MC+A

Earlier this week, a client asked me to investigate a spamming issue that they were concerned about the origination of the emails.  Upon first glance it appeared that the emails were coming from their email address.  After examining the message header, it was clear that it was not.  I foolishly sent an email out to demonstrate what was happening.  Unknowingly, I added myself to the list and inadvertingly sent a message to thousands of people.

This post is to help spread information about the cause for people affected by it.  Also, people facing other issues can uses the same techniques.

The Problem.

• Spam emails were being generated from and to info@worldswidedomains.com
• Replying to this address caused your name to be added to the list server and an email went out to everyone’s name who had previously been added to the list.
• Most people on the list were added manually without their knowing.

Resolution

FIRST
Find out who the the domain is registered to by going to: http://whois.domaintools.com/worldswidedomainname.com (you can replace the worldswidedomainname.com for other domains).  This produced the following information.

Registrant:
Alex Shafts
504 LEONARD AV
Las Vegas, NV 89106
US
Domain name: WORLDSWIDEDOMAINNAME.COM

Administrative Contact:
Shafts, Alex  
504 LEONARD AV
Las Vegas, NV 89106
US
702.5431469
Technical Contact:
Shafts, Alex  
504 LEONARD AV
Las Vegas, NV 89106
US
702.5431469
Registration Service Provider:
Ecommerce, Inc., 
800-861-9394
http://ecommerce.com
UNLIMITED Storage Space, 3 TERRABYTES of Monthly Transfer & up-to 16
domains, starting at $3.95!

LIFETIME FREE DOMAIN REGISTRATION + FREE FEATURES INCLUDED. ONLY AT
ECOMMERCE.COM

Registrar of Record: TUCOWS, INC.
Record last updated on 24-Oct-2008.
Record expires on 25-Oct-2009.
Record created on 25-Oct-2008.

Registrar Domain Name Help Center:
http://domainhelp.tucows.com

Domain servers in listed order:
NS16.IXWEBHOSTING.COM
NS15.IXWEBHOSTING.COM

Domain status: clientHold
clientTransferProhibited
clientUpdateProhibited

SECOND
Next I looked up the MX record.  The MX record is a type of domain record that tells people looking to send you an email where to send it.  On most computers there is a command called nslookup.  Open a command prompt and type nslookup.  Next type the ’set type=MX’ so that you’ll lookup the MX record.  then type in the domain you are looking for.

Based on this and the emails I received.  I contacted ixwebhosting.com.  They have assured me that the domain was suspended.

The question remains…who is “Shafts, Alex” and is this the mail address we should send to:

504 LEONARD AV
Las Vegas, NV 89106
US
702.5431469

View Larger Map