DDoS on spamlinks.net hosting and anti-stock spam sites

The host for spamlinks.net, spam.abuse.net, and others was
subjected to a distributed denial-of-service (DDoS) attack starting Friday 12th
January 2007. The attack peaked on Sunday 14th and was largely mitigated around 4pm (PST). A low-level attack was still underway as of 17 January 2007 and efforts are continuing to mitigate it.

At least two other spam related websites (worldwidespam.info and spamnation.info - both hosting information about stock spam) were subjected to DDoS attacks at or around the same time.

Reply to "Link exchange spam – I've had enough, thanks!"

In a previous post on link exchange spam, I briefly outlined receiving a series of spam emails advertising MiraPoint, and sent by DigitalGrit.

The following was sent by Steve Curtin – Corporate Vice President, DigitalGrit.

Posting this does not represent an apology, and I will follow this up with a further reply I sent to Steve.

Here is Steve's reply:

Ouch. We obviously owe you an apology and an explanation – which I'll preface with the fact that we are 100% dedicated to best practices, and we are *not* spammers.

As an agency working for Mirapoint, a company committed to combating spam, we noted in your FAQ's an invitation for requesting links (http://spamlinks.net/about.htm#faqs-add) and sent an email per your instructions. So, your blog is extremely relevant, you list commercial vendors, and provide guidelines on submitting links. We did our very best to play by your rules.

Here's where we slipped: our employee inadvertently created 2 emails rather than 1 requesting to be listed on your blog. How did that happen? Well, two emails were created since you have 2 pages listing commercial vendors. Obviously, we should have generated one email for the request, but due to human error that didn’t happen - again, my apologies, but as we're all human, some cutting-and-pasting happens, hence the identical emails. Again, HUMAN error.

And, I'd like to reassure you, that as we do not believe in using automated solicitations like the ones described in your post, the emails that you received were sent by an actual human employee of our firm. And, in our defense, the employee who sent those emails did include his real name, a return email address, and an explicit identification of our company in full compliance with the CAN-SPAM Act.

So, to reiterate, we do certainly own up to having made a mistake – and one that clearly raised your ire – and please accept my apologies on behalf of DigitalGrit for that. However, at the same time, I feel it important to convey that we are more than a little upset and disappointed in having been branded a "spammer" in your post. That's just not who we are. For the record, who we are, in fact, is one of the top 25 Best Small & Medium Companies to Work for in America, as noted by the Society for Human Resource Management and one of the Best Places to Work in New Jersey, as noted by NJBIZ for the past two years (including the #1 ranking in 2005). And as the leader of DigitalGrit's SEO practice, I personally want to assure you that we are 100% white hat.

So, please accept my sincerest apologies again for the annoying emails. Despite our missteps though, we do feel that Mirapoint offers a product worthy of listing on your site along side the other products you list, and I hope you'll take the time to review Mirapoint's products.

Thanks for your time and consideration,

Steve Curtin – Corporate Vice President,

DigitalGrit

Link exchange spam – I've had enough, thanks!

Search engine optimizers are getting on my nerves. To cut a long story short, they are sending spam to Spam Links to try to get all sorts of sites listed.

The worst of it should be familiar to anyone with a website with a decent page rank — "Link Exchange" subject line spam, offering to include a link to my site in an awful link farm, in exchange for me placing the link of choice (unrelated to spam) on my website with their provided fluff-piece.

Even Google gets this stuff:

Dear google.com, I visited your website and noticed that you are not listed in most of the major search engines and directories...

Some SEO spam that I get is asking for an anti-spam site to be listed on... well, usually the most inappropriate page of the 100+ pages on Spam Links. Most of the sites aren't even spam related. Some let me know that they have added my link to their site, and then demand that I add their site in a particular way or... their link to my own site will be removed! Oh. No. Some examples of the badly worded email I get:

I've visited your site today, and I appreciate the site. My below mentioned website is similar to yours. Kindly consider listing it under your "Links" section.

As a part of ongoing campaign to increase the Link Popularity of My website I am looking for some good potential sites like yours.I review your site and find that, in SEO perspective your site is Perfect. Also, this would be a great resource for my visitors too.

I have my client website related to "Email Security". This website provides details for Secure email wordwide...

I thought a good place on your site to link from would be on your links page.

As you are probably aware that a three way link exchange is a great way to boost up your page rank in major search engines.

The cause of all this is unscrupulous or unskilled (or both) SEOs using bulk keyword searches. They search the web for websites that match a keyword search (in some cases, they even include the keywords they used to find the page they are wanting to get linked from), harvest the contact email addresses for those websites, and then send bulk email to the contacts asking to be linked to. Let me be quite clear: there is no grey here. There is no accident, and no excuse. This is simply spam.

It was with particular dismay that I opened a recent "link exchange" spam, to be met with a familiar domain: MiraPoint.com. They are well known for making RazorGate, which is a network appliance spam filter. They had apparently contracted a company called DigitalGrit, who appeared to have taken it upon themselves to really out-do all of the other SEOs and make it totally obvious they were sending spam.

Two emails arrived within the same second, both identical save for the page they wanted linking from, and the keywords they wanted me to use to link to the site. Slam-dunk spam, as far as I was concerned. DigitalGrit followed it up with a further two bursts of two emails, structured almost identically to the first batch. MiraPoint have not replied to several emails asking for an explanation.

[Update: DigitalGrit have sent a reply in response to this blog post, which is included in a new post. I have also edited the section above to more fairly represent what I experienced.]

MiraPoint are not the only anti-spam website pushed like this, but I haven't given the others the chance to explain themselves, so I shall not list them. One of the anti-spam sites was carrying out their own optimization. They claimed not to have sent significant numbers of emails, but they did use an SEO tool, Web CEO, that is essentially an email address harvesting and bulk email tool; using it would seem to lead almost inevitably to spam, by design:

Use the link exchange software of Web CEO to sort websites based on how you want to contact them - personally or automatically. The Link Partner Finder helps you create bulk messages using templates. This link exchange tool harvests the e-mail addresses from websites you wish to contact. You’ll be proposed with patterns of letters to your potential link partners, provided for possible cases. The software can send large quantities of messages automatically. But you should create personalized letters to those that are most important for you

.

LinkMachine has been another source of link exchange spam, and there are probably quite a number of SEO tools that work this way.

Some blackhat SEOs do not even pretend that what they do is not spam. One even hosts a blacklist of sites not to contact, which Spam Links is a member of. I will be sure to check it for any new links...

There is a key difference between the spamware programs and what seem to be more responsible packages, such as Solo SEO, that allow the user to discover "potential link partners". They talk strongly about assessing quality, and do not automate the contact process.

While I am not totally enamored with the concept of building links by going begging, an application should at least not automate the process to the point that spamming is trivial. Why is automation a concern?

Consider what happens if everyone who owns a website acts like that, and the answer should be quite clear. It is the usual catalogue of reasons why spam is wrong. Search engine spam is also an issue, since the point of link exchanges is usually to gain ranking in search engines, rather than direct traffic from the link-hosting sites.

What obviously moves a link building email campaign into the realm of spam is when the website owner the request is sent to is clearly not soliciting link exchanges, or does not run the kind of website that accepts links, particularly if the link has nothing to do with the website's topic. It all comes back to the reason that spam is defined as unsolicited bulk messages - if you bother a lot of people who do not want to hear from you, you are a nuisance.

If you automate the contact process, you cannot know if the website owner is soliciting link exchanges; if you use templates to contact the site owners, they cannot reasonably know that you are not spamming, and will react accordingly. It is in everyone's interests to be straightforward, upfront, and to bear in mind that webmasters are not just a resource to be exploited.

[I received a reply to this blog post from Steve Curtin, Corporate Vice President of DigitalGrit. I have included it unedited in a new post.]

Oversee.net's Chesterton Holdings carry on domain swiping as Maltuzi Holdings

The world of domain swiping continues unabated. Oversee.net and their operations, who I covered before, continue to domain taste and, apparently, to domain swipe.

To summarize:

• Chesterton Holdings swipe domains following whois searches in online whois portals
• Chesterton Holdings register those domains through NameKing.com
• Chesterton Holdings use the Information.com service to monetize the domains

The same goes for Jucco, Munchale, and LaPorte, and all of the other "holdings" companies.

And the link to Oversee.net?

• Oversee.net own NameKing.com, their pet domain registrar
• Oversee.net own DomainSponsor, which operates Information.com
• Oversee.net share a corporate HQ with Chesterton Holdings

You can read the original post for more details on the connection between Chesterton Holdings and Oversee.net.

Since I detailed the links between the domain swipers at Chesterton Holdings and Oversee.net, Oversee have publicly admitted the connection between Oversee.net and Name King, the registrar they use to make their "domain tasting" operation possible:

My name is Jothan Frakes. As Tim mentioned, I'm a senior account manager at a company called Domain Sponsor. In the interest of full disclosure and to make sure there's integrity to this session, I do want to disclose that my parent company [Oversee] owns a registrar, Name King, and that company does participate on behalf of its customers for domain tasting or add grace use.

While checking to see if Chesterton were still going, I found that only the websites for the "holdings" companies Jucco and Field Lake and Sky remain, with an obvious reference to "Chesterton Holdings LLC" in the code for their webpages. I also stumbled across a page describing the operations of an apparently new company, "Maltuzi Holdings". Chesterton have gone fairly quiet, and it should be no surprise that Maltuzi are just a new incarnation. They have garnered the same attention and reputation as Chesterton did at first, yet the connection between Maltuzi and Chesterton has not been noticed.

In case there is any doubt about the connection, the Maltuzi website shares the same reference to Chesterton in its code as the Jucco and Field Lake and Sky websites:

<param name="movie" value="Chesterton Holdings LLC.swf">

Sure, more care may have been taken on the company address, using a forwarding address in the "Downtown Mountain View Center", but the registered agent used for their company registration is identical to that used for Chesterton Holdings.

Maltuzi also uses NameKing.com and the Information.com services, owned by Oversee.net, just as Chesterton Holdings did.

There are a lot of complaints about Maltuzi (inevitably, given that they are swiping domains).

Business Week seem to have got a response out of Maltuzi:

T. Salonen, manager of Mountain View (Calif.)-based Maltuzi, says his company is a "bulk registrant" of domain names, but says there's nothing wrong with that. "We are actively buying domain names based on a variety of criteria," he writes in an e-mail interview. "We...purchase those domain names which have certain traffic levels or pay-per-click viability and return those which do not meet those and other criteria."

That doesn't say very much at all that we didn't already know, and very little about domain swiping, or the connection between Maltuzi and Oversee.net.

Specific sources for the swiped domains are again unclear, but one post describes using Instant Domain Search, and then losing a domain to Maltuzi, which fits the previous method identified by Larry Seltzer: the CNet Domain Search page.

DomainTools (run by Name Intelligence) claim that domain swiping is a myth, and that names are simply registered by coincidence, but that doesn't line up with the facts. Instant Domain Search are similarly dismissive in replies to a blog post fingering their site as a source of domain name leaks. Did Chesterton really register "lickmynose.com" by complete coincidence, so soon after Larry looked it up? I think not!

If there are markets of whois query information inside the lookup and registrar communities then having NameKing.com gives Oversee.net (and so Chesterton, Maltuzi, etc.) easy access, whatever the methods. My favorite theory is that the whois meta searches go off and query every accredited registrar: NameKing.com is the registrar owned by Oversee.net, who appear to also operate Maltuzi... easy.

The ups and downs of the Maltuzi domain portfolio can be followed at the excellent IPWalk, and they feature high in DailyChanges and the DomainDB top DNS lists. We're talking seven figures of domains, and daily changes of six figures, as before with Chesterton and friends.

Domain tasting and swiping are still very much in the news, but with major benefactors such as Oversee.net involved in ICANN and not fully disclosing what they do under the banner of "holdings" companies, the prospects for eliminating domain tasting and swiping or discovering exactly how Oversee's holdings operations are "swiping" domains appear remote.

A step has been taken in the right direction by the .org registry, but whether that is effective and how the rest of the name space is dealt with by the industry and by ICANN remains to be seen.

Oversee.net and Maltuzi did not respond to queries.

Domain swiping is an abuse of the trust that users place in the whois services, and domain tasting is causing real harm to others, such as real costs for registrars. If the domains involved are typo-squatting (as a great many are) then users are being manipulated into visiting sites that they never intended to visit, and trademarks are being abused.

None of domain swiping, tasting or typo-squatting are spam, but they all demonstrate the same contempt for others that characterizes spam.