The email recently brought to your blogger's humble attention, originally arrived on Wednesday last week. It purported to be from Ellie. The headers were as follows:
From firstname.lastname@example.org Wed Mar 14 05: 5:55 2012
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pgts04
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,HTML_IMAGE_ONLY_16, HTML_MESSAGE,MIME_HTML_ONLY autolearn=no version=3.3.1
Received: from wufsd.org (wufsd.org [18.104.22.168]) by pgts04.pgts.com.au (Postfix) with ESMTPS id CBDA73E0A27 for <email@example.com>; Wed, 14 Mar 2012 05:25:54 +1100 (EST)
Received: (qmail 23857 invoked by uid 48); 13 Mar 2012 11:22:50 -0700
Date: 13 Mar 2012 11:22:50 -0700
Subject: Website question
From: Ellie Stevens <firstname.lastname@example.org>
Content-Type: text/html; charset=ISO-8859-1
These headers and the (HTML) body bore a striking similarity to an earlier email purporting to be from someone promoting online Christian dating services.
The HTML text in the body of this (seniors dating) email was as follows:
My name is Ellie, and I blog for a site called bestseniordatingsites.org. I checked out your site danbyrnes.com.au/lostworlds/ archives/lwlinks2.htm and found some interesting and informative articles.
My site, bestseniordatingsites.org, is the only independent online resource exclusively dedicated to senior singles who want information on how to safely use online dating sites--serving the single seniors community by authoring articles on topics like how to protect your privacy and financial information online, as well as by providing general resources such as our Comprehensive List Of Senior Centers In The US, the first resource of its kind.
Would you mind having a look at bestseniordatingsites.org and, if you agree that my site could be a helpful resource for your readers, consider adding a link to it from your site?
Thanks for your time,
The earlier email promoting online dating sites had been constructed in a similar manner, and it had (initially) also scored quite low on Spam Assassin's rating. It would have been completely over-looked by your humble blogger, had the spammers not made the mistake of sending out three spam runs in the one day. It was then after closer examination that the (earlier) email campaign appeared to be suspicious.
The obvious similarities between the most recent email (above) and the earlier example are even more striking if the full body texts (including HTML) are examined. It leads to the inevitable conclusion that both emails have been constructed with the same template.
Also both emails were sent to email addresses that are available in the public domain. It seems likely that these email addresses had been harvested by spambots.
All of which suggests that they were both manufactured by the same spam engine.
Furthermore the websites which were promoted in the email promotional campaigns, bestseniordatingsites.org and christiandatingsites.net, have been setup in a similar manner. On the face of it, they were both fairly bland, but well-constructed sites which offer links and advice for people searching for online dating services.
The simple well constructed email and the rather Spartan websites all seem above board. There does not seem to be any sign of a "payload" or "hook" ... However despite their rather innocuous appearance, there is something strange about the way the sites have been registered, which hints at something possibly more sinister ... Both bestseniordatingsites.org and christiandatingsites.net have been registered by GoDaddy.com, LLC using the following organisation address:
15111 N. Hayden Rd., Ste 160, PMB 353
This technique of registering domains is infamous ... And has been used extensively by scammers and spammers who are, often with good reason, shy about revealing their true identities.
Another thing the Christian dating and seniors Dating promotions have in common is DNS for the webhosts and for some of the email campaigns, which has been provided by a Californian organisation, Media Temple Inc., which has a registered address in Culver City.
On the face of it, Media Temple Inc. appears to be a legitimate organisation. Their website which runs on the Russian based open source nginx web server, offers webhosting services, which they claim are optimised for performance and efficiency.
There are however, some reports from disgruntled customers that claim that the hosting services offered by Media Temple are in fact poor quality and generally sub-standard. There are also some more ominous reports of Russian dating scams which have come from servers hosted by Media Temple.
If Media Temple are a legitimate organisation, they should give more consideration to the fact that allowing spammers and or scammers to use their network will, in the long run, taint their reputation, and may cause closer scrutiny of their operations.
Also if the organisations which advertise their services on the bestseniordatingsites.org and christiandatingsites.net sites are legitimate and relatively free of scammers then they should consider using other means to advertise their services. Because contrary to the old adage, there is such a thing as bad publicity.
And being associated with spammers is definitely bad publicity.