The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block .pw TLD within exim

Discussion in 'E-mail Discussions' started by GuntherR, May 12, 2013.

  1. GuntherR

    GuntherR Member

    Joined:
    Nov 16, 2009
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    So far about 100% of the emails coming from .pw domains are spam emails. Every day I sent a bunch of .pw spam domain names to abuse at registry.pw. They keep blocking the domain names (at least that's what they say), but I am feed up with the daily flood and would like to block ALL .pw domain names within exim.

    I searched the forum and found a few posts regarding this, but nobody really provided a solution I could install on my cPanel/WHM server.

    Found this post but I am not sure how to follow the instructions and it seems I am not the only one.

    Any help regarding blocking a TLD within exim using WHM would be appreciated.

    Thanks!
     
  2. donesh

    donesh Registered
    PartnerNOC

    Joined:
    May 13, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Hello Gunther,

    My name is Donesh Laher, and I am working as a Cyber Security Analyst at .PW Registry.

    We are aware about the recent spam outbreak from .pw domain names and are taking stringent actions against the domain names.

    As I am checking our system, we have received emails from your end, from email address [personal e-mail address redacted] and we have taken down the domain names that you have reported us till date.

    We request you to keep on reporting us such spam emails by sending an email on abuse@registry.com and CC to abuse.alert@registry.pw.

    We assure you that actions will be taken on all the reported domain names within 24 - 48 hours.

    Regards

    Donesh Laher
    Cyber Security Analyst
    .PW Registry
     
    #2 donesh, May 13, 2013
    Last edited by a moderator: May 13, 2013
  3. donesh

    donesh Registered
    PartnerNOC

    Joined:
    May 13, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Hello All,

    Ever since the spam outbreak on .pw, we as the Registry have spent the past month and a half by undertaking a massive cleanup initiative. We have not waited for the Registrars to investigate and respond to complaints; rather we have ourselves taken down domain names which have proven to be abusive. While most of the forums have attributed rock bottom prices to be the sole reason for this outbreak, our investigations prove otherwise.

    Our abuse desk has been kept busy with large volumes of complaints against .pw domains, each being responded within the time frame of 24 hours (and in most cases within a matter of few hours). The team has successfully traced the source of these spammy domains to customers under a single Registrar account. This means that more than pricing, this attack manifests itself as an activity carried out by an organized group of spammers targeting one particular Registrar portfolio. Over 95% of the spam mails have been perpetrated through this single Registrar. To curb this abuse, we have considered to respond and taken down reported domain names belonging to this Registrar.

    In order to control this incident, we have tightened the nooze around other Registrars as well, thus implying the repercussions of our AUP violation (which we have been very particular about). In addition to our reactive techniques, we have also been eliminating abusive domains name at the registration phase by using pattern matching and anomaly based methods. This approach has proven to be very effective and has successfully eliminated 20-30% of domain names which are likely to be used for illicit activities.

    In addition, to responding to complaints from individual internet users, the .pw Registry has been working closing with anti-abuse entities such as Symantec ,Spamhaus and SURBL. We have also tied up with NameSentry to beef up our abuse monitoring process. Being a Registry, we have access to very limited information as compared to a Registrar. Yet we have managed to weed out and terminate abusive domain names more proactively, compared to other Registries out there.

    Last but not the least, we would like to thank each and everyone who have criticized, appreciated or raised concerns in our effort to curb the abuse. In order to assist us with our efforts, we request you to update us with your complaints at abuse@registry.pw.

    Regards
    Donesh Laher
    Cyber Security Analyst
    .PW Registry
     
  4. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page