The work to make Communicado’s life as difficult as possible continues and it does seem like we’re having some success.
When I started this project, Communicado registered all their domains through DAILY mostly using faked registrant data and hiding behind the privileges granted to individual private registrants. I established a dialog with Nominet about this and it seems Nominet did take action to the point of suspending some of these domains. Communicado then suddenly switched to using ENOM for registering their domains, I don’t know and have no way of knowing if they were booted off by DAILY or just decided to switch. Either way, it made no difference, I could easily find the domains they were registering via Nominet’s PRSS tool.
As of Monday 16th, they have changed tactics again. They have apparently abandoned the .co.uk namespace (I’m sure they’ll be missed) and have gone back to using a variety of .com, .net and .org domains. Some seen in use today are:
They’re easy enough to spot in the logs, but I don’t currently have a good way of searching the whois for these TLDs. Suggestions for such a tool (non-free is fine) are welcome.
Maintaining this list and the RBL service is taking time and money. I will absolutely never be charging anyone for the list and the RBL will be free and open access for as long as it is sustainable to do so. In addition to the ways you can help mentioned in previous posts, a more direct way you can help is to donate a little money, preferably in the form of Bitcoin to 1F9Y1Gd3Pmmchxa7uGFd3zBQY9zVuX78Jd.
More news when I have it, you can follow @Excommunicado for more frequent updates.
It has been a busy few weeks since I first blogged about Communicado, here are some of the highlights of what has been going on.
- Communicado are still registering somewhere between 40 and 60 new domains a week. The blacklist is being regularly updated and currently has 5364 domains listed.
- Communicado appear to have switched registrars from DAILY to ENOM as of yesterday. Makes no difference to picking up their domains.
- Nominet has been investigating and tell me that some of Communicado’s domains have been suspended and they are in the process of suspending more.
- Please follow @Excommunicado for news and announcements on Twitter. Low volume, only on topic.
- The existing text file download will continue to be updated but, by popular demand, I have set up a DNS RBL containing their domains. As of the time of writing it is open access, that may change if it becomes too busy. Using it is easy:
martin@olga:~$ host malimanosa.co.uk.excommunicado.co.uk
malimanosa.co.uk.excommunicado.co.uk has address 127.0.0.2
martin@olga:~$ host flobbletob.co.uk.excommunicado.co.uk
Host flobbletob.excommunicado.co.uk not found: 3(NXDOMAIN)
If anyone wants to provide working configuration examples for SpamAssassin (or other similar tools), I will cheerfully link to them or post them here.
More news when I have it, have a Communicado-free afternoon!
I am fairly frequently asked for tips on getting less junk email. There’s quite a few things you can do that will cut the amount of junk you get, or at least let you get an idea of where it came from.
- Don’t have a catchall account, only ever accept mail for real mailboxes.
- Use as few generic or role addresses as you can. sales@, info@, help@ etc will all draw in unwanted junk.
- Delete or disable legacy mailboxes, don’t alias them to another user’s mailbox.
- Use different email aliases for different sites. So I might have martin-slashdot@ for Slashdot, martin-elreg@ for The Register, martin-dominos@ for Dominos etc etc. If mails arrives to these addresses, and it’s not from that specific organisation, then something has leaked when it shouldn’t have.
- Once you’ve finished with a particular site, remove the alias.
- Don’t be afraid to pick up the phone. If you get email you didn’t want from a company, call them to get yourself removed. Where you’ve had no contact with a company before, tell them politely that they are breaking the law by sending you unsolicited email.
- Understand the difference between spam and UCE. With spam it is rarely worth your time tracking down the sender, UCE may well be.
- Don’t click on unsubscribe links in spam messages. Do click on unsubscribe links in UCE messages. With the latter, if the unsubscribe isn’t instant (“It may take up to 10 days….”) then blacklist the sender.
And, of course, if junk mail really is a big problem for you, consider using a commercial anti-spam and anti-virus filtering service to get rid of it. Obviously I would recommend antibodyMX, but there are plenty of other providers out there.