As a hosting company, we manage tens of thousands of domain names. Spammers take every opportunity, and a domain owner’s details (which ICANN until recently required to be publicly available) were an easy target for large spam campaigns. Even with the recent GDPR WHOIS changes, where most of the details are hidden, the spam targeting domain owners hasn’t stopped.
At ICDSoft, we have to go through literally thousands of email messages every day – various notifications, customer emails, and lots and lots of spam. We use multiple advanced spam filters, and we still have to go manually through a lot of spam messages to make sure they are not false positives. Our quality standards don’t allow us to rely blindly on spam filters alone. We’ve built our reputation on offering stellar support, and we won’t let spammers get in the way.
Spending some time every day looking at all the different ways spammers try to get money out of people’s pockets helps us notice patterns in the spam messages they send. Spam against domain owners has one advantage over the regular spam messages – suddenly you start getting very targeted spam messages, with your business name, domain name, and other private details right at the beginning of the spam email.
The most common type of spam for domains we see is the so called “Important notice”. Spammers rely on this subject as domain registrars are required by ICANN to send messages with this subject to domain owners, so they can update their WHOIS contact details if necessary.
You can compare the content of the fake and original email messages below (we’ve redacted the URLs, domain names, and all contact details for security reasons):
You should handle the original message with care and follow the instructions in it.
As for the fake (spam) message, it looks like a message warning you that your domain name is about to expire. There is an expiration date, registration period, and it appears to be related to your domain name. It’s very easy to mistake this for a domain name expiration notification, which it’s not.
If you read carefully, you’ll see that it’s a renewal notification for a “Domain SEO Service Registration” – a service that you’ve never heard of and never subscribed for:
Domain Name: example.com This important expiration notification notifies you about the expiration notice of your domain registration for example.com search engine optimization submission. The information in this expiration notification may contain legally privileged information from the notification processing department of the Domain Seo Service Registration to our search engine traffic generator. We do not register or renew domain names. We are selling traffic generator software tools. This information is intended for the use of the individual(s) named above. If you fail to complete your domain name registration example.com search engine optimization service by the expiration date, may the dismissal of this search engine optimization domain name notification notice.
The spammers are even confessing this at the bottom, where they know nobody reads:
We do not register or renew domain names. We are selling traffic generator software tools.
They are simply using your domain name to try and trick you into “renewing” a service that you’ve not purchased at all. Some more nefarious spammers may be trying to snoop your credit card details as well (which turns this spam message into scam).
The above message is the most popular one from the current wave of spam against domain owners, but it certainly isn’t the only one. Some time ago, Domain Registry of America (DROA) ran a scam-like operation that aimed to mislead people into transferring their domain names to DROA so that DROA can later charge them high domain renewal fees. There are some details about such practices at https://en.wikipedia.org/wiki/Domain_name_scams.
If you receive a message like the one listed above, don’t delete it. Instead, move it to the Junk Mail folder of your email account. This will train the algorithms of the spam filter to recognize such messages better.
Spam Protection: With ICDSoft, you get advanced spam protection based on the Apache SpamAssassin engine. It isn’t a plain SpamAssassin installation though, with the volume of emails we are processing daily (hundreds of thousands of emails are delivered/sent from our hundreds of servers daily!) we have fine-tuned our spam filters. We have upgraded many of the spam lists and we use lots of secure and paid anti-spam lists.
WHOIS Privacy: We cannot overstate the need for WHOIS privacy. Using a WHOIS privacy service not only protects you from these spam attacks, but also protects your private details. At ICDSoft, we believe WHOIS privacy is essential, and that’s why we are offering it for free with every domain registration/transfer.