We had a few emails this morning from [email protected] with the subject (in block capitals) “DOMAIN REGISTRATION!”
Each email we received was regarding a different domain name that we do actually own. However, it wasn’t a domain renewal notification, it was a phishing attempt – the sender is selling traffic-building SEO software. Whether you actually get the software after paying the money is unknown.
The wording of the email was deliberately confusing (the actual domain names have been replaced with your-domain.com):
“This important expiration notification notifies you about the expiration notice of your domain registration for your-domain.com search engine submission. The information in this expiration notification may contain confidential and/or legally privileged information from the notification processing department of the Domain SEO Service Registration to purchase SEO Traffic Generator. This information is intended only for the use of the individual(s) named above.
“If you fail to complete your domain name registration your-domain.com search engine service by the expiration date, may result in the cancellation of this domain name notification offer notice.”
Well, that’s a load of tosh and doublespeak. In the email footer (white background, very light grey, almost unreadable text), it states:
“We are a search engine optimization company. We do not directly register or renew domain names. We are selling traffic generator software tools. This message is CAN-SPAM compliant. THIS IS NOT A BILL. THIS IS A NOTIFICATION OFFER. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED UNLESS YOU ACCEPT THIS NOTIFICATION OFFER.”
The CAN-SPAM Act of 2003 is American legislation to try and prevent spam and one of its compliance criteria is that emails are not sent to harvested addresses, which this clearly was.
If you receive a similar email, don’t click on any of the links including the unsubscribe link – the odds are it won’t unsubscribe you. Just delete it. Don’t interact with it in any way as it may flag to the spammers that your email address is definitely in use – and this bumps up its resale value on a mailing list.
If McGregor Media registered your domain name on your behalf, then a renewal notification will only come from us. If you registered your own domain name, the renewal notification will come from the supplier – check to make sure it’s from the same company, if you need to.
Spam can happen to anyone
A few days ago, an email address on our domain name, mcgregormedia.co.uk, was used to send out a whole load of phishing spam – the standard rubbish about having frozen your bank account and could we please have your bank details to unfreeze it. The same email address was used as a reply address in the mail header.
The email address used was [email protected] This email address doesn’t actually exist and it never has but because we use a catchall email account to try and avoid our email addresses ending up on unwanted mailing lists, we got all the replies. It started with a few “Undeliverable email” notifications, which soon built up to a deluge.
We confirmed with our service providers that none of the outgoing spam was sent through our server, which was a huge relief – we have several systems in place to prevent that happening but spammers are always developing new ways to try and circumvent these systems.
Once the “Undeliverable email” notifications started slowing down, the actual replies to the email started to arrive. They ranged from simple “Who are you and how did you get my email address?” replies, to one gentleman who wanted to do unspeakable things to our spouses.
While spam is hugely annoying, and receiving hundreds of notifications is equally annoying, the worst thing you can do is interact with that email. The people who sent actual replies could have found their email address being sold on and more spam would be headed their way soon. As it is, we just deleted the messages. Which is exactly what you should do when you receive spam.