One of the growing frustrations of battling spam is the abundance of non-responsive service providers.

Every now and then I get a surprise!

Watching the mail server recently and doing analysis of mail headers in spam to find where a current flood of spam was originating from I ran across a new bad guy.

They were sending phishing emails that looked exactly like AT&T Billing Email.

Tracing the mx records and the upstream resolved to Hostgator. I will admit that I held very little hope for hostgator being sane and responsible in shutting it down.

I opened a trouble ticket and at first got a lame response that they felt the links were to So I sent them a copy of the mail source. After a few emails back and forth things got very quiet and then BOOM I get an email:


Thank you for the follow up. I see the domain in question, I am currently investigating this issue and will remove the offending phishing page/s from our network shortly.

Clinton M
Security Administrator LLC

I have taken the url out because it is not fully removed yet however – there is a hack alert warning on the site.