

NameCheap.com massive spam with link to IP: 162.255.119.254 - GizaDog

I&#x27;ve been dealing with NameCheap.com for over a two weeks regarding there IP address being used within spam emails like below. Does anyone know how or who to contact to shut down that IP or report NameCheap for not doing anything?<p>http:&#x2F;&#x2F;i.imgur.com&#x2F;UOiho58.jpg
http:&#x2F;&#x2F;i.imgur.com&#x2F;iU8yrAZ.jpg
http:&#x2F;&#x2F;i.imgur.com&#x2F;vpbkEOm.jpg
http:&#x2F;&#x2F;i.imgur.com&#x2F;iD0iJWo.jpg<p>These are their canned responses when emailing abuse@namecheap.com about the issue:<p>1. As the reported server is used solely for forwarding purposes, which is not the abuse itself and there is a lot of legitimate traffic, we cannot disable it.<p>2. However, as we can see the domain name is listed in SpamHaus DBL. Since we consider SpamHaus to be a trusted organization, we opened a case regarding the domain name. Please allow about 48 hours for our further investigation.<p>3. While the domain names reported are registered with Namecheap, they are hosted with another company. So we cannot check the logs for the domains and confirm if they are involved in sending unsolicited bulk emails.<p>Thanks for the advice!
======
Someone1234
It is their IP because they're doing domain forwarding (via HTTP headers).
Someone registered a domain with Namecheap and Namecheap offer free web-
forwarding (as opposed to setting up normal A records and pointing at a web
server directly).

So as they themselves told you, no spam or phishing content is being hosted on
a Namecheap server. They could stop forwarding, but since the spammers are
paying them to do that (and nothing about the forwarding is inherently illegal
in its own right) that is a grey area.

Ultimately why don't you contact the actual host of the sites rather than
picking on Namecheap randomly? Seems like domain forwarding is barely involved
in the whole thing. You bring up the IP like that is meaningful, if you
actually visited the links you'd see that all that IP does it give you a HTTP
redirect.

They would be no more or less involved if the client had just used A records
or CNAMES.

