Skip to Content.
Sympa Menu

discuss - [opennic-discuss] More domains spreading malware

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Chronological Thread  
  • From: Jeff Taylor <shdwdrgn AT sourpuss.net>
  • To: Discuss <discuss AT lists.opennicproject.org>
  • Subject: [opennic-discuss] More domains spreading malware
  • Date: Sun, 26 Jan 2025 16:59:33 -0700

I posted last year about shutting down several domains for spreading malware, and it has come to my attention again that there are more doing the same thing.  First off, if you think you're going to avoid detection by using these utterly racist domain names, yeah those things tend to catch my eye.  Also the tendency to list more than a dozen A records, all pointing to different countries, raises questions of legitimacy.

We've played nice by allowing open and automated registrations, but some bad actors have decided once again to take advantage of our services.  Automated services can be used against those same people, and I will be writing up some new scripts to check domain records against well known block lists (for example, spamhaus has records on every IP I've checked so far).  I do not plan on sending out notices for the domains  that get blocked, I will simply remove them from the DNS records.

Those who know me will understand that I try to err on the side of caution, and I will do my best not to remove any legitimate domain entries.  If you think something was removed in error, go ahead and reach out to me.  If you suddenly had dozens of domains removed which were all pointing to known malware sources, then yeah you already know what you did and there were no accidents.


  • [opennic-discuss] More domains spreading malware, Jeff Taylor, 01/27/2025

Archive powered by MHonArc 2.6.24.

Top of Page