We wrote about this particular spam in 2014 – the domain scam email. Variations of it are still doing the rounds. This email arrived this morning.
Let’s deconstruct this piece of absolute fiction, shall we? First of all, the bit you can’t see in the screenshot is the subject line, which was mmuk-host.com expiration. mmuk-host.com is one of a few similar domains we use as private nameservers. The domain isn’t due for renewal until August this year. But how many domain owners would know when their domain renewal is? Any layman would think immediately that this was from their domain registrar and probably act on it.
Let’s continue with the domain scam email. The title, Important notice reminder, doesn’t even make sense. You’re reminding me of an important notice? I think not. The next bit down is a classic exercise in getting into people’s heads – an expiration date. A date like this gives the impression of scarcity and urgency. Amazon use this technique well in their product listings (Want this item by Saturday? Order in the next 3 hours for guaranteed delivery by Saturday). In this case, the expiration date is exactly one week from today. How convenient. Of course, nothing’s going to happen after a week.
As of January 1, 2014, the Internet Corporation for Assigned Names and Numbers (ICANN) has mandated that all ICANN accredited registrars begin verifying the WHOIS contact information for all new domain registrations and Registrant contact modifications. This is true.
This solicitation is to inform you that it’s time to send in your whois domain protection registration for 03/31/2017. This is not true.
Failure to complete this order by 03/31/2017 may result in the cancellation of this solicitation (making it difficult for your customers to locate you, using search engines on the web). This is absolute bollocks.
Act today! This solicitation for mmuk-host.com will expire on 03/31/2017. Act today! Meh.
The domain scam email continues with a big red button marked Secure Online Payment and is then followed by a table showing what you get for your money. It’s Protection Registration that doesn’t actually begin for three weeks. It lasts a year and it’s $64.00. But what is it? More about that later. We’re still taking this email to bits.
The domain scam email footer, marked Instructions and Unsubscribe, is in a very small font size using light grey text on a dark grey background to deliberately make it difficult to read. Let’s have a look at what it says.
You have received this message because you elected to receive special notification offers. No I didn’t, this is totally unsolicited.
If you no longer wish to receive our notifications, please unsubscribe here or mail written request to Datacollect Inc, Fort Lauderdale, FL 33309. The word here is a link, leading to a file on their site called unsubscribe.php. There’s absolutely no guarantee that that’s what it does. There’s a postal address too. Because scammers always take notice of stuff in the mail.
If you have multiple accounts with us, you must opt out for each one individually in order to stop receiving whois domain registration solicitations. Translation: We’re going to make it as hard as possible for you to get rid of us. And of course, nobody has actual accounts with them.
We are a whois domain registration company. We do not register or renew domain names. We sell whois domain registration. This is a contradiction in terms. Either you do or you don’t. Incidentally, WHOIS (pronounced who is) is the international domain registry database. It contains the registered owners and registrars of all registered domain names. And ironically, this is where they get all their contact details from.
This message is Can-Spam compliant. Lies.
This is not a bill or an invoice. This is a whois domain registration purchase offer. Your are under no obligation to pay the amount stated unless you accept this purchase offer. Translation: Look! We’re admitting we’re scammers but in very very very small writing.
This message contains promotional material strictly along the guidelines of the Can-Spam act of 2003. We have distinctly mentioned the source mail-id of this email and also disclosed our subject lines. They are in no way misleading. You keep telling yourself that mate.
Please do not reply to this email, as we are not able to respond to messages sent to this address. Because it’s not a real email address. It’s an alias used to send out thousands of these emails.
What is protection registration?
It is actually a thing, but is more commonly known as domain privacy. This is where a company provides their contact details on a domain name, keeping the actual owner’s details private. As far as we’re aware it can only be set up through your own domain registrar. So this company can’t even do the things it’s selling you.
This is the site that sent the email. Actually, it’s one of many identical sites that are owned by the same company, Datacollect Inc of Fort Lauderdale in Florida. We’re not going to link to it.
It looks VERY similar to the Domain Tools WHOIS search site. In fact, it’s directly copied:
There’s clearly an attempt to deceive here. But let’s look further into the International Whois Protection Agency site. It doesn’t tell you what it actually does until you go to the Terms and Conditions page, where it all becomes clear. They sell your data to people who carry their affiliate advertising.
Or do they? That’s what it says to us. But reading it again, it makes you wonder who this community is that they speak of and how would one become a member? Not that we want to, obviously. Let’s just say they’re creaming money from people who don’t know any better for a non-existent product.
What do I do if I receive a domain scam email?
Delete it. Simple as that. If you’re in any doubt as to when your domain registration expires, look it up on WHOIS. Do not reply to a domain scam email. Do not engage with them in any way. And DO NOT UNDER ANY CIRCUMSTANCES PAY THEM ANY MONEY.