Block .pw TLD within exim

GuntherR

Member
Nov 16, 2009
13
0
51
So far about 100% of the emails coming from .pw domains are spam emails. Every day I sent a bunch of .pw spam domain names to abuse at registry.pw. They keep blocking the domain names (at least that's what they say), but I am feed up with the daily flood and would like to block ALL .pw domain names within exim.

I searched the forum and found a few posts regarding this, but nobody really provided a solution I could install on my cPanel/WHM server.

Found this post but I am not sure how to follow the instructions and it seems I am not the only one.

Any help regarding blocking a TLD within exim using WHM would be appreciated.

Thanks!
 

donesh

Registered
PartnerNOC
May 13, 2013
2
0
1
cPanel Access Level
DataCenter Provider
Hello Gunther,

My name is Donesh Laher, and I am working as a Cyber Security Analyst at .PW Registry.

We are aware about the recent spam outbreak from .pw domain names and are taking stringent actions against the domain names.

As I am checking our system, we have received emails from your end, from email address [personal e-mail address redacted] and we have taken down the domain names that you have reported us till date.

We request you to keep on reporting us such spam emails by sending an email on [email protected] and CC to [email protected].

We assure you that actions will be taken on all the reported domain names within 24 - 48 hours.

Regards

Donesh Laher
Cyber Security Analyst
.PW Registry
 
Last edited by a moderator:

donesh

Registered
PartnerNOC
May 13, 2013
2
0
1
cPanel Access Level
DataCenter Provider
Hello All,

Ever since the spam outbreak on .pw, we as the Registry have spent the past month and a half by undertaking a massive cleanup initiative. We have not waited for the Registrars to investigate and respond to complaints; rather we have ourselves taken down domain names which have proven to be abusive. While most of the forums have attributed rock bottom prices to be the sole reason for this outbreak, our investigations prove otherwise.

Our abuse desk has been kept busy with large volumes of complaints against .pw domains, each being responded within the time frame of 24 hours (and in most cases within a matter of few hours). The team has successfully traced the source of these spammy domains to customers under a single Registrar account. This means that more than pricing, this attack manifests itself as an activity carried out by an organized group of spammers targeting one particular Registrar portfolio. Over 95% of the spam mails have been perpetrated through this single Registrar. To curb this abuse, we have considered to respond and taken down reported domain names belonging to this Registrar.

In order to control this incident, we have tightened the nooze around other Registrars as well, thus implying the repercussions of our AUP violation (which we have been very particular about). In addition to our reactive techniques, we have also been eliminating abusive domains name at the registration phase by using pattern matching and anomaly based methods. This approach has proven to be very effective and has successfully eliminated 20-30% of domain names which are likely to be used for illicit activities.

In addition, to responding to complaints from individual internet users, the .pw Registry has been working closing with anti-abuse entities such as Symantec ,Spamhaus and SURBL. We have also tied up with NameSentry to beef up our abuse monitoring process. Being a Registry, we have access to very limited information as compared to a Registrar. Yet we have managed to weed out and terminate abusive domain names more proactively, compared to other Registries out there.

Last but not the least, we would like to thank each and everyone who have criticized, appreciated or raised concerns in our effort to curb the abuse. In order to assist us with our efforts, we request you to update us with your complaints at [email protected].

Regards
Donesh Laher
Cyber Security Analyst
.PW Registry