Vonage, the VoIP service, has a feature where their users can refer their friends to the service. If you sign up from one of those referrals, you get a free month of service; and your friend gets two free months. In March 2006, I asked one of my friends to refer me so I could look at the service plans. I decided to go with the Gizmo Project VoIP service. Of course, now I will never look at using Vonage again. I really need to explore Asterisk.

Last Friday, June 22nd, I got another Vonage referral from my friend, 15 months after he referred me! Vonage is apparently going back through their records and re-asking people to join up. This is an abuse of the trust that I (and my friend) had with them. And I believe my friend will be flabbergasted as well that Vonage would spam in his name. Whenever a refer-a-friend occurs, the email address doesn’t need to be stored. There was a unique hash in the referral URL, that’s all they need to store. By maintaining a database of email addresses, Vonage was creating a valuable database that I’m sure any marketer would love to (ab)use. So why keep the addresses?

Vonage needs to modify their Privacy Policy. Specifically, they need to make it a firm policy that any email addresses or other information given to them by a customer for a referral will only be used once. And that information will be deleted from Vonage’s records after a set amount of time (30 days?). Vonage needs to make it clear that they care and respect people’s privacy.

On a side note, their privacy policy says they will honor email opt-outs within 30 days. CAN-SPAM says they need to do that within 10 days.

More about this at:

• They Could Not Have Really Thought This Through
• Vonage spams customers, burns influentials, gets people really angry

If you're new here, you may want to subscribe to my RSS feed. This allows you to read my newer articles without having to visit the site again. Thanks for visiting! Mike

John Graham-Cumming’s new jeaig (jgc’s email address image generator) service seems to work just fine. The background of the image changes every time it loads. It would be great to be able to pass foreground and background color definitions so that the image could fit into a specific web site’s design. Or maybe some options could be defined when setting up the original image.

There is obviously a time stamp involved in where the background of the image is generated. I had several commands on a page, but the image returned was always the same. So here are a couple of static examples. Note the @ and . are sometimes obscured as well.

The first 11 characters of the returned image filename are always the same: UmFuZG9tSVa. And the length of the returned hash varies. An interesting project.

Since the highly effective CAN-SPAM law requires spammers to put a physical location in their spam, I was wondering if anyone has collected the addresses. It would be highly effective in SpamAssassin rules, as well as to look for trends in where the spammers are located.

For example, since March 31, 2007, I’ve received 55 messages with an address of “Customer Service 560- A F ST #438 Grants Pass, OR 97528″

I’m also tracking the “This advertisement is presented” spammer, who appears to be using private mail boxes all over the country, under many different company names.

YourMusic.com is an online music service of BMG Direct, Inc. You set up a list of cd’s you’d like to purchase, then you are shipped one CD a month for a steady price (currently at $6.99). I registered with them on Wednesday, November 2, 2005 at 3:40:31pm EST. And I used a unique email address that I generate for any web site I need to register at. I received no email to that address at all, except the one message from YourMusic.com when I first opened the account. After reading their web site materials, I decided to not buy music from them.

On Monday night this week, June 4, 2007, at 11:34pm, I received a spam mail that was sent to the address I used only at YourMusic.com. An email asking if YourMusic is violating their privacy policy, or if they have a rogue employee stealing customer info was not helpfully replied to. They seem to not understand that they have a problem.

The spam came from hot-daily-perks.net. If you go to their web site, you get apparently an IIS error page. If you go to any other URL on the site, you get a kind of 404 error. Their spam had a 146 character (all hex characters) URL in it. I scrambled their hex code to experiment. I suspect if I clicked the ad I would start to get a lot of spam at that address.

The message itself was a HTML monstrosity. It was made up of a 4×4 html table, with each cell containing an image loaded from http://www.bemywoo.com. The image when built was also an ad for BeMyWoo.

The Whois information is where things get a little interesting. The whois for hot-daily-perks.net did not lead anywhere else, except to the Moniker.com registrar.

But the whois for BeMYWoo.com leads to both cliqventures.com and loorebox.com. Their whois info was not too interesting, leading into a circle. Hmm, by looking at their whois info, it appears that the registration info for BeMyWoo, CliqVenture, and Loorebox is invalid, there isn’t a suite listed like there is on the web site.

$ host loorebox.com
loorebox.com has address 69.50.210.58
loorebox.com mail is handled by 0 loorebox.com.

$ host bemywoo.com
bemywoo.com has address 69.50.210.58
bemywoo.com mail is handled by 0 bemywoo.com.

$ host cliqventures.com
cliqventures.com has address 69.50.210.58
cliqventures.com mail is handled by 0 cliqventures.com.

$ host hot-daily-perks.net
hot-daily-perks.net has address 209.51.190.123
hot-daily-perks.net mail is handled by 10 hot-daily-perks.net.

So it appears that the hot-daily-perks.net site hired CliqVenture to be their spammer. hot-daily-perks.net is hosted with Hurricane Electric. CliqVenture is hosted by Atjeu Hosting (atjeu.com). I will be emailing a spam abuse complaint to Atjeu shortly.

I’m researching some spammers that have been hitting my mail server pretty heavily since March. I’ve got a list of several hundred domains, so I’ve been doing some basic research on them. I’ve used google, the host command to get their IP address, then I grabbed a few at random to check their Whois info. After the third whois lookup (using the whois built into OS X) I got this note: “my.home.ip.address has reached its 24 hour query limit.” All three of the domains I looked up were registered through Name.com. But I don’t see anything on their site mentioning a whois lookup limit.

Now the funny thing, future lookups seem to be working just fine. Hmmm, very strange.