook's junk mail filter didn't catch it either (which is usually very good).


Search google for you new domain (including google groups) and you might find that the email address in question has been published somewhere by the previous owner.

Steve
smillie-world
Grafter
Posts: 62
Registered: 30-07-2007

Free new domain - NEW SPAM

Searched for the specific e-mail address used, and Google hasn't found it. See my previous post for the results of the domain search.
N/A

Free new domain - NEW SPAM

Would you like to post the headers (obfuscate anything you don't want to get out in the open)

Steve
smillie-world
Grafter
Posts: 62
Registered: 30-07-2007

Free new domain - NEW SPAM

Here goes, the from address appears to be spoofed.

Header:

Envelope-to: lea@newdomain.co.uk

Delivery-date: Wed, 11 Jul 2007 13:45:16 +0000
Received: by pih-sunmxcore10.plus.net with spam-scanned (PlusNet MXCore v2.00) id 1I8cVG-0004NV-0O
for lea@newdomain.co.uk; Wed, 11 Jul 2007 13:45:15 +0000
X-Daemon-Classification: INNOCENT
Received: from ics130-125.icsincorporated.com ([69.5.130.125])
by pih-sunmxcore10.plus.net with smtp (PlusNet MXCore v2.00) id 1I8cVE-0003uP-Vo
for lea@newdomain.co.uk; Wed, 11 Jul 2007 13:45:13 +0000
Received: from wy.har ([177.167.210.106]) by ics130-125.icsincorporated.com with Microsoft SMTPSVC(6.0.3790.0); Wed, 11 Jul 2007 08:50:39 -0500
Message-ID: <003001c7c3c2$77426460$6ad2a7b1@wy.har>
From: "Robbie Parks" <bdo@atcopower.com>
To: <lea@newdomain.co.uk>
Subject: High Income JOB! $2000/week
Date: Wed, 11 Jul 2007 08:50:39 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="Windows-1252";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Jul 11 13:45:15 2007
X-DSPAM-Confidence: 0.6593
X-DSPAM-Improbability: 1 in 194 chance of being spam
X-DSPAM-Probability: 0.0000
X-DSPAM-Factors: 27,
Received*39+0500, 0.01000,
From*"Robbie, 0.99000,
Received*50+39, 0.03869,
Received*0500, 0.04082,
Received*08+50, 0.06967,
Received*50, 0.09676,
Date*11+Jul, 0.12154,
Received*39, 0.12783,
Url*money, 0.19452,
Needed!, 0.80099,
Date*0500, 0.20510,
Url*net/, 0.20764,
X-PN-VirusFiltered*MXCore+(v4.00), 0.78901,
X-PN-VirusFiltered*(v4.00), 0.78901,
Received*smtp+(PlusNet, 0.21489,
Received*with+Microsoft, 0.22074,
Received*Microsoft, 0.22074,
Received*11, 0.22793,
Received*11, 0.22793,
Received*11+Jul, 0.24026,
Received*11+Jul, 0.24026,
Date*50, 0.25803,
X-Mailer*5.50.4133.2400, 0.26120,
X-Mailer*Express+5.50.4133.2400, 0.26120,
Date*11, 0.26489,
Received*13, 0.27527,
X-PN-VirusFiltered*by+PlusNet, 0.27561


Content of mail:

No Experience Needed!


http://www.fi-money.net/


--
This email has been verified as Virus free Virus Protection and more available at http://www.plus.net

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.10.2/894 - Release Date: 10/07/2007 17:44



I've replaced my domain with "newdomain".

Are all the X-DSPAM entries PlusNet or MS? I'm guessing PlusNet.
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Free new domain - NEW SPAM

There are a couple of sites that track domain history, this is one:

http://domain-history.domaintools.com/

I can't remember the other off hand. Worth a check to see if it has any records showing prior to your registration.

I just registered a domain that had been registered before and while it's not getting spam it was getting a couple of newsletters from 888.com.
smillie-world
Grafter
Posts: 62
Registered: 30-07-2007

Free new domain - NEW SPAM

Thanks for that.

I've tried, newdomain, newdomain.co.uk and www.newdomain.co.uk, all report no history.

It has given me a thought though, I've just tried searching in www.archive.org and there is one page listed, dating back to 24 May 2005. It looks like one of those domain holding pages that list stuff you have done a search for.

If necessary I can PM my domain name if it will help.
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Free new domain - NEW SPAM

Still can't remember the other I'm thinking of, I'll keep trying to remember, another check though is this

http://www.archive.org/index.php

If the domain had a website it may have been archived there.