I've got what looks like a compliance case, but it's somewhat complex,
and I'm sure other OpenSRS RSPs are getting these also, so I am CC'ing
this to discuss.
A company whose website claims to be an opt-in marketing company is
sending out advertisements with links to .biz and .info
preregistration sites. They claim to be opt-in, but their website
includes only bogus contact information, something no real opt-in
company would do, and nothing but the single web page with no other
information, again, something no other opt-in marketing company would
do. The domain they are using for this is
domainmarketingmailers.com, which is registered with OpenSRS.
The email makes it look like they are sending you details about the
"best" places to do biz/info preregistrations, and include URLs which
forward to one of the following domains (they even say stuff like,
this one is the best, this is the second best, etc):
dotbizlottery.com
preregisteryourdomains.com
takemyname.com
greatdomainrace.com
See the whois on those domains plus the domainmarketingmailers.com
domain name for similarities.
Traceroutes for domainmarketngmailers.com go through sprintlink to a
netblock registered to: (Also the originating IP in the spam is linked
to this netblock)
INTERNET SATELLITE DIRECT (NETBLK-FON-110168422482378)
1683 W. GRANT RD. #101
TUCSON, AZ 85745
US
Traceroutes for dotbizlottery.com go through uunet to a net block
registered to:
Internet Satellite Direct (NETBLK-UU-65-197-248)
1683 west grant rd
Tucson, AZ 85745
US
Traceroutes for secure.preregisteryourdomains.com,
secure.takemyname.com, and www.greatdomainrace.com are the same as
dotbizlottery.com's.
All of these sites get a link that is made to look like an affiliate
link that a popular affiliate program service uses, with AID and PID
in the URL, much like commission junction uses, and use the affiliate
program excuse to claim that they didn't send out the spams. However,
looking at the netblock registrations, and whois on the domains, you
can clearly see they are doing the spam on sprintlink, and telling
them these are just "normal" complaints that any opt-in marketer gets
when they send out email ads, and that they have no link to the sites
linked to, so why would they spam them, and then telling UUNet that
they didn't send out the spams, it must be an affiliate, we will
terminate them, blah blah blah.
While they do have a CJ affiliate program, the links in the spams are
NOT going through the CJ system, but are made to appear "like" the CJ
links do.
All the addresses I've received this at were culled from whois
listings. I've got a handful of them, and I have customers who I am
asking to send me any they have received or will receive.
I intent to pursue this with Sprintlink's security and abuse team
tomorrow, and possibly with UUNet though they tend to be less
responsive.
I don't know if they are submitting their registrations via OpenSRS or
not, but the fact that all of their domains are registered with
OpenSRS suggests that they may be.
Compliance, I will be sending a second email with 6 different emails
that were sent by this company as attachments.
--
Best regards,
William X Walsh <[EMAIL PROTECTED]>
Userfriendly.com Domains
The most advanced domain lookup tool on the net
DNS Services from $1.65/mo
