IT.COM

question Reducing WHOIS spam -- Ideas?

NameSilo
Watch
Impact
3,143
Most of us in this forum probably get more than our fair share of WHOIS spam emails, given our above average holdings of domain names compared with the general population. Any ideas on how to reduce it? I seem to get endless "Expired SEO" spams, for example.

I was thinking that the amount of spam I receive might be lower if I switched my admin email address to a Google Gsuite/Gmail powered account. My theory is that spammers don't want to get banned by Google Gmail or Google GSuite, and so there'd be above average spam to domains hosted elsewhere. Alternatively, Google might be quicker to slow down such bulk mail, since they see more of it compared to smaller email providers. In other words, there's some extra protection being part of the Google Gmail/Gsuite "herd", so to speak.

Any thoughts, ideas or suggestions?
 
4
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
I've been using gmail, and I'm thinking of dumping it. They are starting to impose their ideas on website structures, and they seem to be dropping mail that doesn't comply. Also, they are getting too dominant, and I think it might be in our interests to try to sustain diversity on the net.
 
5
•••
been using gmail since I started domain... and then of course way before that for my email.

I get about 100 spam mails per day... in relation to my gmail addres on domain regs.
and about 1 of those per week misses the spam folder.

in short, with gmail, I hardly even know spam exists.

far as I go, google with its gmail and everything else they invent, is abotu the best thing to happen to mankind since fire.
 
Last edited:
2
•••
I was hoping that with GSuite (i.e. paid GMail, branded with one's own domain), some high volume bulk spam would be entirely blocked, and wouldn't even get to the spam folder.

I still check my spam folders, so getting 100+ per day would still suck. :xf.frown:

One big downside to switching my email admin in the WHOIS is that all the spammers that have blocked my current email address (because I've reported them to their ISPs, opted-out, etc.) will start getting through to my new account..... :vomit:
 
Last edited:
0
•••
1. Use a dedicated E-mail address for whois, not the main corporate address
2. I prefer to run my own mail servers, for privacy and control. So I can set my own rules and have maximum flexibility.
For example, I can reject some mails with offending subject lines by using regular expressions: thus the mail is blocked before it's even been accepted by the mail server. And then a rule is added on the fly to the iptables firewall (to block the IP address). The "Expired SEO" spams can be blocked fairly easily.
3. On the mail servers I can set up forwarders (aliases) or temporary addresses, and rotate them from to time... so that the spammers using cached whois are left with useless data...
 
10
•••
Thanks, Kate. I was planning to setup a dedicated email address with a domain I control, to be able to segment those WHOIS emails from everything else. I had been thinking about rotating the email addresses too, but it would have the downside I mentioned above, namely that spammers who've stopped emailing me (because I reported them to their ISPs, or opted out, or whatever) would now have a fresh email address to spam!

While there are advantages to running one's own mail eservers, as you correctly point out, having a turnkey solution like Google GSuite is a bit simpler.
 
0
•••
From 100+ spam daily to 1 or 2 now, sometimes NONE. using gmail.

1) whois privacy. A MUST at least for me.
2) block and report every spam email. (very useful).

That is all.
 
3
•••
I use Whois privacy and life has been easy ever since.
 
2
•••
I get a fair share of emails from not opting for privacy at the beginning.
But it reduced after I started buying names from Namesilo(free privacy)

I bought a domain for a dollar to Bigrock(without privacy) two days ago and it started storming spam

In I hr 4 calls and and over 10 messages regarding website design. I politely decline them all with a 'No Thanks'

I guess they will stop after a couple of days for me as they will be busy targeting new domain owners
 
0
•••
I get a fair share of emails from not opting for privacy at the beginning.
But it reduced after I started buying names from Namesilo(free privacy)

I bought a domain for a dollar to Bigrock(without privacy) two days ago and it started storming spam

In I hr 4 calls and and over 10 messages regarding website design. I politely decline them all with a 'No Thanks'

I guess they will stop after a couple of days for me as they will be busy targeting new domain owners


Can you transfer out of bigrock easily and what did you use, like a coupon or something?
About to try them?
 
0
•••
Can you transfer out of bigrock easily and what did you use, like a coupon or something?
About to try them?

Not sure about the transfer process of bigrock, but hope it will be normal
For the registration, I used a coupon something like 'br99domsale'

Try googling and you might find one for 59rs
 
0
•••
i know, gmail have good spam security.

for your domain create *domain*@gmail.com and enter in whois contacts.
 
1
•••
With your premium portfolio @GeorgeK why not just use Whois privacy? Doubtful you would see a drop in inquiries. :)
 
0
•••
From 100+ spam daily to 1 or 2 now, sometimes NONE. using gmail.

1) whois privacy. A MUST at least for me.
2) block and report every spam email. (very useful).

That is all.
1) A pain in the butt for dealing with sales and transfers, constantly having to remove your whois and manually check what email you are using. It also turns people off from sales inquiries.
2) Again a pain in the a$$ because it's so time-consuming. It's like a part-time job except more of a volunteer effort because you aren't getting paid for it.

The only real solution is what Kate said running your own mail server you want 100% control. It sounds like people are having success with Gmail suite, so please update this thread with results if you decide to go that route..:)
 
1
•••
Can you transfer out of bigrock easily and what did you use, like a coupon or something?
About to try them?

Very easy to transfer out of Bigrock... Standard process... Get EPP, Unlock domain, initiate transfer
 
0
•••
i feel your pain @GeorgeK

i get spam phone calls too

but if we, as domainers, are getting spammed to death,
just imagine what 'potential end-users' are going thru

:)


imo....
 
Last edited:
1
•••
Simply create a rule to move all "Expired SEO", "App Development" "First page of google" etc.. emails to the Deleted folder.

Mission complete.
 
1
•••
With your premium portfolio @GeorgeK why not just use Whois privacy? Doubtful you would see a drop in inquiries. :)

With WHOIS privacy, it's hard to prove that you're the actual owner of the domain name, and establish it independently (e.g. in DomainTools WHOIS history, etc.). If the domain name gets stolen, etc., it might make it harder to prove the theft, etc.
 
4
•••
0
•••
Whois Privacy and Gmail + Filters = :xf.smile:
 
0
•••
Here are some steps I've taken and recommend...
  1. Use a custom domain just for whois registrations - I used Google GSuite for Business. $5/month. I find that Gmail's backend has the strongest and most accurate spam filtering over any other.
  2. Setup catch-all email setting - if you want to use custom names like (specific domain)@(yourbusiness).com that works well, and you can filter based on that. You can also do the + trick (look it up). If you take the time to do this, you can then also filter out any email you get NOT part of that setup into to the trash or archive. I also like doing this for sign ups at various businesses i.e. godaddy@(mybusiness).com and you can see if any of them are selling your information.
  3. Start filtering per @LucidDomains recommendation above on words like "SEO" "Free Logo" "App development" etc. to trash.
  4. If you have a lot of short liquid domains and hate the Chinese spam, you can just filter out a bunch of Chinese characters (I started with these symbols 人民币元 which are used for CNY currency and are in most of their emails)
  5. Blacklist commonly abusive domains, whitelist your more commonly accepted domains (with filters)
  6. Check out this chrome plugin - you can quickly scan sending domains of emails without opening the email http://no_url_shorteners/2wtQ9qZ (I browse through my spam folder in seconds b/c 99% is outlook/hotmail/mail.ru/etc)
  7. Click and report ALL spam to google, check also for spammers using mailchimp or other mail platforms, those have abuse email reporting tools as well. The more you do this, the better it gets, for everyone.
  8. NEVER use a real phone number. Sign up for google voice, turn off call forwarding, have it all get sent via email, setup filter to immediately archive and put it into its own folder. You can then sort by voicemail, read the transcripts for legit calls, delete the rest. 99.99% will be garbage.

Domain privacy doesn't solve much because if you shut off all email from being forwarded, you are losing out on potential inquries, whois verifications, etc. If you do get forwarded, then it does help from your email being scraped, but then they are just scraping an email that forwards to you anyway. Only really worth it to hide identity when needed.
 
3
•••
I don't use domain privacy. I get lot of emails with "Domain SEO notice" and other messages based on our whois info.

I use Zoho, and can easily mark the emails as SPAM with a right-mouse-click. Any future emails from same sender will go directly into spam folder.

Zoho also detects potential spammers based on customer feedback, so my inbox remains in pretty good shape overall.
 
0
•••
Not sure if this was mentioned as I scanned quickly the previous posts but what you can do is register a custom domain for your admin whois that is in an extension that has very limited whois info.

In my case, since I am in Canada, .ca is perfect for that as the whois is very limited (only creation date and nameservers). But you will have to add a phone number to the individual domain whois plus registrant company and contact name. For company and contact you can easily put something generic.

Spam has gone down significantly, both email and phone. Although one time I got a call from an Indian "company" asking to speak with "Private Registration", lol.
 
Last edited:
1
•••
One potential downside of changing the admin email is that the domain name could get locked for 60 days due to the new ICANN transfer rules. I'm not even sure if my registrar would allow a bulk email change under these new rules, or whether I'd have to manually approve each one (which might take many hours of clicking).
 
0
•••
If the buyer has an account at the same registrar then the 60 day rule shouldn't be an issue.

Not sure if the registrar will allow you to approve the Whois change in bulk. You can check with your account exec.
 
0
•••
Back