29/10 Note: This page has been updated.
29/10 Note2: This page has been updated again!
Will Alex Shafts please stand up? No, I thought not!
There’s a whole tonne of spam doing the rounds today but it really is an all round mess (worse than your usual spam)….. Let me explain.
Thousands of people are receiving emails about their domains and the fact that worldswidedomainname.com is partnering with LunarPages, like the email below:
Subject: Notice Regarding Your DOMAIN NAME
From: “Domain Name Support”
Date: Tue, October 28, 2008 5:16 am
To: info@worldswidedomainname.com
*****************************************
Important Notice Regarding Your Domain Name(s)
*****************************************
Dear Webmaster,According to our records you are the ADMINISTRATIVE CONTACT.
We would like to inform you we have partnered up with LunarPages Web Hosting. We understand you are currently hosting with another provider. But we encourage you to try out LunarPages. LunarPages also has an affiliation program where you can embed banners on your website and earn $65 for every referral.
A little more information about LunarPages; Lunarpages Web Hosting was born from Add2Net in 2000, and has grown rapidly providing Shared Hosting, Dedicated, Reseller, and most recently, VPS Hosting Plans. LunarPages is BBB Accredited and is rated A for excellence. LunarPages also has received many Industry Awards including Web Host Magazines highest level of recommendation. LunarPages is one of the fewest hosting services that provide unlimited transfer and unlimited data storage.
LunarPages can fit your business needs whether you’re a small business or a large company. Join (or lurk about) Community Forums and ask our customers why they host with LunarPages. For more in depth information, news and articles about Web Hosting, Marketing, SEO, Traffic, AdWords, Design, Networking and General Fluff, visit Lunartics Blog (updated daily, sometimes hourly). Our BlogStars consist of a team of more than 20+ industry experts. You may learn something, or simply be entertained.
VISIT LUNARPAGES
If you’re not ready to give LunarPages “Web Hosting†a try just yet, TRY the affiliation program where you can earn hundreds or even thousands a month. Save this email for your records and click the link above for special promos throughout the year.
Best Regards,
Alex Shafts, CEO
World Wide Domain Names
If you are the domain administrator of more than one domain account, you may receive this notice multiple times.
——————————————————————-
All rights reserved.
Listen very carefully………
This is email is not from a domain registrar or your web hosting company! I’ll repeat that again for anyone that wasn’t listening the first time:
This is email is not from a domain registrar or your web hosting company!
I hear you shouting:
It’s only SPAM – Just delete it! Set your spam filter and forget about it.
In the normal course of events I would……..
But it would appear that whoever sent this has set things up so that all replies to his spam go back to everyone on the list, or back to innocent people who never sent the mail in the first place (like me)! This is causing a flurry of bouncebacks, abuse and general annoyance around the web! Most of the one’s I’ve received are just angry, I’ll reproduce one of the cleaner ones here (a few should never be reproduced anywhere!):
with spam like this and unsolicited email, you can rest assured that any hope you had of getting a cent from me has disappeared.
don’t ever, ever spam me again.
It’s a case of is a spammer ever going to listen to that? No, but you’re telling the wrong people my friend.
So there we have it, I’m being bombarded with mail from people who’ve been spammed (actually they’re spamming me as I didn’t ask them to mail me – but that’s a whole other argument!) I’m actually tempted to setup an autoresponder that will forward them to this blog post if they email things to the address – however, that would probably only add to the mass of problem traffic that this appears to be generating!
No point to the post really – just I needed to vent and it can be an informational resource for anyone that decides to Google this whole thing!
29/10/08
Overnight I received a vast amount of traffic, clearly a lot of people are affected by this (this is especially apparent from all the comments I’m moderating through now and the traffic over on Dynamoo’s blog).
One of the comments was from Alex Shafts himself as well, threatening legal action…. Alex, could you clarify anything above that’s not true? Rather than legal action would you like to provide me with a comment here to explain what is going on? Surely that would be a better scenario for you – if you are as you stated in your comment “The largest hosting company online”.
29/10/08 Note2:
For all those that keep commenting with contact details for this domain, I’m editing them out – we’ve all seen the domain and know where the WHOIS database is – I’d prefer to keep it that way in line with my commenting policy.
I’m pissed at this guy. My customers received his emails and it does appear that they are coming from me (their domain provider). I see his host suspended his account. I wanted to report him to LunarPages so they can kick him from their affiliate program but now his link to them is unavailable. Any ideas?
None at all – other than to point people at this post (or Dynamoo’s) and spread the word that this is happening.
It’s wrong and there’s nothing you can do to stop it, a bit like returned spoofed emails – very annoying!!!
I THOUGHT I WAS ALONE BUT GOOGLE LEAD ME HERE, I FOUND THIS PAGE WHILE SEARCHING FOR THE CAUSE OF THE PROBLEM
IT IS ENTERTAINING
I called LunarPages and they are aware. Original SPAM recipients may forward the SPAM with full headers turned on to abuse@lunarpages.com so they can take appropriate legal action against him.
As soon as we became aware of this earlier today, we terminated his affiliate account. His actions were a direct violation of our Terms of Service, and we simply will not tolerate spammers under any circumstances.
Our apologies to everyone who has had to deal with this spammer. Our Abuse team is also looking into further actions we can take against this individual.
Thanks to everyone who’s emailed us to let us know so we could delete his account and terminate his relationship with our company.
arrest this guy. Those replies you mentioned are not “replies” I got exactly the sames. I guess he is sending them just to test his network. He is an hijacker terrorist who steals passwords and email addressess.
I guess someone oughtta go teach this guy a lesson:
Address details removed – this can all be found in WHOIS for those that really want it!
I guess they harvested lots of e-mail addresses from the whois databases, added them to a mailing list and then sent out their advertising. Of course every email, bounce, auto-reponse, etc that gets sent to this list now is being distributed to all participants of that list. Its annoying but very simple to filter, since all e-mails are going to the same recipient address.
For anyone subscribed to comments I’ve updated the original post as well now.
@Peter and @Amy
Thanks for that, interestingly your emails were timed around the same time as Alex himself contacted me, threatening legal action from “the largest hosting company online” who “do not engage in illegal spam activities. ”
I’ll be dropping Alex an email shortly should he feel he would like to reply to the comments here 🙂
@Tolf – I know – my mailbox is interesting this morning to say the least, time to go create a filter I think!!
Will you look at that – even the yahoo email account Alex left a comment with has been terminated. Alex – please get in touch!?!?
Yep! This applies to me too. My boss asked me to investigate this issue, as we both thought that it was OUR smtp server that was being abused. Turns out its not us… but poor old Mr Shafts.
I had a ten second dig in our exim logs to make sure we weren’t sending it outbound as well 🙂
I have the same problem… The exact same message
“with spam like this and unsolicited email, you can rest assured that any hope you had of getting a cent from me has disappeared”
don’t ever, ever spam me again.
Its a real shame that nothing can be done…just wondering how long my boss will be getting these messages!!
I suppose all we can do is wait for Mr Shafts to be Shafted!!
Please let me know if there is anything i can do to help.
I have a feeling that my industrial strength spam filter has kept much of this crap out. If you’re still getting bouncebacks, try abuse@ecommerce.com give the headers or as much detail as you can.
I’ve added another blog entry here with a blow-by-blow account of what I think happened.
Sheer stupidity is the problem, I think.
Guys there is a really simple solution to stop this, go into your mail settings on your server and setup the following into the ‘Server Spam Blacklist’:
*@worldswidedomainname.com
You’ll never recive anything agan from them!
I’m one of the victims. Responses to the spam have been coming into my mailbox and believe me, the recipients are unhappy to say the least. ‘course, they’re not as unhappy as me but that’s a different matter entirely. Hopefully, this will end soon. What a pain in the tuckus!
Robert
Interestingly my spam filters on my regular email accounts are pulling out the comment notifications for this post as spam – so obviously the title including the URL has something to do with that.
@Nurul and Robert
I think it’s just a case of watch and wait for the whole thing to die down.
@Tazzer
I shall probably do that later today actually! I’d be interested to see when it stops though! 🙂
@Conrad
Thanks dropped you a reply over on your blog before I even saw this comment here 🙂
I have been dealing withthis guy since yesterday – on the phone with pair.com all morning. I had sent them the Headers from the emails which they said wouldbe very helpful
Funny thing is my registry info is private- so no email is out there for my WHOIS info
I tried to email him at his yahoo addy yesterday and it bounced back – his phone # is no good.
I did sendhim a lovely email in regards to his dead grandmother and my dog— sorry if any of you got it instead : )
Wow, the fool threatened you with legal action. I’m not sure that would stand up. Seriously though, I’ve been lucky enough to miss out on all this thank god. Why anyone would be this stupid is beyond me. From Dynamoo’s article I can only assume that Alex is not a proffessional spammer, if he was he’d have covered his tracks better.
Matts last blog post..Windows 7 User Interface
further investigtion shows the return path creats an alias, with your name@worldswidedomainname.com
example:
info-return-37-yourName=yourDomain.com@worldswidedomain
so in turn you recive all the angry replies directly to your email! sneaky…
So like I said above, its dead simple to stop, just blacklist:
*@worldswidedomainname.com
adding an astrix before the @symbol will wildcard the entry stopping all emails from ‘worldswidedomainname.com’ including ‘info-return-37-yourName=yourDomain.com@worldswidedomain’, this will stop you receiving any angry reply’s from anyone assosiated with this spam nonsence.
Every hosting account has a spam blacklist, the best being ‘Mailscanner’ which is a 3rd party app, that you can install if you have root access.
The ONLY downside to blacklisting ‘*@worldswidedomainname.com’ is you wont recive any genuine emails from worldswidedomainname.com, but cant imagine anyone out there is too bothered about that…
🙂 🙂 🙂 🙂 🙂 🙂 🙂 🙂 🙂 🙂
@mare No – haven’t spotted any emails about grandmas or dogs today 🙂 Someone else probably has though!
@Matt – Precisely, as it is there’s just a whole lot of spam forwarding around, I can setup a filter to get rid of all mine to you if you feel you are missing out?????
@tazzer – I’m leaving it open for now, I’d like to see when it all dies down. But anyone that is put off by this should follow your advice!
Please help! Please help get these email to stop. some how they sent an email from my account and gave everyone my name and number. i have gotten calls from around the world. please get these to stop. if there is anyone out there we need to take action on this person. i am getting tired of the calls and emails.
thank you,
Sam
I thought Tazzer had cracked it, but not for me..
using *@worldswidedomainname.com in the mail server doesn’t block emails coming to me from the irate recipients of the original spam.
… any other tricks I could use?
This is absolutely killing me. it’s incredibly annoying… hopefully spam assassin can adapt.
@Sam Feldman
That you get all these e-mails and phone calls is your own fault. You sent a reply to that mailing list (ie to thousands of people), containing your name, address, employer, phone and fax number. Also your reply included abusive language, so be prepared that Mr Ian from Gospelfrontiers will “take a note” that you are a “rude person” and publicbly announce that on the mailing list.
Haha, it’s incredibly how much bullshit people send to this list. I decided to not block it, but only redirect it to an own folder. Just too funny.
@Les Taylor – hi mate, definetly does work, you gota be doing something wrong. Are you sure you are adding ‘*@worldswidedomainname.com’ into the server blacklist? not your email settings or email account, but directly to the server blacklist?
Les Taylor – also open up the header on any of the spam emails, and print on this blog the exact ‘Return-path:’ within the header. cheers buddy
The odd thing is that I’m still getting mail from TUESDAY on THURSDAY. Somwhere there is a 42 hour delay and it is getting longer. I wonder if the mail500.opentransfer.com relay is collapsing under the load?
Yeah I should be blocking these.. but there’s something grimly fascinating about the way it is unfolding. It’s like watching everything in slo-mo.
Well I am getting all of this as well. Thankfully its mainly being filtered out by my spam filters but one of my colleagues is being swamped by it. What makes it worse is that I work for a domain name registrar myself .
What a rant – Buggins…… Seems like he’s hiding away now though?
I am also an unfortunate recipient of these emails. At first I was panicked, thinking that my classifieds site email server had been compromised, and spent some time frantically looking for the security hole. After I realized it was just a distribution list I decided to filter it to a folder and watch it for awhile to see what it did. I was too afraid to respond to anything, because I wasn’t sure if it was just some kind of phishing scam to try and hack email accounts or something. I am so glad to have found your blog. Not that telling you my story helps stop the spam, but I am glad to see that there people who are working on this issue, and I hope that it will end soon.
Oh, and by the way, I did try to call the phone number listed for Alex Sheets (found via a whois) but the number was not in service. Darn it, I was so looking forward to a little chat with him…
Not to be a pest, guess I should have collected my thoughts before writing, but I also just wanted to mention that because of my fear of being phished, I signed up for a throwaway yahoo account yesterday and tried to send a test message to the distribution list we all seem to be on imploring to be removed, but it never went through. It didn’t bounce either. At least not yet. The other thing that is puzzling me, is that I have 9 email addresses in my mail reader, and I can’t seem to figure out which server / email address it’s coming through. I try to view the message source but outlook doesn’t show me anything useful, including which of my email accounts the spam is being sent to. Can anyone give me some ideas? I am using outlook 2000. I was right clicking in the message and choosing “view source” but all I see is formatted HTML, no headers or other useful info. I promise, this is my last comment (for now). Thanks again for posting this blog entry. I know it’s not stopping the spam, but it does make me feel better to be able to chime in on the discussion without having to reply to the list and “spam” myself and all of you.
can i just confirm everyone who is reciving this spam IS on 3rd party email accounts. ie not gmail, yahoo, hotmail etc??? Your own personal email, same as your domain name???
opentransfer.com seems that they are starting to block the mails… so we may be seeing some relief…. Now for those people deciding to email people asking them to kindly ‘F Off’ or to ‘fellate’ you… please stop. It’s annoying innocent people who are feeling the same pain that you are.
tazzer, I’m still not sure which of my accounts is receiving the mail since all 9 of my accounts come to the same outlook inbox, but all of my email addys are my own custom domain names, and not yahoo or gmail or anything like that. Though when reading the replies to the spam list, I have noticed that some of the other victims had gmail and yahoo accounts.
If they have shut down this guys account, how is it still possible that these emails are going thru?
I noticed there was a big break in the action for a while yesterday afternoon- but when I came back from the WORLD CHAMPION PHILLIES game last night– the box was full of crap again.
Tazzer – almost certainly getting it wrong..;o))
The Return-Path entry shows
info-return-70-abcde=vwxyz.com@worldswidedomainname.com
I’ve ‘modified’ the actual return to avoid it getting even more spam.
As you can see we’re up to 70 messages as of this a.m.
Good few from gmail, but mostly from individual domains. Glad to say only a couple abusive…one threatening.
Well the reason that his phone number doesn’t work is because it looks like his house has been taken back by the bank. Do a Google search for it.
A small sampling of some of the bouncebacks shows that almost all email addresses are associated with domain registrations, so it’s pretty certain that this was scraped off the WHOIS details. Using domain privacy doesn’t necessarily help either, as emails to those sort of registrations get forwarded automatically. If in doubt, your receiving email address IS in the headers.
It looks like this guy tried to use mailing list software like majordomo to send his spam:
List-Post:
List-Help:
List-Unsubscribe:
List-Subscribe:
Delivered-To: mailing list info@worldswidedomainname.com
firstly dont worry follow this and it’ll soon all be gone. As you can see your reply address ends in ‘@worldswidedomainname.com’, whatever is before that dosent matter. What we want to do is block everything from ‘@worldswidedomainname.com’ including ‘info-return-70-abcde=vwxyz.com@worldswidedomainname.com’.
once it is blocked, there is no way you’ll ever hear from this mare again..
I think we have also discovered everyone who’s receiving these spams is receiving them in their personal email domain (ie not hotmail, gmail, yahoo etc etc) so if you had for argument sake a website called ‘mypersonalsite.com’ and an email called info@mypersonalsite.com, thats whats seems to be being targeted. and thats the email we want to stop receiving the spam at.
ok, so we understand what we got to do, how do we implement it?
1) go find your hosting login details, (usually a web address + username and password)
2) login to your hosting account
3) look for a section called ’email settings’
4) within your ’email settings’ there will be icon or button labeled ‘Server Spam Whitelist Blacklist’ dependent on your hosting account this will vary from one host to another, but basically its there somewhere, you may also find it may be labeled differently, like Spam or Junk
5) once you find the whitelist / blacklist button, the’ll be two columns, one for whitelist and one for blacklist, in the ‘Blacklist’ column, type:
*@worldswidedomainname.com
6) save, and exit your hosting account
voila, email spam has stopped… enjoy 🙂
I contacted the original web host on Wednesday and they have suspended the account. If people stop responding to that account or the yahoo account good old Mr. Shafts set up, these will eventually disappear. Oh, by the way, the phone number listed is one that is out of order.
Thank you. I just did that and I’m hoping it works.
I still don’t understand how this is still happening if this guys server supposedly disabled his account.
@Mare – its still happening, as the people on the mailing list is ever increasing and none of them have an @worldswidedomainname.com account. So you were reciving emails from all these other people!
It looks like Alex Shafts found a way to beat traditional spam systems by accident. Luckly theres a really simply fix 🙂
I don’t think suspending it fixed the problem, but I’ll cross my fingers. This is very frustrating! Thanks for posting the blog entry though.
Reminds me of Bernard Shifman (Google him or see this archive page). He’s a bit of an internet legend and a cautionary tale for anyone considering spam as a career move.
What a pain all of this is, thanks for putting up the blog entry … I forward it off to people who send nasty responses to me in error 😛
@graham – dont reply to anyone in the list dude, it will just create more spam, the’ll soon find this link…
just a note that I’ve been receiving these email to my yahoo account, which isn’t tied to any domains I have at all. I’m not sure what is going on, but I’m glad it’s finally starting to slow down!
Thank goodness for this blog. I thought I was alone and going mad.
My only comment would be that it is all very well Lunarpages being so sympathetic and suspending this guy’s account but if they did not run lame and unecessary affiliate programs in the first place then this would not happen. They are as much to blame and were I a US citizen they would be the first place my lawyers would be filing damages. I’m sorry Alex Shafts lost his house, I just hope the federal authorities will be able to provide him with a residence for a long period of reflection about his actions.
Louis Berks last blog post..Last Day of Autumn?
@ lising – how are you accessing the yahoo account? are you loggin into @ https://login.yahoo.com/config/login_verify2?&.src=ym or are you accessing via a mail client such as Thunderbird or Outlook?
If you going via Thunderbird or Outlook do you have any other accounts setup within the Thunderbird or Outlook app?
are the pop or imap accounts?
sorry for all questions, just trying to get to the root of this..
Louis Berk
I agree the feds should rehouse this guy.
As a domain & hosting provider, I’m realy miffed with this guy,
I’m trying my damdest not to reply to some of those abusive responses,
but it’s ‘a challenge’.
Hopefuly I’ve set things up to at least minimise the pain,
and yes, thanks for the thread & everybody’s comments,
nice to ‘not be alone’.
I am in the same boat as all of you. I believe the target should be to try and isolate where the mail list is and mail program are originating. And then we can hopefully stop the mail list program. Even stopping his domain registration and hosting can still allow this to continue under certain circumstances.
You can spoof just about any email in the world and send out- also have the reply address different than the displayed address. This mail list program might be capable of changing smtp servers on a whim – and maybe even the return to email address to keep the list going. It is possible the program is in one location and they are using a relay to send out and can easily switch relays as well. It is also possible that the relay can be changed so as to re-route the emails fairly easily as well (although many smtp resources are limited by the amount of email you can send out in a given day).
It is fairly easy to keep this type of abuse going with resources that are not being regulated.
I have seen this once before, but it was an inadvertent situation which eventually was rectified (infinite email loops) by changing if the mail list allowed for responses.
But I do believe the spam has died down… so hopefully it is gone for good.
Mauricio Zunigas last blog post..Psycho Girlfriend Creates the Slutmobile
Great post! This is an interesting and informative post. Thanks for sharing ! Hope to see your new posts soon.