Another Spam E-mail Source Identified: Steals from

I just received an unsolicited commercial e-mail from a company named, ironically, They did not receive my permission before sending me the e-mail. Their site states that they provide “choice / opt-out” for recipients. Funny, the spam message they sent me didn’t contain any such option.

Apparently they provide “free advertising for charities.” They also promise not to collect any customer information. Wow, how nice of them. But if they really cared about your charity, they wouldn’t use “third-parties” to “advertise and collect information about customers.” The company appears to be based out of China and related to retrieved the e-mail address from my Godaddy account. Not from my public DNS who-is information, but from my GoDaddy account itself. GoDaddy needs to set-up their customer protection.

Update 13-March-2007: I started receiving e-mail messages to the address I use in my domain name whois information. Every domain has to have a contact e-mail address and it must be shared (unless your pay your registrar to make is private.) This is information is not allowed to be used for this purpose, but obviously this company is not playing by the rules. Once your e-mail address is out there for them to use, there is nothing you can do to get it hidden again. Either setup a spam filter or change your e-mail address (which may be found again.) Be careful about using a false e-mail address for your domain contact information. Your registrar may charge you an administrative fee if someone reports not being able to contact you because of that. To see you public whois information for your domain, try the Network Solutions Whois Lookup page.

Written by in: Web | Tags: , , | Last updated on: 2014-May-27 |


  • Dudely says:

    As of April 26, 2007, the following is the DNS data for “”

    (Here’s the command I used, you can do this yourself now.)
    nslookup -type=any

    primary name server =
    responsible mail addr =
    serial = 2007042322
    refresh = 3600 (1 hour)
    retry = 3600 (1 hour)
    expire = 68400 (19 hours)
    default TTL = 180 (3 mins) nameserver = nameserver = internet address = internet address = internet address = internet address =

  • Dudely says:

    Don’t know how to read the DNS data? It’s simple when you know how. So here’s how.

    serial = 2007042322

    The serial number is used by a secondary server to determine if it requires a zone transfer from the primary server. If the secondary server’s number is lower, then the secondary server knows that its records are out of date. In this example, the convention used can identify when the last change was made, but other administrators may use different conventions. The first 8 digits denote YYYYMMDD. The other two numbers are the number of changes made by day or as a whole (Albitz & Liu, 89).

    refresh = 3600 (1 hour)
    retry = 3600 (1 hour)
    expire = 68400 (19 hours)
    default TTL = 180 (3 mins)

    Refresh, retry and expire intervals deal directly with the primary-secondary server relationship. The TTL interval deals with the cached records on other servers. In this case, other servers are told to keep this data for 3 minutes and then flush it. 3 hours is the normal default.

    The refresh interval tells a slave for the zone how often to check that the data for this zone is up to date. In this case, slaves must check every hour.

    The retry interval tells a slave how often it must try to reach the master server, if the master server becomes unavailable. In this case a slave will try to reach the master every hour.

    The expire interval gives the amount of time that a slave server will try to reach a master server before it expires the zone and will no longer give information about that zone. The amount of time in this record is 19 hours.

    So, anyone who wanted to write a script to check when the above data changes should query the dns server no less than every 19 hours, and no more than every 3 minutes – although personally I would not do it more than once an hour, unless it is determined by testing that the data changes more frequently.

  • Keiser Sosa says:

    If someone does get a script going I’ll host the file for us all to d/l. Im assuming that all the interaction it would require would be to ask for the host name being searched for. Then just display the results, perhaps w/a time/date stamp also, to be able to copy/paste the whole thing in the email as more evidence.

  • Brett says:

    Who wants to find robert with me and give him an american style beat down?

  • ANT says:

    Just show that not matter how many people are affected there’s nothing we can do.

  • Keiser Sosa says:

    ANT Says:
    April 30th, 2007 at 9:25 am
    Just show that not matter how many people are affected there’s nothing we can do.

    But we are doing something about it ANT. Read above 1st.

  • Dudely says:

    If someone does get a script going I’ll host the file for us all to d/l. Im assuming that all the interaction it would require would be to ask for the host name being searched for. Then just display the results, perhaps w/a time/date stamp also, to be able to copy/paste the whole thing in the email as more evidence.

    Actually, I was thinking more along the lines of a seperate file containing a list of domains to be checked, rather than having to type in each one. The script would read the list, checking each domain for changes. The ideal way to do it would be to setup a mySQL database to maintain the domains prior information to compare against for changes – in particular, changes to the DNS nameservers.

    There needs to be a mechanism that figures out who the registrar is, and then automatically email the registrar a complaint.

    That way, the whole thing is automatic. Let cron fire it up once a day, and forget about it. I say once a day, because you don’t want to have it email the registar more than once a day. Even once a day may be too often if you want to stay on the registar’s good side.

  • Dudely says:

    By the way… I started out talking about “whois” and gravitated towards “nslookup”. What I should of noticed earlier, is that the whois data doesn’t necessarily match the nslookup data.

    Because whois data is more of a convenience rather than something required (from a technical standpoint), that data can be ignored, other than to figure out who you’re supposed to complain to.

    What actually matters, is what the DNS records show, because that’s the only way things will actually work right. If you want people to be able to access your website, and/or send you email – DNS must be correct. Therefore, the only thing that matters is what nslookup tells us.

    With that said, if you lookup any of the spammer domains in the posts above, you’ll notice ALL of them are using as their name servers.

    Therefore, all letter writing campaigns should be directed to them, at this time. Should the name server information change, then the new host of those DNS records should be the target of your POLITE & RESPECTFUL complaint as outlined in previous posts above.

  • Dudely says:

    In the event that BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. doing business as DNS.COM.CN
    is non-cooperative (and please, please give them a chance to cooperate) then yet another avenue to pursue is

    which is The State Administration for Industry & Commerce (SAIC) of the People‚Äôs Republic of China. They are the competent authority directly under the State Council in charge of market supervision/regulation and related law enforcement through administrative means. Its functions are as follows: (go to the website, look under “About Us” and then click on “mission” to see it’s long list of functions.

    I would add this agency’s name to my complaint letter when writing to

    Again – it’s always better to show the bottom dog that you know who the top dog to contact is, and threaten to contact them. In the event you actually have to go to the top dog, you have a WORSE chance of getting what you want done, because if the top dog says “we don’t care”, that’s it you’re done. There is no place else to go. So it’s better to make the bottom dog FEAR that you’ll go to the top dog, without actually doing it. Let the bottom dog fix the problem.

  • Dudely says:

    As luck would have it, someone else has taken on the task of writing software to automate the first step of the process I’ve previously outlined. I have not tried the software myself yet, but it sounds decent. Here’s the link:

  • SolowaySucks says:

    **** ROKSO Spammer Robert Soloway Arrested ****

    Robert Soloway, one of the most persistent professional spammers listed since 2003 on Spamhaus’s Register Of Known Spam Operations (ROKSO) database, has been arrested in Seattle Washington in a joint operation conducted by the Washington State Attorney General’s Office, the FBI, FTC, Internal Revenue Service Criminal Investigations (IRS-CI) and the United States Postal Inspection Service (USPIS).

  • shirty victim says:

    !!! Y E S !!!

    A very good message for the world

    Thanks to all people who made the arrest possible

  • Webmaster says:

    I am receiving up to 3000 bounce-back spoofed messages a day from someone spoofing e-mail spam from my domain. Every website they are advertising is registered to Beijing Innovative Linkage Technology.

    This has GOT to stop.

  • Shannon says:

    me too. I used to get hundreds per day, then they stopped for awhile. They started again the day after Soloway was arrested, but then stopped again a week ago or so. I think these losers just rotates the ‘from’ addresses they spoof and they’re taking a break from using my email address right now. I’m sure I’ll be getting hundreds a day again soon enough.

  • Jeff C says:

    i received a scam email from email address “” Sounds legit doesnt it?
    Promising money won (large amount), so WHAT do i do now to stop them, they have the right header for the email, but i was alerted by the ‘not quite right’ sentences and grammar. Can someone please help me?
    P.S. Can’t find a direct email address to microsoft to alert them of this new scam using their name (and Bill Gates!)

  • Carlton Bale says:

    Jeff: It’s extremely simple to make the FROM e-mail address be anything the spammer wants. What you have to do is go inside the header details and look at the originating IP address for the e-mail and see if it is a Microsoft IP address or not (I can tell you, it’s not.) You can use to process the entire header and tell you all sorts of things about the e-mail.

  • brian says:

    i hate these scam emails

    i always double check my emails at

    some of them look surprisingly real


  • Dale M. says:

    Robert Alan Soloway is reaponsible for all of this spam.

    He was arrested, pled guilty and will be going to jail for decades.

    Google his name and read all about him.

RSS feed for comments on this post.

Leave a Reply

If you have a comment or question, please post it here! is powered by WordPress | View Mobile Site | © 1996-2016 Carlton Bale