One of the growing frustrations of battling spam is the abundance of non-responsive service providers.
Every now and then I get a surprise!
Watching the mail server recently and doing analysis of mail headers in spam to find where a current flood of spam was originating from I ran across a new bad guy.
They were sending phishing emails that looked exactly like AT&T Billing Email.
Tracing the mx records and the upstream resolved to Hostgator. I will admit that I held very little hope for hostgator being sane and responsible in shutting it down.
I opened a trouble ticket and at first got a lame response that they felt the links were to att.com So I sent them a copy of the mail source. After a few emails back and forth things got very quiet and then BOOM I get an email:
Thank you for the follow up. I see the domain in question, xxxxx.com. I am currently investigating this issue and will remove the offending phishing page/s from our network shortly.
I have taken the url out because it is not fully removed yet however – there is a hack alert warning on the site.