Hi Guys,
I don't normally post warnings regarding spam, but this is an exception..

do not under any circumstances, accept the domain http://e-rx.net into your system.

This guy sent out the server limit of emails, which merited us with an instant BL on SPEWS.

The situation with SPEWS is under control though, as we proved we suspended the guy on first notification.

Again, do NOT accept the domain http://e-rx.net or http://rxbiz.us


For those interested, a lawyer has already been contacted, and e-rx, as of 30 minutes ago, have been hit with a $72,000 bill for their spamming, as per our TOS, enforced by the County of Shelburne, Nova Scotia, and the county of Dublin, Ireland. In short, this guy's gonna wish the only SPAM he ever sent out, was tins of that gross pork stuff to his relatives for christmas :laugh:

Thanks IHSL. We'll keep a lookout for them.

I know you are in NS, what's the Dublin connection?

Originally posted by blue27
Thanks IHSL. We'll keep a lookout for them.

I know you are in NS, what's the Dublin connection?
That's where our main base is.

We run the hosting side of things from NS, simply because I, and then later a group of my friends moved here, so it made sense.

But from a legal standpoint, we can drag the guy through the Irish legal system, aswell as the Canadian.

We don't expect a cent from them, but because our TOS was approved by both County Courts, both of which hold our corporate filings also, this means we'll be passing the debt to a collection agency, and then later, filing with the credit bureau.

Now I have to go personally suck up to SPEWS, and all that it entails :mad: they did a full /27 block too, so i'm gonna have to pucker up in the next few hours, majorly

Thanks for sharing. :) Nothing like teaming up on those dirty bastard spammers.

Another step towards eliminating SPAM. Go get 'em IHSL. :D

wow... just by looking at the website, you may be able to tell they are a spamming peoples.

http://e-rx.net/

duh... all the shortcuts to spam.

Originally posted by steveTobb
wow... just by looking at the website, you may be able to tell they are a spamming peoples.

http://e-rx.net/

duh... all the shortcuts to spam.
The trouble with that being; that site didn't have any lead-off's to spamming. We also checked with their previous host's IP address during the signup proc. and that came back Ok, so until we were hit with this instance, there was no reason to terminate the account.

For some reason, they held off on the spamming for two month's, and then the last 48 hours, they re-did things and then boom, spam sent. I'm guessing they were trying to get into a "settled" position with us, before hitting our mail servers.

So no "duh" in either warranted, nor welcomed. Thanks ;)

duh??

Not all hosts have the time to check every single domain that is signed up with them.

Well, maybe not...but pharmacy domains set off a red flag with us. I caught these same guys before we created their account and sent them packing.

It ain't brain surgery to figure most of these guys out...

http://groups.google.com/groups?q=e-rx.net&ie=UTF-8&oe=UTF-8&hl=en

Originally posted by Andrew
Well, maybe not...but pharmacy domains set off a red flag with us. I caught these same guys before we created their account and sent them packing.

It ain't brain surgery to figure most of these guys out...

http://groups.google.com/groups?q=e-rx.net&ie=UTF-8&oe=UTF-8&hl=en

So let me get this straight..

I come here to report a spammer.. and you feel the need to insult me? We terminated this guy within SECONDS of being notified, which is the basis for our removal plea to SPEWS and all that it entails.

Maybe you have time to search every single domain name that goes through your network, on google groups etc, but we don't. We simply act on spam at the slightest sight or report of it, which is exactly the case with this instance.

Originally posted by IHSL
So let me get this straight..

I come here to report a spammer.. and you feel the need to insult me?
IHSL,

No, I think the majority are behind you... good job on your report... don't worry about the others!

Heck, if a customer joins your hosting company with a nice site then waits 2 months, there is nothing you can do about it. I would ask ANY host if they monitor all sites 24/7 to make sure the content has not changed to a spammers site.... that is not possible (on a regular hosting biz with 100's maybe 1000's of customers). Things like this happen... good that you shut them down and reported here IMO.

I don't believe some people are reading your entire post....

We still need a site that'll list all known spammer's domains. The problem is... who governs it? Who verifies the data to ensure the integrity of it is not compromised and people get unfairly listed?

IHSL, good job, man!

Good job IHSL.

It would be nice to make an example of these fools

Originally posted by Prism329
We still need a site that'll list all known spammer's domains. The problem is... who governs it? Who verifies the data to ensure the integrity of it is not compromised and people get unfairly listed?

IHSL, good job, man!


I'd be all for that...

Originally posted by Prism329
We still need a site that'll list all known spammer's domains. The problem is... who governs it? Who verifies the data to ensure the integrity of it is not compromised and people get unfairly listed?

IHSL, good job, man!

Been tried. Too many issues.

Now what would be good is a way to query 'news.admin.net-abuse.email' (or some other one) for the keyword being the domain name signing up. If the domain name is listed in the return, it will flag it for manual approval. I think I will pass this to programming .............. :)

Originally posted by UmBillyCord
Been tried. Too many issues.

Now what would be good is a way to query 'news.admin.net-abuse.email' (or some other one) for the keyword being the domain name signing up. If the domain name is listed in the return, it will flag it for manual approval. I think I will pass this to programming .............. :)


Would be not only a good idea to be able to check out the domain, but check the IP of the person signing up, etc...

Obviously the IP cant be a major flag, for some are dynamicly assigned, though it could warn the host to closly monitor the domain. On a second offence, chances are they have a dedicated IP and we can ban them.

Originally posted by WinApp
Would be not only a good idea to be able to check out the domain, but check the IP of the person signing up, etc...

Obviously the IP cant be a major flag, for some are dynamicly assigned, though it could warn the host to closly monitor the domain. On a second offence, chances are they have a dedicated IP and we can ban them.

IPs and numerous other things are already checked. The domain name was something I was just brainstorming in the post.

Originally posted by IHSL
So let me get this straight..

I come here to report a spammer.. and you feel the need to insult me? We terminated this guy within SECONDS of being notified, which is the basis for our removal plea to SPEWS and all that it entails.

Maybe you have time to search every single domain name that goes through your network, on google groups etc, but we don't. We simply act on spam at the slightest sight or report of it, which is exactly the case with this instance.

Nah, you've got it crooked. I wasn't trying to insult you. More to counter the flippant remark that blue27 had made right above.

However, making time for these things is important. In fact, making systems that can do this work for you and SAVE you the time of looking them up also help.

It's quite easy to automate a process of checking google groups for results of a domain. We DO still verify all signups by hand and check these things when we feel it's necessary (pharmacy domains, anything with 'traffic' in the domain, etc...) but it CAN be automated and taking the time saves much trouble in the long run.

Impossible to catch all spammers. Especially when they sign up and wait a few months before dropping the bomb.

Good for you, IHSL, for catching it so quickly, and for letting us know. Don't mind the people who feel a need to criticize you. You're taking all the necessary steps.

Vito

Andrew, why don't you try reading the thread again. I don't believe I've made a flippant remark and if I did perhaps you could point it out.

Originally posted by UmBillyCord
Been tried. Too many issues.

Now what would be good is a way to query 'news.admin.net-abuse.email' (or some other one) for the keyword being the domain name signing up. If the domain name is listed in the return, it will flag it for manual approval. I think I will pass this to programming .............. :)

That's exactly what I'm speaking of. :)

Originally posted by blue27
Andrew, why don't you try reading the thread again. I don't believe I've made a flippant remark and if I did perhaps you could point it out.

No problem, Michael. I know you like things spelled out for you.

you said:


duh??

Not all hosts have the time to check every single domain that is signed up with them.


That's pretty flippant considering. I REALLY don't mean to insult anyone, but seriously, if that domain made it past the initial investigation phase, then there is something wrong with the way the host investigates signups.

Nobody's perfect, but this is something that probably should have been caught.

Originally posted by UmBillyCord
Been tried. Too many issues.

Now what would be good is a way to query 'news.admin.net-abuse.email' (or some other one) for the keyword being the domain name signing up. If the domain name is listed in the return, it will flag it for manual approval. I think I will pass this to programming .............. :)
Yup, deffinitely. And that's where i just posted a query to the SPEWS guys.

On a side note, to see the severity level we give this: http://www.e-rx.net/

Originally posted by Andrew
No problem, Michael. I know you like things spelled out for you.

you said:



That's pretty flippant considering. I REALLY don't mean to insult anyone, but seriously, if that domain made it past the initial investigation phase, then there is something wrong with the way the host investigates signups.

Nobody's perfect, but this is something that probably should have been caught.
Is this a flame thread? or are you just trying to turn it into one?

That domain is checked in the same way that any initital signup domain is checked. We ping the current servers they are on, and then try to do a quick BG check.

Even google groups, when querying for e-rx.net, doesn't bring back many results, that process may make it into our fraud screening list after this episode, but to insult me about it doesn't help anyone. Except for the fact that it helps you look like a person simply out to start an arguement. And i'm sure you're not, are you?

Originally posted by Andrew
No problem, Michael. I know you like things spelled out for you.

you said:



That's pretty flippant considering. I REALLY don't mean to insult anyone, but seriously, if that domain made it past the initial investigation phase, then there is something wrong with the way the host investigates signups.

Nobody's perfect, but this is something that probably should have been caught.

I still don't see how you consider it to be flippant since I was responding directly to a previous post.
Not all hosts have the time to check out every new sign up. That is a fact. Do you dispute it?

Originally posted by IHSL
In short, this guy's gonna wish the only SPAM he ever sent out, was tins of that gross pork stuff to his relatives for christmas :laugh:

In the USA we have the dreaded fruit cake.
What is this pork stuff you speak of?

[ I don't think you mean mincemeat: originally a medieval (England) sweet, spicy mixture of chopped (minced) lean meat (usually beef, or beef tongue), suet and fruit. It was generally served as an entree. ]

Originally posted by kayla
In the USA we have the dreaded fruit cake.
What is this pork stuff you speak of?

I'm not sure if you got the joke or not... but if not;
The pork stuff is SPAM:The meat in a can :laugh:

Although, fruit cake is pretty bad.

We have it here. Spend 3 months making it and all day avoiding it.

In the USA we have the dreaded fruit cake.
What is this pork stuff you speak of?


I hope that was a joke. :D

Great job IHSL. I hope everything is fine.

I am wondering if the problem is with all online pharmacies or are these the Canadian ones selling to Americans that are doing the spamming?

Originally posted by dmxconsult
I am wondering if the problem is with all online pharmacies or are these the Canadian ones selling to Americans that are doing the spamming?
I don't actually believe it's anything that is nationaility based..

SPAMMERS come from all walks of life, in all shapes and sizes, and of all sorts of nationalities, with one common feature being above all else;

They are complete morons

Originally posted by ANMMark
I hope that was a joke. :D

Spam and Christmas don't mix so I was totally thrown off.

Originally posted by kayla
Spam and Christmas don't mix so I was totally thrown off.

:eek: Canned Spam and every holiday mix well :D

Originally posted by IHSL
The pork stuff is SPAM:The meat in a can :laugh:

Mmm...SPAM....I like eatingit...not receiving it.

Thanks for the heads up IHSL. :beer: