The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
39°F
Current Conditions
Scattered clouds
View complete weather report

Color Scheme

Subscribe now

Spammers’ new domain

McClatchy-Tribune illustration (McClatchy-Tribune illustration / The Spokesman-Review)
Frank Delaney Special to .TXT
McClatchy-Tribune illustration (McClatchy-Tribune illustration / The Spokesman-Review)

I received a bill in my company mailbox in March 2006 and again this year. The letter looked official enough to not throw it into the trash.

I opened the envelope and found an apparent billing of $35 for my Web site, which was coming up for renewal. On closer inspection I began to suspect that something was wrong with this official-looking statement.

Based on Web comments on newsgroups, people across the planet get this same kind of message every day. It’s a boldfaced attempt to trick you to send money, thinking your site domain is up for renewal.

Fortunately I know the company where I have my Web site registered and hosted. These letters were from companies I had never heard of — listingcorp.com and icls.net. Yet they had all my site information, including the upcoming expiration date, which made it look official.

There was a sense of urgency in the letters about sending $35 to them immediately to avoid “not being listed.”

And there was a listing of services that I would supposedly get for my $35, but it said nothing about the renewal of my site domain name.

I looked up the company names and found numerous Web postings by others with similar contacts. Those two firms, and others like them, belong in the category of “Whois spammers.”

Typical spammers use e-mail harvesters to find addresses and then inundate them with spam.

But a Whois spammer harvests Web site information from the universal Whois registry, which is available to anyone. You can go to any domain registrar like Network Solutions or Godaddy and click on the Whois selection, and type in a Web site. That tells you who owns the site, their address and e-mail address, contact names, and dates of registration, including expirations.

This is the way the Web was designed to work, so anyone could find who owned a Web site. This information was supposed to be public, even though many registrars now let owners hide some personal information, due to extensive abuses by registrars who sell Web sites without verifying actual ownership, and to block Whois spammers.

I don’t use private registration for a number of reasons. If you choose to use private registration, be warned it typically costs more than regular site registration and doesn’t hide all your information.

So I had received a bill from a firm that obtained my name and address from the Whois registry and wanted $35 with the warning that I might not be “listed.” In very small print on the back it did say “This is not a bill — this is a solicitation.”

It’s a normal assumption by anyone who receives a billing like this that the bill is for renewal of their Web domain name. But it isn’t. I have received other letters similar to this. If it smells funny, it probably is exactly what you think: another scam, this time sent to your mailbox and not your inbox.

I sent e-mails to both companies; ListingCorp is based in Calgary, while ISLS is based in the Bahamas. I wanted them both to take me off their lists. Of course neither replied and I’m likely to keep getting their mail.