Home / Blogs

Analyzing The Inbox of a Spammer's Domain

Consider this scenario: you need a domain name for your site so you go to your favorite domain registrar's website and upon a quick search find that your third choice is actually available! You quickly pull your credit card and register the name. Everything is good and you can't wait to have your new domain start pointing to your site and represent your official email address. But not so fast — some of the recent events are revealing that, these days, when you are registering a domain name there is one more critical thing you need to do: check under the hood!

As more and more domains expire and exchange hands, registering a domain is becoming no different than buying a used car. First you need to determine whether the domain you are about to register is fresh out of the factory or previously owned. Then, you need to find out where it's been.

The Case of a Mistaken Identity

Last month Simon Grainger, of Merseyside, northern England, failed to check under the hood when he registered a domain name for his daughter and, as a result, ended up among the 15 lawsuits Microsoft filed shortly after accusing defendants of collectively flooding its systems and customers with more than 2 billion deceptive unsolicited e-mail messages!

According to Grainger, he "received a writ on June 17, 2003 from the U.S.-based corporation, alleging that he was a spammer and had been harvesting e-mail addresses from its MSN site". Wrong domain at the wrong time!

The 43-year-old telecommunications engineer has said the three websites he owns are used for his teenage daughter's home page and for a local flying club, not for spamming. He believes he was targeted because a domain name he bought last year may have been used in spam attacks by a previous owner.

Opening a Can of Worms

On July 3 2003, 'cyberangels.nl' was intentionally re-registered by Spamvrij.nl, a Dutch foundation fighting spam. 'cyberangels.nl' is a domain that was previously owned by Cyberangels, a company know to have been heavily involved in spamming. Reportedly, spammers eventually felt forced to drop the domain when the ground under their feet got too hot.

Since MX-records for cyberangels.nl now point to spamvrij.nl too, the new owners were able to get all their emails and apparently it has not been a pretty site: bounces, spam complaints, and what have you!

So what kind of emails does a major spammer receive in the course of three days? According to this report 6305 emails! Here is the breakdown of those emails reported by the new registrants:

1. 6305 emails in (basically) three days
2. We received 5880 bounces and forwards
3. We received 12 spams for @cyberangels
4. We received 40 attempts to annoy Cyberangels
5. We received 371 complaints about Cyberangels
6. We received 2 business mails

The full analysis of this domain is being logged by Spamvrij.nl as it unfolds.

By CircleID Reporter – CircleID's internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Re: Analyzing The Inbox of a Spammer's Domain By Denise  –  Aug 27, 2003 9:37 pm PDT

This is fantastic! What are your reprint policies? I would like to quote the first few sentences of this article and link back to this page from my e-zine, The Dreamspace News. My last issue was devoted to "Hackers, scammers, slammers and spammers". This would be a perfect follow-up.

Re: Analyzing The Inbox of a Spammer's Domain By Ali Farshchian  –  Aug 28, 2003 8:30 am PDT

Glad you found this article valuable and thanks for your comment.

"I would like to quote the first few sentences of this article and link back to this page from my e-zine" — this would be fine.

Re: Analyzing The Inbox of a Spammer's Domain By Denise  –  Aug 28, 2003 8:55 am PDT

Thank you. It should be out by Sept 12

Re: Analyzing The Inbox of a Spammer's Domain By joyce levin  –  Mar 05, 2007 12:15 am PDT

Can anyone help?  How can I find out who the previous owners of a domain name are?  Any advice would be much appreciated.

Add Your Comments

 To post your comments, please login or create an account.



Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byAppdetex

Domain Names

Sponsored byVerisign


Sponsored byVerisign

Domain Management

Sponsored byMarkMonitor

IPv4 Markets

Sponsored byIPXO