All spam coming from *@*.icu

I have spam filters etc. including for the .icu domain, but I’m still getting tons of spam everyday and it all comes with that domain .icu - everything from drone sales to what looks like ashley mad ison, from dog training to mole removal.

How can I stop this?

Hi Jenn-- This is a great question! There are two things you can do to adjust the spam filter settings for your account. The first is to adjust the Spam filter to have a stricter Auto-delete threshold score. Our spam filters have a default of 5. You can raise this to a 7 or 8 which can help cut down on spam in general.

The next step is to make sure you’re blacklisting any email coming from all .icu email addresses. In the Spam filters section, there’s an option to add addresses to the blacklist. You’ll want to make sure you’re adding a wildcard blacklist which looks like *@example.icu. With this blacklist, the spam filter will automatically discard all emails and they will not go into your inbox.

If you’ve already set those settings, submit a ticket to us with your domain name and we’ll be happy to take a look!

I have confronted Namecheap about this because all of the made up domains seem to be created by them

The host or IP address has (unless it has changed) been a Colohosting IP address.
I am HTTP flooding them non stop to try to piss them off.

I had been reporting them all to spamcop.net but nothing seems to happen.
Colocrossing seem to do Foxtrot Alpha unless you email them from an abuse@ account
Namecheap don’t give a fork because they get £1 every time the spammer registers a new made up .icu name,

What I did was set my email to delete spam automatically.
I gave up.

I actually had a pastebin of their current domains but it was futile. They keep registering them automatically somehow.

If Namecheap had any integrity they would find out who had created the reported domain names and stop them from registering new ones, but money speaks louder than people who complain.

https://twitter.com/xkcdfanfucku so Namecheap can’t just ignore me.

Currently getting a 503 unavailable from http://www.feeldrop.icu/Kclfa/vnka51982bakvnurdf/ :slight_smile:
HTTP flooding (LOIC) 107.175.246.211 with GET /click/smart2/watch102719.php HTTP/1.1
Other one to try is /Kclfa/vnka51982bakvnurdf/ (Xonefone bullshit)

Jenn, go to haveibeenpwned.com and see if you are listed. If you are, you WILL probably get spam.
Consider changing your email address or rejecting all spam.