Tag Archives: email address

The Domain Name Scam Explained

Domain Name

Protect your Domain Name?

If you are a Domain Name owner and make business on Internet you know that your Domain Name is one of your biggest assets.

You wouldn’t give away any traffic resulted in misspelling of your domain name or traffic generated by similar domain names.
There are actually people on Internet who specialize in stealing traffic from other companies. They do this by using domain names similar to successful companies. However this is less feasible these days because domain name doesn’t carry too much weight in SEO.
If someone would try to register your domain name, what would be your reaction? Your first reaction, of course, would be to protect your domain name. You want to buy that domain so nobody else could use it and steal your traffic. This is a natural reaction; you are trying to protect your asset.
This weakness is exploited by a large number of companies, (mostly Chinese), specialized in this type of scam.
There is nothing wrong to secure that domain name, if you think it makes sense for your business, many companies do this, just don’t buy the domain name from the spammers. Buy that domain from a reputable registrar instead.

How does the Domain Name Scam work?

The spammer collects information from the Domain Name registration which is, in most of the cases, public. This information contains the owner name, the email address, and of course the Domain Name. This information is enough to devise an email which will be sent to the CEO. The email informs the owner that another company is trying to register the domain name in cause but for another TLD or ccTLD.
As the owner of the domain you “get the benefit of being announced of this purchase” and are being offered to buy it yourself.

For instance you own domain.com and someone is trying to register domain.tw and domain.cn, etc… Other country-specific flavors (.asia, .biz, .cc, .cn, .com. cn., .hk, etc.) can be mentioned. You are informed about this and offered to buy the domain or the domains.

Scenarios when Contacted by a Domain Name Scammer

At this point there are a few possible scenarios:

First scenario: You don’t really need the domain names but you fall for the scam and say “yes, please register all of these domains for me”.
This is the worst case. These types of companies are ghost companies that charge you three to ten times the regular price of the domain. Sometimes, if you don’t pay attention to all the registration details the scammers will register themselves as registrant and administrative contacts and they will keep themselves in the loop trying to reap you off more down the road.
Second scenario: You look at the domain names list they sent you, you pick the ones you are interested to protect and register them at a serious registrar for a fair price. See this post about Protecting the Trademark by Registering Domain Names. You might have a Web Marketing strategy that involves buying those domain names. In this case the scammers made you a favor reminding you to buy some domains that you missed.
Third scenario: You simply ignore the email; you don’t care if someone registers the domain domain.cn, these days a domain name doesn’t count that much for the traffic as it used to. The content is king and traffic leaking is almost impossible only using a domain name. Protecting your Trademark is your lawyer’s job and there is no need to buy everything on the market to protect your Trademark. See this article about the defensive domain buying: Protecting your Trademark by buying as many as possible domain names.

The decision is not always simple and it depends on your business needs. You could go with either the second or the third scenario.
You can Buy International Domain Names at fair prices at: Go Daddy Bulk Domain Registration

Regardless of your business needs you will probably want to avoid buying these domains from the scammers.

Please improve this post by commenting.

Email address Spoofing – Someone is Using My address to Send Spam

Someone is Using Your Address to Send SPAM

You just got a bounce-back email saying that your email didn’t reach the destination because the recipient doesn’t exist. Nothing unusual, this is something that happens to anybody who is using email regularly; except you didn’t send that email. How could this happen? If you are an email server administrator and many of your users get this kind of bounce-back they all start to complain at once, thinking that your server has been hijacked. What can you do to stop this, and how to reassure your users that you haven’t been hijacked?

Sender Address Forgery known as email address spoofing is not a new technique. It is used for many things from spamming organizations to sending viruses and supporting scamming schemes where the sender fakes his identity.

Effective ways to stop Spammers to Use Your Domain Name

Publish SPF Data
SPF (Sender Policy Framework) is a method that allows you to publish which mail servers are authorized to send email for your domain. SPF uses a DNS record that tells email servers which servers are the servers that are trusted sources of email for the specific domain and how much to trust other sources of email originating from that domain. Destination servers might have the SPF checking implemented or not. Many of the today’s servers are SPF checking enabled.
Destination servers check this record and act in consequence. Anti-spam software on servers receiving emails, score an email based on SPF record and other criteria and accept or reject the email based on the total score. For instance if the SPF record tells that any emails originating from non authorized servers should not be trusted the email gets the necessary points to be treated as SPAM and it gets rejected. If the SPF record treats the non authorized servers neutral the message could pass or could be rejected if other it contains other SPAM characteristics.
Do not publish any email addresses on Web pages. This is the most common place for spammers to get valid email addresses and use them to forge email messages

If your company runs its own mail server configure it to ignore email sent to non-existent addresses in your domain. If your server sends a non-delivery report you reveal to a spammer valid addresses in your domain (the ones that don’t send NDRs). This attracts spam to those addresses. You waste bandwidth. The most common reason to send NDR’s for non-existent addresses is to let people know that they misspelled the address. Miss-addressed email can get lost easier.

If your domain gets blacklisted because of spoofing you have to contact the list which blacklisted you and show the Administrator what you did to correct the problem. This is very unlikely since the sender usually spoofs only the email sender and not the server’s address. A blacklist Admin should be able to figure out this.