Another Spam E-mail Source Identified: PermissionEmailCorp.com Steals from GoDaddy.com
Posted by Carlton Bale on February 23rd, 2007
I just received an unsolicited commercial e-mail from a company named, ironically, PermissionEmailCorp.com. They did not receive my permission before sending me the e-mail. Their site states that they provide "choice / opt-out" for recipients. Funny, the spam message they sent me didn't contain any such option.
Apparently they provide "free advertising for charities." They also promise not to collect any customer information. Wow, how nice of them. But if they really cared about your charity, they wouldn't use "third-parties" to "advertise and collect information about customers." The company appears to be based out of China and related to AdvertisingEmailCorporation.com.
PermissionEmailCorp.com retrieved the e-mail address from my Godaddy account. Not from my public DNS who-is information, but from my GoDaddy account itself. GoDaddy needs to set-up their customer protection.
Update 13-March-2007: I started receiving e-mail messages to the address I use in my domain name whois information. Every domain has to have a contact e-mail address and it must be shared (unless your pay your registrar to make is private.) This is information is not allowed to be used for this purpose, but obviously this company is not playing by the rules. Once your e-mail address is out there for them to use, there is nothing you can do to get it hidden again. Either setup a spam filter or change your e-mail address (which may be found again.) Be careful about using a false e-mail address for your domain contact information. Your registrar may charge you an administrative fee if someone reports not being able to contact you because of that. To see you public whois information for your domain, try the Network Solutions Whois Lookup page.
February 23rd, 2007 at 3:27 pm
permissionemailcorp.com have been spamming me as well. They got hold of the address that is used only for the technical contact for domain names I own. I changed that address a few days ago. I just got a spam to the new address.
What this means is that they are roboting WhoIs sites to harvest the contact addresses of domain name owners, and they refresh their list frequently. Since changing the address didn't work I must now find another way to stop them.
February 24th, 2007 at 6:42 am
I have received two of their pieces of garbage. They may be harvesting from domain names, but not necessarily the email addresses - they are also making up what appear to be valid email addresses based on the domain names they find.
I have 4 domain names - two are active, the other two are in preparation for other planned functions related to my main .com domain. Only one of those domains has any email addresses assigned - the .com domain, and those addresses are openly available to any visitor to the site, whether real or robotic. None of them were used. They instead made up an authentic-appearing address based on the .info domain.
Romane
February 24th, 2007 at 9:40 am
They definitely pulled my contact info from my Godaddy account. I use that e-mail address only at Godaddy and nowhere else. It's not at all a generic address. It is not listed in any of the who-is contact names, but maybe Godaddy shares more account information than is shown in the who-is listing. Regardless, I'm going to change that e-mail address and see what happens.
February 24th, 2007 at 7:00 pm
I just had the same problem, I think they are some how finding common names like support@domain.com. I do think they are using robots to scan domains and might be even sending out random e-mail to your domain until they get one that matches. My domain e-mail address is not posted anywhere on the internet because my site is not completed and my domain is ran off of an e-mail server off of my computer. Even with companies like MSN and Yahoo uses robots to look for sites, even if you don't submit your site to them they will find your site down the road.
I would NOT visit PermissionEmailCorp.com because this gives them the opportunity to grab your IP address.
This was the IP address with in the e-mail that was sent to me.
Ip Lookup
68.188.32.37 resolves to
"68-188-32-37.dhcp.stls.mo.charter.com"
Top Level Domain: "charter.com"
Charter Communications CHARTER-NET-7BLK (NET-68-184-0-0-1)
68.184.0.0 - 68.191.255.255
Charter Communications DRDN-MO-68-188-32 (NET-68-188-32-0-1)
68.188.32.0 - 68.188.63.255
February 24th, 2007 at 10:27 pm
Good morning
Have done some research since my last post. Did a WhoIs at http://www.whois.net/ and a Google on permissionemailcorp. The domain was registered in November last year. The anti-spam and anti-net-abuse people have had some discussion regarding them. They seem to be based out of China, and I gather that these anti-spam and anti-net-abuse people have tried to nail the person or persons behind this site in relation to other scams and similar parasitic activities previous to permissionemailcorp's registration.
The issue with them grabbing the IP address is mostly relevant when you have a static address. As mine changes every time I log in, and the address range is shared between a number of ISPs, I took the opportunity to go to their home page (but no deeper). By not visiting, you have not missed much.
Maybe one day, *all* the Governments and relevant authorities in the world will get together to eradicate this pathetic disease that blights the Internet - but I'm not holding my breath for any time soon.
Romane
February 25th, 2007 at 1:50 am
What a surprise to get an email from these people using my email address. What exactly does it mean? Have they sent out thousands of spam using my address? How do they do that and what should I do?
JB
February 25th, 2007 at 2:19 am
My favorite quote on their site (on PermissionEmailCorp.com/welcome.html) is "CEO Ranked as The #1 Broadcast Emailer in The World by Wikipedia; The World's Largest Online Encyclopedia."
Congratulations, a user-editable wiki ranked you number one. I wonder who made that edit?
February 25th, 2007 at 8:27 am
The message I get is from myself! Now, how do I stop them? If I categorize them as SPAM, then my own e-mail address goes on the blocked list.
February 25th, 2007 at 8:53 am
I've received the same spam message… "we email advertise your charity web site to 7,500,000 people. free.
"permissionemailcorp.com" FROM MY EMAIL ADDRESS, TO MY EMAIL ADDRESS. I also wonder who they are spaming with my own email address. What is the recourse for damages?
Interesting that I use GoDaddy for my domains and recently changed my contact info to my personal email address that received this spam message twice, today (Feb 23 6:43 AM) and yesterday (Feb 24 at 7:04 am).
February 25th, 2007 at 9:45 am
After a bit of research, this could very well be a scam originating from another country (China?). Likely a clever attempt to get an order via American Express, MC, Visa or Discover, through a non-secured webpage (http vs. https). Unsuspecting business owners might enter their credit card numbers, only to have them stolen.
There is a fax number provided,+1(206)260-3270, but that could be an IP phone (Vonage, etc.) sitting somewhere in China. Microsoft targeted Robert Soloway in 2005 so it would be easy to direct upset recipients to that person while grabbing a few hundred (thousand?) credit cards before closing up shop. That's my guess…
John
http://www.IndianaDigital.net
——————————————————————-
Here's what I found with 10 minutes of searching…
Here's an update from SpamHaus that should shed some light on this:
http://www.spamhaus.org/organization/statement.lasso?ref=3
Here's the company contact info for "Broadcast Email Service" when you follow the link in the spam email:
Corporation Headquarters
Located In The Heart of the Downtown Business District Located in Seattle, Washington, USA.
Corporate Address:
1001 4th Ave - #1259
Seattle, WA 98111
United States of America
Additional Information:
Please Read Under Email Software, Email Services, Custom Emailings and Charity Info to Learn About All of Our Products & Services. Thank You.
——————————————————————
Google the following [ 1001 4th Ave - #1259 seattle ] for insight to who shows up with this address.
——————————————————————
One of the Google links takes you to http://robertalansoloway.com where you can click a link to view a PDF of a lawsuit from Microsoft against Robert Soloway, who is identified as the CEO of Broadcast Email Service. In this lawsuit, Robert Soloway is identified as "Newport Internet Marketing" of CA.
However, even this is misleading. A WhoIs lookup reports the Domain Holder as…
Domain Name: PERMISSIONEMAILCORP.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Name Server: NS1.PERMISSIONEMAILCORP.COM
Name Server: NS2.PERMISSIONEMAILCORP.COM
Name Server: NS3.PERMISSIONEMAILCORP.COM
Name Server: NS4.PERMISSIONEMAILCORP.COM
Status: clientTransferProhibited
Updated Date: 19-feb-2007
Creation Date: 17-nov-2006
Expiration Date: 17-nov-2007
Domain Name………. permissionemailcorp.com
Creation Date…….. 2006-11-17 21:43:02
Registration Date…. 2006-11-17 21:43:02
Expiry Date………. 2007-11-17 21:43:02
…If you lookup who administers the domain, you get:
advertisingemailcorporation.com
——————————-
Domain Name: ADVERTISINGEMAILCORPORATION.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Name Server: NS1.KANJERIMADA.INFO
Name Server: NS2.KANJERIMADA.INFO
Name Server: NS3.KANJERIMADA.INFO
Name Server: NS4.KANJERIMADA.INFO
Status: clientTransferProhibited
Updated Date: 25-jan-2007
Creation Date: 17-nov-2006
Expiration Date: 17-nov-2007
I'd like to hear what others come up with after a bit more digging.
John
http://www.IndianaDigital.net
February 25th, 2007 at 3:46 pm
How to stop them,anyone know? I'm in Cnada, registered my site through godaddy.com and I'm spammed everyday by this permissionemailcorp.
February 25th, 2007 at 7:25 pm
I got the same issue, multiple SPAM emails as-if originating from me and having the following two-liner:
————————————————————–
we email advertise your charity web site to 7,500,000 people. free.
www . permissionemailcorp . com
————————————————————–
Hope somebody can take care of this issue.
Best regards,
VJ
February 25th, 2007 at 10:59 pm
Seems like godaddy is the common thread in all these posts. Funny how the other registrars aren't losing their customers' emails to this "harvesting." I guess if I had choked up the extra $2 a year they wouldn't let my email "slip" into permissione's hands.
February 26th, 2007 at 4:03 am
Seems they have changed their details…I actually gave them a call, all Chinese strangely enough…then after a while they just keep putting down the phone on me after a few rings…
I will be giving this number and email address to all my new Nigerian Email scammer friends…
admin@advertisingemailcorporation.com
Domain Name………. permissionemailcorp.com
Creation Date…….. 2006-11-17 21:43:02
Registration Date…. 2006-11-17 21:43:02
Expiry Date………. 2007-11-17 21:43:02
Organisation Name…. liu feng
Organisation Address. guang zhou
Organisation Address. admin@advertisingemailcorporation.com
Organisation Address. guang zhou
Organisation Address. 321000
Organisation Address. GD
Organisation Address. CN
Admin Name……….. liu feng
Admin Address…….. guang zhou
Admin Address……..
Admin Address…….. guang zhou
Admin Address…….. 321000
Admin Address…….. GD
Admin Address…….. CN
Admin Email……….
Admin Phone………. +86.20321000232
Admin Fax………… +86.20321000232
Tech Name………… liu feng
Tech Address……… guang zhou
Tech Address……… admin@advertisingemailcorporation.com
Tech Address……… guang zhou
Tech Address……… 321000
Tech Address……… GD
Tech Address……… CN
Tech Email………..
Tech Phone……….. +86.20321000232
Tech Fax…………. +86.20321000232
Bill Name………… liu feng
Bill Address……… guang zhou
Bill Address………
Bill Address……… guang zhou
Bill Address……… 321000
Bill Address……… GD
Bill Address……… CN
Bill Email……….. admin@advertisingemailcorporation.com
Bill Phone……….. +86.20321000232
Bill Fax…………. +86.20321000232
Name Server………. ns4.mangoorangee.org
Name Server………. ns3.mangoorangee.org
Name Server………. ns2.mangoorangee.org
Name Server………. ns1.mangoorangee.org
Domain Name………. advertisingemailcorporation.com
Creation Date…….. 2006-11-17 21:43:14
Registration Date…. 2006-11-17 21:43:14
Expiry Date………. 2007-11-17 21:43:14
Organisation Name…. liu feng
Organisation Address. guang zhou
Organisation Address.
Organisation Address. guang zhou
Organisation Address. 321000
Organisation Address. GD
Organisation Address. CN
Admin Name……….. liu feng
Admin Address…….. guang zhou
Admin Address……..
Admin Address…….. guang zhou
Admin Address…….. 321000
Admin Address…….. GD
Admin Address…….. CN
Admin Email……….
Admin Phone………. +86.20321000232
Admin Fax………… +86.20321000232
Tech Name………… liu feng
Tech Address……… guang zhou
Tech Address………
Tech Address……… guang zhou
Tech Address……… 321000
Tech Address……… GD
Tech Address……… CN
Tech Email………..
Tech Phone……….. +86.20321000232
Tech Fax…………. +86.20321000232
Bill Name………… liu feng
Bill Address……… guang zhou
Bill Address………
Bill Address……… guang zhou
Bill Address……… 321000
Bill Address……… GD
Bill Address……… CN
Bill Email………..
Bill Phone……….. +86.20321000232
Bill Fax…………. +86.20321000232
Name Server………. ns4.kanjerimada.info
Name Server………. ns3.kanjerimada.info
Name Server………. ns2.kanjerimada.info
Name Server………. ns1.kanjerimada.info
Follow the exploitations of Robert Soloway who is behind this SPAM…
http://en.wikipedia.org/wiki/Robert_Soloway
http://en.wikipedia.org/wiki/SPAMIS
February 28th, 2007 at 12:38 pm
I receive this email 2 times a day and have for the past week.
March 1st, 2007 at 9:36 am
I've been getting this. They are apparently guessing at addresses based on domain names. I don't really care where they got the domain name. If I have to protect my domain name to prevent someone from doing this type of thing, then there really is no point in having a domain name that is easy for folks to remember.
The emails are not compliant. There is no From field and the return path is the address they are guessing. As a result bounces don't work. So if they are doing this to see what addresses are valid, they are not likely getting any feedback unless someone follows the URL in the message. So my guess is that they are simply trying to advertise. And because they are not getting any bounce feedback, they will just keep sending them.
In the headers, the path histories of the messages are extremely short (one hop to my server) and seem to come from a variety of IPs from all over the world. Bots, I presume.
I also have seen the url for www . emailsolutioncorp . com.
March 8th, 2007 at 3:55 am
je recois aussi des mail mais pas avec godaddy mais relais internet "orange"
comment faire et quels sont les retour pour mon ordi car tous les plans et les achat passent par là ils passent par le mon de domain donc direct sur ma boite
merci
March 8th, 2007 at 4:04 am
je reçois des mail aussi mais pas par godaddy mais relais internet "orange"
comment faire pour les stoper car je fait mes achats en ligne et en passant par le nom de domain ils arrivent direct sur ma boite
merci
March 12th, 2007 at 4:23 am
Based in France, I've been spammed from those guys for weeks now (since February 07). I would suggest not to write their domain adress in each of our pots because this may increase their ranking over the net. One major point is that they are able to spam each of us with our proper e-mail adress as the sender. They are able to write things in our names.
For everybody's information, I also own domain names but through 1and1.fr and gandi.fr
March 13th, 2007 at 7:18 am
Update 13-March-2007: I started receiving e-mail messages to the address I use in my domain name whois information. Every domain has to have a contact e-mail address and it must be shared (unless your pay your registrar to make is private.) This is information is not allowed to be used for this purpose, but obviously this company is not playing by the rules. Once your e-mail address is out there for them to use, there is nothing you can do to get it hidden again. Either setup a spam filter or change your e-mail address (which may be found again.) Be careful about using a false e-mail address for your domain contact information. Your registrar may charge you an administrative fee if someone reports not being able to contact you because of that. To see you public whois information for your domain, try the Network Solutions Whois Lookup page.
March 13th, 2007 at 7:26 am
Got email from www . emailsolutioncorp . com send from my own email address..
isn't there a way to spam those spammers back? Flood their email or something.
March 13th, 2007 at 8:37 am
Hi All,
I got the spam too. I order the product they have by sending the all info as You Mother F…. Spamers. Then it show the following as one of the e-mail for them:
broadcastmarketingcorp@mailshack.com
With same title I send them an e-mail too. I think for each spam from this company we showld send them an e-mail directly.
March 13th, 2007 at 1:10 pm
I have received this SPAM also: See Below, I have contacted the WA Attorney General’s office. Though the State of WA does not have laws against spam, the do have laws against deceptive business advertising. We can become a nuisance to this business like it is to us, file a complaint with the WA AG's office they are at http://www.atg.wa.gov
emailsolutioncorp.com/contact.html
Corporation Headquarters
Located In The Heart of the Downtown Business District Located in Seattle, Washington, USA.
Corporate Address:
1001 4th Ave - #1259
Seattle, WA 98111
United States of America
March 13th, 2007 at 4:51 pm
emailsolutioncorp.com is registered in china by a registrant that is named "Beijing Innovative linkage technology". They are well known for fraudulent emails and domains.
Unfotunatly since it in China. there is not much we can do.
I have tried a formal FTC complaint and no response.
March 15th, 2007 at 1:43 pm
Its not a godaddy problem .. I use another registrar and unique throwaway addresses for my whois info. They grab the info from whois, and update fairly regularly.
BTW look into http://www.sneakemail.com (I'd be lost without them)
March 16th, 2007 at 1:35 pm
Look no further - The research has been done (not that it seems to help).
All China and whois references are red herrings (other than hosting etc). Full Robert Alan Soloway (http://blog.opsan.com/archive/2005/07/29/1148.aspx) history and latest updates are available via these dedicated anti-soloway blog links.
http://blog.opsan.com/archive/2006/05/25/28138.aspx
http://sjwest01.googlepages.com/broadcastspam.html
Join the club & best of luck in your solving the Eternal soloway problem.
March 19th, 2007 at 3:10 am
Hi All,
I find a flaw in the emailsolutioncorp.com system.
go to emailsolutioncorp.com/orders/doorder.php and complete the form with any thing and any number such as 1111111111111111111111 for the credit card number and submit the order.
it is using emailsolutioncorp.com/orders/doorder-process.php. hoping I can extract the email address for them
March 19th, 2007 at 9:32 am
They are blasting me 1-2 times a day. If anyone finds a permenant solution, please post.
Thanks
March 19th, 2007 at 3:06 pm
Hello guys, I have the same problem!
i receive many emails everyday anytime form UNKNOWN SENDER and the advertised website is emailsolutioncorp.com
Please anyone has got any solution to stop him?
Many thanks and have a nice day,
Marco.
March 20th, 2007 at 10:40 pm
These spammers drive me nuts and have done for months. Perhaps someone with some spare time could have a go at updating the Wikipedia entry with the facts about these a-holes.
March 21st, 2007 at 6:15 pm
If you would like to contact this company directly, they have another email address:
contactsupport@mailshack.com
This can be found by following Ramin's flaw instructions above.
March 22nd, 2007 at 5:34 am
liu feng mail address
liu.feng@advertisingemailcorporation.com
or
feng@advertisingemailcorporation.com
or
liu@advertisingemailcorporation.com
all these adresses seems to work.
March 22nd, 2007 at 9:12 am
They have been reported here too, so Mcafee users will be warned before visiting their site.
http://www.siteadvisor.com/sites/emailsolutioncorp.com?ref=safesearch&aff_id=0&premium=false&suite=false
March 25th, 2007 at 6:13 pm
I have a legitimate Internet advertising business and I am getting SPAM to and from my primary business e-mail address. Are other people getting this SPAM 'from' my e-mail address too? I also get e-mails from e-mail addresses containing my domain that do not exist. The last thing I want to do is delete my primary business e-mail address and lose contact with potential and actual clients, but I can't afford to have my good name associated with SPAM like this.
March 25th, 2007 at 8:46 pm
Suz: I'm not sure, but I think every recepeint receives the e-mail as if it was sent from their own address. It's easy for them to forge the spam headers to make this appear like that - to eliminate spam bouncing back to the actual sender.
Word of caution: never use your primary e-mail address in your domain name registration public contact info. It's obviously not protected.
March 27th, 2007 at 9:31 am
These dirtbags are also using several of my domain names as the 'from' address in their spams, and as a result, my legitimate business email cannot get through to my customers. Many of the major email companies have banned any email address with my domain name in it because of all the spam these losers have sent using my domain in the from address. "Beijing Innovative Linkage Technology" is th common denominator - they are the registrar for all of the prescription drug sites these spam emails are trying to direct traffic to. I noticed they don't even put a link in their email anymore, instead they use an image that shows their website address and tell you to type their domain name in your browser to get to their (probably) illegal prescription drug site. The reason they do that is because the spam filters have gotten so sophisticated, they actually scan the email for banned URLs before letting it through. If this company put its URL or a link to it in the email, it would probably not get through most spam filters. I know this why? Because they have gotten my URL banned and I cannot even put my website address in the signature block of my emails anymore, or they get filtered out as spam.
March 27th, 2007 at 9:34 am
by the way, I don't think it's just the whois info where they are stealing dmail addresses…it's the internet in general. I don't use godaddy and I still have the same issue. The common denominator seems to be that all of my domain names that are being used have email addresses that are published somewhere on the internet (i.e. my websites).
March 27th, 2007 at 5:29 pm
I never publish plain-text e-mail addresses because of this. I use a graphic (picture) or use a contact form with validation. If you e-mail address is published, it's sure be receive spam and probably will be used in the from address as spam.
On thing you can do is modify the MX record of your domain to include Sender Protection Framework. Your hosting provider may have to do this. It means that you have to specify which servers/IP addresses are approved for sending e-mail using your domain name. It causes all messages sent from unauthorized IP addresses to be marked and spam, and valid e-mail to be marked as "not spam". Check out http://www.openspf.org/ .
March 29th, 2007 at 10:19 am
I saw that GoDaddy accounts had this problem with the spam, well 1and1.com has the same issue. What you think is a private registration really isn't because these guys get the proxy email account and you get spammed. I have several hundred domains (all privately registered), and receive hundreds of these spam messages daily. The problem is that every now and then you want to check your junk emal to see if some important email got filtered out and is now in your junk mail. I am receiving between 30 and 40 of these spams AN HOUR!!
We need to get them shut down now!
March 29th, 2007 at 11:19 am
Thanks for the link Carlton - I'll definitely look into it.
And Bob - I agree, let's shut these spammers down. You own several hundred domain names …so do I. Let's find a way to use the power of the internet to stop these jerks. I've done some research and made a few phone calls. Does anybody see a link to the Metro Bank in Houston, TX whose phone# is listed in the whois info as the admin and technical contact for many of these prescription drug sites? Or do you think the bank is just an innocent victim of someone who used their phone#? You'd think that even dumb spammers would use legitmate info as the technical and admin contact for the domain names. Then again, perhaps they open and shut down websites so often they don't care. Either way, I think there's something suspicious about this bank whose phone# is listed in the whois. When I called they said they don't know anything about these websites, but they were almost too quick to say it - like they had a sort of rehearsed answer. I asked for their legal department and was told they don't have a legal dept - a publicly traded bank with 10 offices in Houston & 3 in Dallas, and they don't have a legal department or even a legal person to forward legal issues to? Instead, they referred me directly to the President, David Tai. It's hard for me to believe that after calling the bank's main phone # (that's posted on their website), that the first person I talked to would send me straight to the bank's President. I own a small business with less than 5 employees and even my phone calls are screened better than that!
This bank has a 'China Town' connection (see this website I found which promotes the bank):
http://www.chinatownconnection.com/metro_bank_redirect.htm
And according to the bank's website, "The foundation of our success truly has been in the ethnic markets - especially the Asian and Hispanic ones - where we have strong ties and direct involvement with the communities"
Something stinks about this bank. I think their "Asian-connection" may be relevant considering that:
1.) their phone# is listed on the whois, and
2.) all of these spammer sites are registered by a Chinese registrar in China
Coincidence? Perhaps, but again, something about this bank stinks.
March 29th, 2007 at 1:46 pm
Some of you are on the right track. You went so far as to lookup their registration information.
What nobody seems to have realized, is that the Internet is a network. What that means is that everybody relies on everybody else. In particular, each and every host must get their "feed" from their "uplink". If you sever the uplink, the host dies - or must at least find another uplink - at which point you sever it, again and again until they finally give up and/or nobody will help them.
The place to start is with their Name Servers. Figure out who is giving them name service. Contact the admins of the name servers. Ask them politely to help - be nice, be respectful - they may not be aware of what's going on.
Several possibilities can result from this. 1) They agree to help and cut the offender loose. Problem solved until they find a new provider. 2) They may refuse to help. If such is the case, politely inform them that you will contact THEIR provider and let their provider know they are helping a spammer to violate CAN-SPAM (and other) laws (it helps to include contact info. for their provider, that will rattle them). Above all, be polite and respectful, keeping emotion out of it - be professional. 3) Sometimes a host will have it's own name servers. Frequently a poor design decision, but it happens quite often. If such is the case, things become a little more tricky. Since I don't know how long of a message I can leave here, I'll continue in another message.
March 29th, 2007 at 2:24 pm
Actually, after doing a little research on them, and thinking about what to write, I've decided that rather than write up the semi-complex process of how to go about finding the right people, to just do it myself and post the results.
The accredited registrar involved is dns.com.cn It would help greatly if you speak Chinese as well as read it, which case you can go to a whois server and type in dns.com.cn Here are the results:
Checking server [whois.cnnic.net.cn]
Results:
Domain Name: dns.com.cn
ROID: 20021209s10011s00017988-cn
Domain Status: clientTransferProhibited
Registrant Organization:
Registrant Name:
Administrative Email: litao@dns.com.cn
Sponsoring Registrar: ¸
Name Server:ns1.dns.com.cn
Name Server:ns2.dns.com.cn
Registration Date: 1999-06-07 00:00
Expiration Date: 2008-06-07 00:00
The garbage characters are Chinese. Which is why I say it would help if you read and speak Chinese (and have the proper display software on your computer).
Their web page is here: http://www.dns.com.cn/
In any event, you'll notice the admin address is: litao@dns.com.cn
This is the person to complain POLITELY and RESPECTFULLY to. As mentioned in my previous message, they may be unaware of what's going on - and in fact, probably are unaware. All these people do is register addresses - just like godaddy does. The main difference is that these are the TOP LEVEL people for Chinese domains. ROOT SERVERS if you know what that means.
Everybody should write to them. A sample message:
Dear Sir,
I would like to bring to your attention a problem with one of your clients - emailmarketingassociates.com They are responsible for millions of SPAM emails all over the world. They are forging email headers and promoting these same services to others for a fee. They do not respond to emails to their admin address, nor do they respond to phone calls. They continue to abuse the Internet and are disprectful of the rights of others. ( They are in violation of your own spam policies. ) If you do not remove their domain your organization will lose face in the eyes of the world, as being co-consipirators in their illegal activities.
Respectfully,
(your name)
The above is again, just a sample but similar wording should probably be used that gets the same point across.
If someone who speaks and reads Chinese could check out the above mentioned website and review their policy on spam it would be helpful to include mention of the fact that their own policy is being violated.
More in the next message…
March 29th, 2007 at 2:38 pm
If enough people complain to the previously mentioned address with a similar letter (but written in your own words and style) it may help. Give them 2 or 3 days to respond and then complain again.
Assuming the registrar is cooperative, this process must be done over and over each time the spammers make a domain name change.
Finally, if the registrar is uncooperative, we have to pull out the big guns.
First, remind the registrar that " Use of Whois data to send spam is a violation of every ICANN-accredited registrar's terms of use for Whois data."
(You may want to include that note in the original message you send to the registrar, and that "you believe that Whois data was used as the source of address data for this mailing.")
Next, you state to the registrar, that you will be contacting ICANN to encourage ICANN to REMOVE dns.com.cn as an accredited registrar, as they are not fulfulling their obligations as set out in their accrediation agreement. You then wait for their response. Give'em a week.
If the response is not satisfactory, then we all start a letter writing campaign to ICANN, urging their removal. If enough people write, ICANN should hopefully concede and remove them. It may require going to ICANN meetings in person. It will probably be a long slow process. But, eventually, over time it should probably work.
It's best to get the registrar to take action, rather than ICANN. Much, much easier. Going to ICANN is a measure of absolute last resort and ideally should never have to be done.
Keep us all posted with your efforts.
March 29th, 2007 at 3:50 pm
Of course, a much more FUN solution, being as how the perpretator is known to be Robert Allan Soloway, is to 1) go to his office, 2) go to his house and/or 3) call; and politely offer to sell him your products and/or services. I suspect, when a line of 1000+ people show up at his home and office on a daily basis, he will eventually see the light of reason. Make sure you comply with all local laws regarding solicitation.
Simply knock on his door or ring the doorbell. Let him know what you're selling. If he's not interested, walk away. Wait until he closes the door, then the next person walks up. Any normal person will go nuts after the first day and best of all, you haven't violated any laws.
You can also request to use his bathroom, use his phone, ask for a drink of water, a donation to your favorite charity, question him regarding an article you're writing, a survey you're taking, etc. Just don't harrass him or otherwise break the law. If he has dogs that bark at you, call the local animal control and report it. If he calls the cops, let them know you have business there and you've never knocked on his door before so you couldn't be harrassing him - as would be indicated by the solicitation laws you've researched for his local area.
Also, it doesn't hurt to write him lots & lots of polite & respectful letters. No threats or you'll be violating some law.
And finally, there is of course the class action lawsuit path to take.
None of the above should be construed as endorsement to violate his rights or any laws and you should be very careful not to do anything illegal.
April 2nd, 2007 at 2:40 pm
I am trying to contact the owners of the sending ip addresses I am getting the mails from. some say to contact " ********@theirdomain.com/net/org…etc ". Is this even a valid email address to send to??? The astrics are of verying lengts but still in each domain but still…..
April 3rd, 2007 at 2:21 pm
I'm getting this email now too and found your site and all the others. I'd be the first to offer funeral services to these people. They do nothing to help the network and hinder all who try to make things right. They should be lined up against a wall and shot.
April 10th, 2007 at 5:41 am
I'm also flooded with these mails (faked from my own address)
I found out exactly the same than you, via whois.
But this doesn't help, the mailaddresses given in whois are not valid,
mailing to this anti-social creature results in:
'after 4 hours your mail was not sent to receiver'.
So the only thing we have is a DoS (denial of service attack) to the
webservers we all can see in the spam mails.
I'm running a program connecting permanently his webservers at port 80 and
put trash to him (PUT … trash.html)
The program loops in a neverending while, hence I can observe
what happens whithout having stress on my side.
Of course because I have no write access to his server,
I permanently get the answer
"Bad Request (Invalid Verb)"
At the moment I got one of his serves a little bit slower,
His responsetime sometimes increases a bit, but after a short moment
he is fast again
I think, we should flood his servers together with many people.
What do you think ?
greetings to all other victims
Tom
April 10th, 2007 at 6:06 am
PS: of course I know that possibly the given domains
http://www.emailmarketingassociates.com
http://www.emailsolutioncorp.com
http://www.emailbroadcastauthoritiy.com
…
may be be located on other innocent providers servers,
but since this psychopathical animal
seems to have his own nameservers, I hope that also his webservers are
located at himself.
So a possible DoS probably (hopefully) will NOT attack innocent provider
servers.
Do you agree ?
What else can we do ?
April 10th, 2007 at 7:56 am
The web servers are all, most likely, just zombies like the mail senders. I have not looked N2 it "yet" though to verify over time if the web servers stay the same.
April 10th, 2007 at 9:38 am
Keiser: thanx, I see, this will be no solution.
Ramin & Bryan: Your found mail-addresses (Ramin's found flaw)
unfortunately all are NOT valid
With this following little script you can immediately check if
the mail-address is valid,
if your outgoing mailserver is configured to check the recipient!
Connect to your outgoing mailserver via telnet and directly talk smtp to him:
typing smtp by hand would look like this
(after each line please wait for the mailservers acknowledgment)
telnet yourOutgoingMailServer 25
helo nameOfYourCurrentWorkingMachine]
mail from:
rcpt to:
data
stop this shit !
.
quit
(Hint: the "" around the addresses is mandatory !)
You can put it in a script to automate it for loops.
To be sure to get mailservers acknowlegment, I use some sleeps.
For example the given text is stored in a script called "mail.txt"
mail.txt:
————
sleep 1
echo helo [name of your current working machine]
sleep 1
echo "mail from:"
sleep 1
echo "rcpt to:"
sleep 1
echo data
sleep 1
echo stop this shit !
sleep 1
echo .
sleep 1
echo quit
Then call the follwing (on a linux system for example)
./mail.txt | telnet yourOutgoingMailServer 25
But whatever I do,
I see, that the …mailshack.com addresses are not valid.
After typing
rcpt to:
or
rcpt to:
I get this answer:
550 unknown recipient: contactsupport
or
TIMEOUT, there is a problem detected, please try later
Sometimes it takes long time to get this answer, my mailserver
has to check the address and sometimes he is running into timeout.
So at the moment I'm very frustrated.
Nothing seems to work
Of course if we once find a valid address, the given script can be used
to flood the a…-hole (simply use it in a loop)
Hope that some of you have any other good ideas
greetings
Tom
April 10th, 2007 at 9:46 am
shit, I forgot that my lessthan / greaterthan signs were filtered out !
so it will look like
mail from:lessthan YourmailAdress greaterthan
rcpt to:lessthan contactsupport@mailshack.com greaterthan
(no blanks/whitespace between address and lessthan/greaterthan signs)
Tom
April 10th, 2007 at 11:19 am
The purveyor of this SPAM i sRobert Soloway; listed high atop the lists of professional spammers.
He uses false information in hi sWhoIs information so people can't do to him what he's doing to everyone else; farming email addresses from ICANN.
Keep an eye on this site:
http://blog.opsan.com/archive/2006/05/25/28138.aspx#38176
They have been tracking Soloway for some time. Robert Soloway lives in Seattle, WA, so if anyone has the opportunity to pay him a personal visit I think the entire Internet will applaud you. Apparently he hangs up on people asking to be "opted out" of his SPAMS, he's even been sued by Microsoft but has somehow managed to elude paying a dime to them. A shady character who has admitted in court that when customers pay for 20,000,000 "broadcase emails" that may actually get as few as 10,000 sent after paying for the larger number.
The best bet is to use proxy IP addresses and place phony orders on his website. Eventually, after about 200 fake orders, he posts a page saying your IP is blocked. Grab a new proxy and hit him again. It's time well spent while maybe listening to a baseball game or something that doesn't require your visual attention. I do it twice nightly, and I'm sure eventually his credit cards will drop him for making too many chargebacks.
April 10th, 2007 at 12:43 pm
The website is just one of many. Don't bother trying to track down the WHOIS data on the domain name… it's all forged. The spams that you are receiving is all from one person: Robert Alan Soloway of Seattle Washington. Soloway is one of the worst spamnmers in the world and sells illegally harvested email addresses. He has opened scores of websites and they usually end up getting shut down after a few weeks but he just goes on and opens more. Some fo these are newportcorp.cn, advertisingemailcorporation.com, emailadvertisinginc.com, permissionemailcorporation.com, broadcastemailingagency.com, broadcastemailinc.com, emailadvertisingcorporation.com, broadcastemailgroup.com, theemailbroadcastingcorporation.com, broadcastemailcorporation.org, emailsolutioncorp.com and countless others.
There's plenty of info on that criminal, and it's amazing that he can spam so freely within the USA. Just do a Google search and you'll find plenty about that scum.
April 11th, 2007 at 1:10 pm
Blah. It would appear not one of you read messages 41 through 44. If you read it, then you didn't understand it. If you didn't understand it, then why didn't you ask questions? If you understood it, why didn't you do it and post your results here?
April 12th, 2007 at 3:50 am
to Dudely:
Yes you are right, some of us (including me) did NOT really understand what you said.
And after I understood, I'm honest, I could not really realize and accept it
It was a desperate try to do something against this " f…ng a…hole " immediately !
And it is really hard to understand, that we can NOT do anything against him
in a fast and quick way
When Robert Soloway is so powerful, that even MS is fighting against him,
we all should follow your hint and sent polite and respectful mail to the
respective admin addresses.
I'll do this right now and will inform you whenever something happens …
Thanx again
Tom
April 12th, 2007 at 4:22 am
to All:
Just for your information:
after sending the polite and respectful mail (in my own words) to
litao@dns.com.cn, …
… I immediatley (5 seconds) received an autogenerated answer mail with the following content:
From: litao@dns.com.cn
To: webmaster@o-possum.com
Subject: Re: worlwide spam problem with client registered by you
Tom
April 12th, 2007 at 11:02 am
OK, at least someone actually tried. It would help if someone had a friend or spoke Chinese themselves to translate it. It could be a vacation message. It might say to contact someone else at a different address. It might say F-off. There's no way to tell. If nobody here speaks Chinese, and nobody has a friend who does so, then I'm sure there's a forum or other newsgroup where Chinese gather, and someone who would be willing to translate for us. Simply give them the email address and let them get the auto-response themselves, unless you can present it in the original Chinese (you have to have the proper display software installed).
That's the ideal way to start this off. If we know what it says, we can tailor our next step accordingly. I know everybody is in a rush, so I guess y'all are going to skip that step.
In that event, the next step is to go over the head of that administrator, and complain to HIS feed, that you can't get any cooperation from him, just an auto-generated message that isn't at all helpful.
Being as how they are an accredited registrar, the only recourse at this point is for ALL OF US to go to ICANN's website and file a complaint AGAINST THE REGISTRAR.
If ICANN receives enough complaints, they might be inclined to take action and VOID that registrar's accredidation.
More in the next message.
April 12th, 2007 at 11:08 am
Start here http://wdprs.internic.net/ by filing a complaint, that the Administrative Email contact, litao[at]dns[dot]com[dot]cn is merely an autoresponder for the domain dns.com.cn and not a real person. Also complain that there is no technical contact information whatsoever.
Everybody should file this complaint. The more people that file, the more attention they’ll pay to it. We need at least 200 people to file.
Don’t bother explaining the spam issue, it’s not important at this level and will not be addressed. You’ll just be ignored if you complain about spam. This is not the proper place to complain about spam. The effort here, is focused on getting a real person to respond to emails addressed to that address. In the long run, nothing will come of it. But that’s OK. The goal here is to establish a trail of non-compliance with ICANN’s own policies, that each registrar signed. That gives ICANN the legal authority to kick them out. What we really want, is for ICANN to pressure dns.com.cn to boot any and all spammer domains, but we have to do it the long way around. This is that way.
ICANN needs in its hands, a list of complaints in order to file a lawsuit.
More in the next message.
April 12th, 2007 at 11:21 am
Next, go to http://public.icann.org/help and READ the page. UNDERSTAND the page. Then register for an account. Start posting your spam complaints. BE POLITE. Be legible. Be coherent. Be professional. ICANN is reading your posts at that page, and no other. Inform them of the entire problem in a professional and well-written manner.
Finally, as a potential last step: contact the following attorneys about a class action lawsuit against 1) the spammer, 2) the registrar (dns.com.cn)
These are the attorneys ICANN themselves use to initiate lawsuits. I would recommend only contacting them if in fact you have a list of committed people willing to pursue a class action lawsuit. DO NOT HARASS THESE PEOPLE or you will find yourself in a world of legal hurt. I seriously doubt they will work for free. Be prepared to pay a whole lot of money should you decide to go the legal route. There is no guarantee they will take the case, however in my opinion they are best suited for it as they already understand many of the issues involved – that’s a huge benefit.
Jeffrey A. LeVee (State Bar No. 125863) jlevee [at] jonesday [dot] com
Samantha S. Eisner (State Bar No. 230344) seisner [at] jonesday [dot] com
JONES DAY
555 South Flower Street
Fiftieth Floor
Los Angeles, CA 90071-2300
Telephone: (213) 489-3939
Facsimile: (213) 243-2539
Attorneys for The Internet Corporation for Assigned Names and Numbers (ICANN)
April 12th, 2007 at 11:36 am
IMPORTANT UPDATE!
dns.com.cn has changed their whois data. It is now:
Registrar Name: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Address: 20/F,Block A,SP Tower,Tsinghua Science Park Building 8,No.1 Zhongguancun East Road Haidian District,Beijing 100084,P.R.China, Beijing, China 100084, CN
Phone Number: + 86 10-82151122
Email: vgrs@dns.com.cn
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Admin Contact: Wei . Li
Phone Number: + 86 10-82151122
Email: liwei@dns.com.cn
Admin Contact: April . Hu
Phone Number: +86-10-8215-1122
Email: HUVAN@DNS.COM.CN
Billing Contact: Wei . Li
Phone Number: + 86 10-82151122
Email: liwei@dns.com.cn
Technical Contact: Feng . Zhai
Phone Number: + 86 10-82601212
Email: zhaifeng@dns.com.cn
The proper email addresses to politely complain to are:
liwei@dns.com.cn
zhaifeng@dns.com.cn
HUVAN@DNS.COM.CN
Address one email to all 3. Wait 48 hours for a response before moving on to the next step.
Post any responses here in the event they do in fact respond to your POLITE letter informing them of the problem.
I've rewritten the sample letter. This one is MUCH better.
Dear Sir,
I would like to bring to your attention a problem with one of your clients - emailmarketingassociates.com, who has been registered by your organization. This domain is responsible for millions of SPAM emails all over the world. They are forging email headers and promoting these same services to others for a fee. They do not respond to emails to their admin address, nor do they respond to phone calls. They continue to abuse the Internet and are disrespectful of the rights of others.
I believe that Whois data was used as the source of address data for their mailings. I would like to remind you that use of Whois data to send spam is a violation of every ICANN-accredited registrar's terms of use for Whois data.
The exact terms from the agreement are:
3.3.5 In providing query-based public access to registration data as required by Subsections 3.3.1 and 3.3.4, Registrar shall not impose terms and conditions on use of the data provided, except as permitted by policy established by ICANN. Unless and until ICANN establishes a different policy according to Section 4, Registrar shall permit use of data it provides in response to queries for any lawful purposes except to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.
You are hereby notified you are in violation of this section of the agreement you signed.
If you do not remove their domain from your DNS servers your organization will not only lose face in the eyes of the world as being co-conspirators in their illegal activities, but I will have no other option than to report your refusal to cooperate to ICANN, and urge ICANN to revoke your accredidation agreement for being in violation.
Respectfully,
(your name)
The above is again, just a sample but similar wording should probably be used that gets the same point across. As some people may be aware, the Chinese are big on "face" and honor, which is why I added that phrase - I wouldn't use it if the registrar were Americans or Europeans, etc.
Anyway, it's likely that the above should have a magical effect. The only problem is, it has to be done every time a new domain pops up.
In the event the magic doesn't happen, the only recourse is to contact and petition ICANN to remove dns.com.cn as an accredited registrar. They may pressure the registrar to remove the domain, and/or they may revoke their accreditation. Of course, ICANN will need massive pressure from we, the people in order to do such a thing. It's best if the registrar takes action instead.
Also, it's best to constantly check WHOIS to make sure you're writing to the most current email address. Those addresses are current as of April 12, 2007 but could change at any minute.
April 12th, 2007 at 11:43 am
A final word.
I only listed one domain in the above email. It's best to include a complete list of those used by "the spammer who I shall not name".
Make sure dns.com.cn is still their registrar - they may have already been kicked, in which case you should write to the new registrar instead of dns.com.cn
Also, as mentioned, make sure you're always working with current whois data, it could change at any time.
Also, I missed one of the addresses when I summarized. There are actually 4 addresses listed above. Feel free to add it to your CC list.
Good luck. Keep us informed of your progress on all fronts.
April 12th, 2007 at 11:55 am
Oh, one more thing.
It's best if you can provide proof that what you're saying is true. Email body, headers, whois data, etc. Establish the trail that leads back to the spammer when you write your letter. It will be much more effective - otherwise why should they believe you?
April 13th, 2007 at 6:18 am
To Dudely:
Principally I agree with you, but
Isn't there the "danger" that the more text we write the more boring the reader will be ?
I (for my own) would not be happy if I have to read an email with 500 lines of text.
I estimate the number of lines at a first glance, and when too many, I throw away.
Not interesting…
In my opinion, the text should only contain what you originally said in your quotes 41-44.
The "face" and "honour" of chinese people, … ok, thats right, but, this will not
work (I guess) if the text is too long. Your first proposal was quite good.
I think our only chance is to be as many complain-"writers" as possible.
If thousands of people complain, the text-content of the complain gets less important.
More important is, that we are enough people who complain.
What do you think ?
This was my text (used your proposal of course,
hope my English is not too bad …
—————————————–
Dear Sir,
I would like to inform you about a problem with one of your clients:
he uses for example the following domains:
- emailmarketingassociates.com
- emailsolutioncorp.com
- emailbroadcastauthority.com
and a lot more similar domains…
This client is responsible for millions of SPAM emails all over the world. He is faking email headers and promoting these same services to others, some of the victims suffer from more than 100 spam mails per day. This client's admin email address in "whois" is faked, he does not respond to any try of contact, nor does he respond to phone calls. He is abusing the Internet and is disprectful of the rights of others. ( He is in violation of your own spam policies. ) If you don't remove his domains your organization may lose face in the eyes of the world, as being co-consipirators in his illegal activities.
Respectfully,
and politely waiting for a feedback
best regards
April 13th, 2007 at 8:46 am
Why not just flood your state representatives? These people are in China, the worldwide home of piracy. What do they care? Send letters to the BBB, governor, mayor, atty general, et al in Seattle and you'll probably get faster results.
April 13th, 2007 at 11:54 am
Funny! They are in Seattle! I live in Seattle! What do you guys want me to do to them? I'd like to piss on their door for all the messages they send me!!!
April 14th, 2007 at 12:12 pm
Try this.
1. Load Google AutoFil with fictitious information.
2. Whenever you get one of these emailmarketingassociates.com spams, use the AutoFil to answer the email.
3. Let the spammers use their resources to run the fictitious information.
4. If everyone does it, maybe that will annoy them a bit.
April 14th, 2007 at 4:36 pm
Here's the Outlook 2003 solution to DELETE the spam:
Apply this rule after the message arrives
with yourname(at)yourdomainnameDOTcom in the sender's address
and with 7,500,000 in the body
delete it
Note: The yourname(at)yourdomainnameDOTcom IS what you see under the FROM in your Inbox.
Good luck!
Kill the spammers! All of them!
April 19th, 2007 at 1:29 pm
Response to Msg 63:
I have no real disagreement with you, however it has been my experience that when you show someone you have a very real ability to affect them, they listen much more closely. I have used the procedures I outlined to affect problem users in years past. My first email of "Please help" didn't work. My second email of "Please help or I'll have you shutdown and here's proof that I know who to contact to have it done" did. People react when you show you're serious and that you are in a position to hurt them.
(Please note, that the registrar's info. went from incomplete to complete very quickly, because I took the time to complain to ICANN about a DIFFERENT registrar. I assume ICANN then checked all registrar records (there aren't that many) and issued warnings to all registrar's not in compliance.)
It is very easy to delete even 1000 msgs. However if ONE of those msgs says "I know where you live and I'm watching you" and then provides the correct address, that is ONE SCARY MSG! That single msg will have more effect than all of the other 999 pleading for help.
And so, if you demonstrate to the registrar that you understand how the system works, and that you're serious about affecting their business (read "income") and know the proper steps to actually do so, this is much more effective than "Ow… I'm in pain… please help me."
Wouldn't you agree?
April 19th, 2007 at 2:52 pm
One other point. I believe that the Chinese registrars are authorized by the Chinese government. So, in the event that the registrars lose their accredidation with ICANN, their gov't will ask WHY?
The answer, will probably not please the gov't. Therefore, the people who are running the registrar might possibly be EXECUTED. No joke. They did it to a bunch of bankers over there, there is no reason to believe they won't take this situation just as seriously.
And that my friends, is much more incentive to do something about the spam, than any other reason anyone can provide.
Based on the lack of posts here stating otherwise, it would appear that nobody is truly interested in doing the small amount of work it would take to fix the problem. Clearly people would rather complain than work. Such is life.
Now you know the secrets of the Internet. Use them or don't, it's your choice. But don't complain if you don't use the knowledge I've provided you with.
One last item of note. http://www.knujon.com claims to be having an effect on spam sites.
Project Honeypot also has some interesting information http://www.projecthoneypot.org
You may want to join one or both, they're free.
April 19th, 2007 at 4:12 pm
Preach it brother Dudely!
Lead us uninitiated lead by the unknowing into the light. ;D
April 20th, 2007 at 6:44 am
Keiser, I hope we are able to let the discussion stay constructive ;D
Dudely, maybe we both are right. We should merge "the proof we can stop you"
with "only using a few words"
One try with your long version
and after that the following:
One of your clients is abusing the … internet.
(Millions of spam from emailmarketingassociates.com and similar domains)
If you don't stop him. you are complicit in his illegal activities.
You did'nt react on friendly words.
If you again don't react, we are forced to contact
ICANN which will stop you.
Best rgards.
MyName
April 20th, 2007 at 6:44 pm
The discussion has been quite constructive, for me at least. After following Dudely's advise, the spam bastard has only gotten 1 in this week as apposed to as many as 10-20 a day. So once again I say; "Preach it brother Dudely!" :> I have also implimented your advise, preemptivly as it were, by using a smaller "nicer" version. This almosty always works with anly a few exceptions. I am working on an intermediate version also. ie. "Nice", "Not sooo nice" and "BOOM!" :> Only had to use BOOM! on 1 so far because as stated "Nice" works.
April 20th, 2007 at 6:45 pm
The discussion has been quite constructive, for me at least. After following Dudely's advise, the spam bastard has only gotten 1 in this week as apposed to as many as 10-20 a day. So once again I say; "Preach it brother Dudely!" :> I have also implimented your advise, preemptivly as it were, by using a smaller "nicer" version. This almosty always works with anly a few exceptions. I am working on an intermediate version also. ie. "Nice", "Not sooo nice" and "BOOM!" :> Only had to use BOOM! on 1 so far because as stated "Nice" works.
April 20th, 2007 at 6:46 pm
Ooops sorry for the double!!
April 20th, 2007 at 10:01 pm
It's actually best if you put things into your own words. However, the paragraph I copied was from the ACTUAL AGREEMENT that all registrars must sign.
When you quote that paragraph, they assume one or more of the following 1) you're associated with ICANN (hey, you didn't say you were, it's not your fault they made the wrong assumption) 2) you know what you're talking about and/or 3) you have the power.
If you'd like to thank me, 10% of your earnings may be sent to: brotherDudely@brotherDudely.org
Just remember to always check WHOIS immediately before emailing your complaint, as you never know when changes will be made.
One further interesting item of note. Some of you in the USA may remember when the junk fax law was created. Congress - until a certain point in time - couldn't care less about junk faxes. Then, some people made sure that certain members of congress were put on certain junk fax lists. When congress became inundated with junk faxes, they passed the law. Suddenly, they understood.
I certainly wouldn't advocate putting any registrars on anyone's spam lists, but if it were to happen, said registrar would probably be more likely to situp and take notice of said spammer. In fact, that would probably Nip it in the Bud!
April 20th, 2007 at 10:04 pm
So what other world problems can I help you all solve?
April 22nd, 2007 at 1:04 pm
Ramin & Bryan: Your found mail-addresses (Ramin's found flaw)
unfortunately all are NOT valid
I emailed mailshack, and requested that this email address (contactsupport@mailshack.com) be shut down.
They said that they have had problems with this company in the past, and have removed them before. So, if you ever find that one of this company's email addresses are attached to mailshack, just email mailshack, and they will remove it.
April 23rd, 2007 at 10:05 am
Keiser: Sorry when I misunderstood you.
Your comment to Brother Dudely sounded so ironical.
Sorry again, my English is not good enough to understand all little things between the lines …
April 25th, 2007 at 11:02 am
I get them from http://www.emailbroadcastingcompany.com . I got them to respond from this email:
emailsupport@msbx.net
also it it reg to
admin@advertisingemailcorporation.com
Lets all just fwd their email right back to them!
April 25th, 2007 at 11:11 am
Got another email address:
seattleservices206@hotpop.com
April 26th, 2007 at 12:30 pm
As of April 26, 2007, the following is the DNS data for "broadcastemailingagency.com"
(Here's the command I used, you can do this yourself now.)
nslookup -type=any broadcastemailingagency.com ns1.dns.com.cn
Server: ns5.dns.com.cn
Address: 218.30.114.205
broadcastemailingagency.com
primary name server = ns2.dns.com.cn
responsible mail addr = root.ns2.dns.com.cn
serial = 2007042322
refresh = 3600 (1 hour)
retry = 3600 (1 hour)
expire = 68400 (19 hours)
default TTL = 180 (3 mins)
broadcastemailingagency.com nameserver = ns1.dns.com.cn
broadcastemailingagency.com nameserver = ns2.dns.com.cn
ns1.dns.com.cn internet address = 218.30.114.204
ns1.dns.com.cn internet address = 218.30.114.205
ns2.dns.com.cn internet address = 218.244.47.6
ns2.dns.com.cn internet address = 218.244.47.5
April 26th, 2007 at 12:42 pm
Don't know how to read the DNS data? It's simple when you know how. So here's how.
serial = 2007042322
The serial number is used by a secondary server to determine if it requires a zone transfer from the primary server. If the secondary server's number is lower, then the secondary server knows that its records are out of date. In this example, the convention used can identify when the last change was made, but other administrators may use different conventions. The first 8 digits denote YYYYMMDD. The other two numbers are the number of changes made by day or as a whole (Albitz & Liu, 89).
refresh = 3600 (1 hour)
retry = 3600 (1 hour)
expire = 68400 (19 hours)
default TTL = 180 (3 mins)
Refresh, retry and expire intervals deal directly with the primary-secondary server relationship. The TTL interval deals with the cached records on other servers. In this case, other servers are told to keep this data for 3 minutes and then flush it. 3 hours is the normal default.
The refresh interval tells a slave for the zone how often to check that the data for this zone is up to date. In this case, slaves must check every hour.
The retry interval tells a slave how often it must try to reach the master server, if the master server becomes unavailable. In this case a slave will try to reach the master every hour.
The expire interval gives the amount of time that a slave server will try to reach a master server before it expires the zone and will no longer give information about that zone. The amount of time in this record is 19 hours.
So, anyone who wanted to write a script to check when the above data changes should query the dns server no less than every 19 hours, and no more than every 3 minutes - although personally I would not do it more than once an hour, unless it is determined by testing that the data changes more frequently.
April 27th, 2007 at 8:22 am
If someone does get a script going I'll host the file for us all to d/l. Im assuming that all the interaction it would require would be to ask for the host name being searched for. Then just display the results, perhaps w/a time/date stamp also, to be able to copy/paste the whole thing in the email as more evidence.
April 29th, 2007 at 12:26 pm
Who wants to find robert with me and give him an american style beat down?
April 30th, 2007 at 9:25 am
Just show that not matter how many people are affected there's nothing we can do.
April 30th, 2007 at 10:46 am
But we are doing something about it ANT. Read above 1st.
May 1st, 2007 at 12:34 pm
Actually, I was thinking more along the lines of a seperate file containing a list of domains to be checked, rather than having to type in each one. The script would read the list, checking each domain for changes. The ideal way to do it would be to setup a mySQL database to maintain the domains prior information to compare against for changes - in particular, changes to the DNS nameservers.
There needs to be a mechanism that figures out who the registrar is, and then automatically email the registrar a complaint.
That way, the whole thing is automatic. Let cron fire it up once a day, and forget about it. I say once a day, because you don't want to have it email the registar more than once a day. Even once a day may be too often if you want to stay on the registar's good side.
May 1st, 2007 at 12:42 pm
By the way… I started out talking about "whois" and gravitated towards "nslookup". What I should of noticed earlier, is that the whois data doesn't necessarily match the nslookup data.
Because whois data is more of a convenience rather than something required (from a technical standpoint), that data can be ignored, other than to figure out who you're supposed to complain to.
What actually matters, is what the DNS records show, because that's the only way things will actually work right. If you want people to be able to access your website, and/or send you email - DNS must be correct. Therefore, the only thing that matters is what nslookup tells us.
With that said, if you lookup any of the spammer domains in the posts above, you'll notice ALL of them are using dns.com.cn as their name servers.
Therefore, all letter writing campaigns should be directed to them, at this time. Should the name server information change, then the new host of those DNS records should be the target of your POLITE & RESPECTFUL complaint as outlined in previous posts above.
May 1st, 2007 at 12:53 pm
In the event that BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. doing business as DNS.COM.CN
is non-cooperative (and please, please give them a chance to cooperate) then yet another avenue to pursue is http://gsyj.saic.gov.cn/wcm/WCMData/pub/saic/english/Contact%20Us/t20060225_14607.htm
which is The State Administration for Industry & Commerce (SAIC) of the People’s Republic of China. They are the competent authority directly under the State Council in charge of market supervision/regulation and related law enforcement through administrative means. Its functions are as follows: (go to the website, look under "About Us" and then click on "mission" to see it's long list of functions.
I would add this agency's name to my complaint letter when writing to dns.com.cn
Again - it's always better to show the bottom dog that you know who the top dog to contact is, and threaten to contact them. In the event you actually have to go to the top dog, you have a WORSE chance of getting what you want done, because if the top dog says "we don't care", that's it you're done. There is no place else to go. So it's better to make the bottom dog FEAR that you'll go to the top dog, without actually doing it. Let the bottom dog fix the problem.
May 17th, 2007 at 9:27 pm
As luck would have it, someone else has taken on the task of writing software to automate the first step of the process I've previously outlined. I have not tried the software myself yet, but it sounds decent. Here's the link:
http://www.spamtrackers.eu/wiki/index.php?title=Robert_Soloway
May 23rd, 2007 at 5:26 pm
There is more iformation on Soloway and his scam at
http://www.spamtrackers.eu/wiki/index.php?title=Robert_Soloway
http://www.spamtrackers.eu/wiki/index.php?title=Broadcast_Email_Service
May 30th, 2007 at 7:28 pm
**** ROKSO Spammer Robert Soloway Arrested ****
Robert Soloway, one of the most persistent professional spammers listed since 2003 on Spamhaus's Register Of Known Spam Operations (ROKSO) database, has been arrested in Seattle Washington in a joint operation conducted by the Was