I received a SPAM from Intrust Domains (apparently an ICANN Accredited Domain Registrar) today.  It’s bad enough that they are using the WHOIS database for commercial purposes (a use which is explicitly prohibited by ICANN), they were trying to sell me a domain they don’t even own!  Here’s the email:

Intrust Domains spamThe first thing you should notice is the use of a “throw away” domain (MASRECARGA.COM in this case) throughout the email – a CLASSIC SPAM TECHNIQUE.  By using “throw-away” domains like this, they hope that anti-spam tools won’t label the email as spam since these domains are usually fairly new.  Plus, it protects their primary domains (dnipremiumnames.com and intrustdomains.com) from complaints to their ISPs since the primary domains are not actually listed in the SPAM emails.

Secondly, the domain they are offering me happens to be in the “deletePending” state as reported by whois.internet.net.  At this point, only moniker.com has any control over the domain if anyone!  I don’t see any business link between Moniker and Intrust Domains.

Even the email headers show evidence of SPAM techniques, proving they know that their marketing practices are illegal:

Return-Path: <arthur@MASRECARGA.COM>
Received: from worldtaxpages.org (def.wtsuk.net [208.87.24.149])
by xxxxx.xxx (8.14.4/8.14.4) with ESMTP id oBLD2Fg7014437
for <domainadmin@xxxxx.xxx>; Tue, 21 Dec 2010 13:02:15 GMT
Received: from art.names.org (art.names.org [192.168.1.22])
by def.wtsuk.net (8.14.3/8.14.3) with ESMTP id 338
for <domainadmin@xxxxx.xxx>;
Tue, 21 Dec 2010 07:46:59 -0500 (EST)
Date: Tue, 21 Dec 2010 04:46:59 -0800 (PST)
From: Arthur Simmons <arthur@MASRECARGA.COM>
To: "domainadmin@xxxxx.xxx" <domainadmin@xxxxx.xxx>
Message-ID: <20101221.1292935619499.67347241@def.wtsuk.net>
Subject: XXXXXXXXXXX.COM
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_35689_32767277.1292935619497"
User-Agent: Thunderbird 2.0.0.23 (X11/20090825)
  1. They didn’t send the email from their own server/network (the ones associated with intrustdomains.com or dnipremiumnames.com, which are both apparently hosted in Panama?!?), again to avoid the complaints to their ISPs.
  2. The domain ‘wtsuk.net’ is owned by Intrust Domains.  Interesting to note that the several hosts I could find on that domain are on IP addresses all over the world (another good sign of a spammer).
  3. The HELO name doesn’t match the reverse lookup of the host delivering the email.  Typical spammer oversight.
  4. The second Received line seems to implicate another domain owner from Portugal (whether it’s forged or not).

I also found it odd that if you do a WHOIS on ‘dnipremiumnames.com’, their WHOIS server (since they are the registrar for their own domains) seems to intentionally block the request, yet all other requests for domains registered thru them works fine.

When you click on the link in the email, you’re redirected to their main site:

Intrust Domains

You’d think they had self-confidence issues with all the “Trust Guard” badges they had to buy to attempt to make their web site look legitimate!?

Trust?!?  I don’t think so!!  Spammers??  DEFINITELY!!!