The conclusion of last week’s thrilling story about cryptocurrency scammers and service providers. Who did come to the aid of Joe Nobody, and who conveniently turned a blind eye to my abuse reports. Welcome to the good, the bad, and Namecheap.
Annoying e-mail spam lures Joe Nobody out of his slumber to once again try to convince service providers to pull the plug on a scammer. Welcome to another installment of Joe Nobody VS world.
So .buzz is another one of those new gTLD’s that saw the light of day during ICANN’s “show me the money” run back in 2013. It’s managed by dotStrategy, and it’s advertised as a great domain name for generating buzz around your product.
ShortDot SA, the top-level domain registry that brought us the infamous .ICU TLD is back with yet another useless domain extension. Say hello to .CYOU TLD, the “savvy and uber-cool domain”, at least according to ShortDot.
Earlier this week I discovered an interesting Outlook.com phishing mail that had been caught by the anti-spam measures we deploy for our e-mail customers. Well, to be fair, the phishing attack itself was not anything new or sophisticated, but the choice of hosting provider was rather interesting.
After noticing that the majority of the .ICU spam campaigns were drying up, I headed over to Namecheap to find out which gTLD was the next likely target for abuse. Well, what do you know, Namecheap was throwing out .XYZ domains for 1$ a pop.
This weekend I decided to extract the IP addresses belonging to hosts used in the ongoing .best and .icu spam campaigns. I’ve only got three weeks of logs to work with so the data set is small, but it still paints a somewhat interesting picture.
I’ve made the decision to go ahead and block another one of those pesky new gTLDs that are seemingly exclusively used by malicious actors. Email delivery from .best domains will no longer get past any spam filter under my control.
Over the last several months, I’ve seen a steady flow of spam emails containing only a single line of text encouraging recipients to visit a blogspot.com address. Should the recipient choose to follow the link, they would soon find themselves on a cryptocurrency scam site with amazing propositions.
ICANN’s decision to cash in and allow an unlimited number of new gTLDs has provided us with several new TLDs used predominantly for criminal purposes by malicious actors. My inbound mail servers have been flooded with spam from thousands of .icu domains for the better part of 2019.