(Ft. Worth, TX, USA)

aubreyturner.org

Off With Their Heads

Monday, January 26, 2009

Cry For Help…

Someone hit my site over the weekend using the following search phrase:
   i have emails which repeatedly continue arriving in my inbox the same “ones over” and over and over again why

Aside from the weird use of quotes, can’t you just feel the desperation in that search?  I think it’s the pathos of the “over and over again why” part that puts it over the top (kind of reminds me of “When will the hurting stop?” [*]).

Anyhow, to answer the question, either you have been targeted by a particularly annoying spammer, or there is a problem with your email program.  I have seen this problem at times with Thunderbird using POP3 when you leave the email on the server and your system is experiencing intermittent network problems as well as insufficient memory.  This was with an old laptop that had insufficient memory and was getting bogged down by a nightly virus scan.  Adding more memory fixed the nightly network problems and I haven’t seen the issue since.

Monday, December 15, 2008

Comment Spammers Suck

We all have our particular windmills at which we must tilt.  The blogger at the Keitai Goddess is engaged in a war to stop comment spam.  What’s interesting is that one of the spammers actually responded to her.  The respondent’s sense of entitlement to use of our blogs for marketing purposes is breathtaking:

Leaving comments on your blog linking back to our site is a fair trade as long as the comment is relevant and a decent length.  Many SEOs say content is king when it comes to ranking in Google and Yahoo, but this is not true.  Links are king and links from good websites are king.  Content comes in at a close second.  We give you content that makes YOUR site rank higher for different keywords and you give us a link back to our site that helps our site rank higher.  I don’t see how this is not a fair trade.  We’re not “parasites” like the people who comment on blogs and leave (sometimes literally) over 100 links in the comment and completely ruin that page’s pagerank.  I’ve seen people put links on blogs that run anywhere from 1 to 200.  We leave a relevant reply, take 1 link, and leave.  The ones who put more than 1 link in their reply are the parasites, not us.

I really have to wonder what this spammer thinks “relevant” comments are.  I’ve seen crap like “great article,” or even some that try to summarize the gist of my posting, but they’ve all been very transparent as text used for filler just to get their link past the spam filters.

Anyhow, the “conversation” got a bit heated, and the spammer really lost her cool in her followup message, to the point of acting like a creepy stalker by searching out Keitai Goddess’s comments on other blogs and claiming that those were somehow unethical or hypocritical because those comments included a link back to her site.

Really, the tiniest bit of common sense would have revealed to the spammer the difference between a real comment and one done solely for SEO purposes.  The rule that I use for determining if a link/comment is spam is that if the comment is truly relevant and adds something new, then I examine the link to see if it is back to the person’s personal site or to a commercial site.  If it’s to a commercial site, and I don’t recognize the online “persona” as belonging to someone I personally know who is associated with that enterprise, then it’s spam.  Period.  End of discussion, no debate allowed. 

In other words, commercial entities are NOT ALLOWED to post comments on my blog.  My comments are intended to be by and for people.  The only time I might entertain a comment associated with a commercial entity is if I’ve commented about that entity’s products or services.  However, the person doing the response must do so under a real name and they must identify themselves as being associated with the company.  Anything else would border on dishonesty or sock-puppetry.

Wednesday, October 22, 2008

What’s The Point Of It Anymore?

I’ve noticed lately that spammers are hitting my contact form about twice a week.  What’s weird about it is that it just says something like “Buy <drug name>” or “Cheap <enhancement drug>”.  The notes don’t give any information about who is selling it or where to get it. 

And the comment spam I’m seeing is just about as useless.  Spam filtering techniques have gotten to the point where just about the only things that will get through are genuine human messages and complete garbage.  I’ve seen a few where it appeared people typed them up and just used the URL field to try to advertise their sites.  Others were filled with what appeared to be random gibberish with copious links to sites with URLs that looked like they were created by hitting a bunch of keys on a keyboard all at once.  What kind of sucker would click one of those links?

So if most of the spam lately doesn’t provide any good ways of getting the spammers into a search engine because it’s gibberish, or they can’t even list their site because of the filters, you really have to wonder why the spammers even bother anymore.  Is it sheer cussedness?  Are they up to something that they think will pay off in the long run?  Or are they just being annoying buggers for the heck of it?

Thursday, August 14, 2008

Political SPAM

Bitter is complaining about a candidate for Virginia Attorney General who is spamming her and who won’t respond to requests for removal.

In a similar vein, I’m pretty annoyed by the spam I’m getting from Chief Justice Wallace B. Jefferson of the Texas Supreme Court for his re-election campaign.  The reason I’m annoyed is that I never gave anyone permission to send me emails about Jefferson’s campaign.  Worse than all that, the email address is one created specifically for use with the Fred Thompson presidential campaign.  I’m not sure who to be more annoyed with: Fred Thompson’s website for selling my email or Jefferson’s campaign for using a list without doing any opt-in confirmation. 

The emails are being sent on behalf of Jefferson’s campaign by StreamSend and they include link tracking URLs and email tracking image bugs.  The whole thing has a stink about it.

Thursday, July 12, 2007

Two Down… Many More To Go…

I was glad to see the announcement that two pump-and-dump penny stock scammers were arrested recently. 

Texas Attorney General Greg Abbott’s Special Investigations Unit charged two Texas residents with devising an illegal high-tech scheme to defraud investors out of more than $4.6 million. Both suspects, who were indicted July 3 by a Harris County grand jury, are the subjects of an ongoing investigation by several states and the Securities and Exchange Commission (SEC). In addition to the state’s charges, the suspects face securities fraud charges, which were filed today by the SEC.

Darrel Uselton, 40, of Katy, and his uncle, Jack Uselton, 69, of Houston, face organized criminal activity and money laundering charges. According to state and federal investigators, the Useltons reaped millions in illegal profits by promoting shares from at least 13 penny stock companies. The suspects then secretly sold those stocks into an artificially active market they created with manipulative trading schemes, spam e-mail campaigns, direct mailers, and Internet-based promotional activities.

I don’t know if these two were involved in any of the scams that affected me, but as the recipient of the blowback from bot-net blasted spam emails, I think it’s about time that some of these bastards were taken down.  It’s just unfortunate that we can’t bring back the stocks and the pillory.

Spam Blowback Continues

Despite removing all catch-alls, thereby killing the Joe Jobbers in their tracks, I still seem to be banned from sending email to certain people.  Most notably people with AOL email addresses.

I had someone contact me yesterday via my Contact Form to ask some questions about the Marlin Camp Carbine, but my reply got bounced.  AOL informed me that it was not accepting email from my address.

Now this is stupid on the part of AOL, since I never sent spam to their users.  But they still put my domain into their blacklist of spammers, apparently because of the previous Joe Job crap. 

Anyhow… if you try to contact me and you’re using AOL (or Earthlink) and you don’t hear back from me, you might want to investigate getting a less brain-dead email provider.

Monday, February 26, 2007

Kill All Spammers

I hated to cave in and do away with my catch-all address, but I finally had to do it.  I saw a definite pattern where I’d get four or five apparently hand-crafted emails, followed within a few hours by a tidal wave of bounces.  It appears to me that the spammer were probing my domain to make sure the catch-all was still in place so that their bounces wouldn’t be rejected.  Then, upon confirming the catch-all, they’d engage the bots for a major spam run, with me catching all their crap.  If I’d taken the catch-all off of the domain, their initial probes would have been summarily rejected by the SMTP server. 

Because I’ve been using the domain for the past seven years for making up email addresses at will, I had lots of possibly valid addresses that I had to deal with.  I wrote a short Perl script that groveled through all my old Inboxes (back to 2000) to extract all addresses with an aubreyturner.com address in the “To:” and/or “for” headers (in some cases, especially with lists, my address wouldn’t have been in the “To:” field), discarding duplicates.  When I was done there were 1732 unique email addresses.  I spent a couple of mind-numbing hours going through that list deleting garbage entries from spammer Joe Job backscatter.  That left me with 604 addresses that I had to enter into the Dreamhost email control panel.  Fortunately, they have a “bulk edit” feature for each domain.  But it almost caused the panel to cough up a furball when I uploaded the list.

Now I’ve gone back and deleted another 30 or so that looked legit, but which I’d forgotten had been compromised by spammers.

If anyone out there has tried to email me and the message bounced, it’s probably because I missed an address in the alias file.  I’ve verified that the Contact Form target address works, so you can get in touch that way.

Anyone for killing spammers and using their guts to hang them from light poles?  Or am I the only one so annoyed?

Tuesday, December 19, 2006

Spammers Paradise

I’ve noticed an increase in a couple of types of blog spam while I’ve been away.  I’m not sure whether this is because the spammers are targeting likely periods when people won’t be watching or if it’s just more annoying to me to have to despam things remotely (usually over dialup or when I’m pressed for time).

The first one is the old-fashioned link-filled comment.  Because of the way EE works it’s hard for spammers to completely automate the process.  What I saw appeared to be manually generated and used URL-shortening services to get around keyword bans.  In one instance they hit a particular post 47 times, with a frequency of about one per hour before I added their URL-shortening URLs to the blacklist.

The other type, which usually happens during the wee hours of the morning, is of the account-creation variety.  Some dingleberry will create an account with a name like “prom dresses” or “bathroom vanities” and then put a link in the profile to a spam link farm with the advertised goods.  These are almost invariably created with invalid email addresses, so I can spot them in the morning just by the presence of the combination of a new member notification and a bounced email in my Inbox.  Occasionally the spammer will pick a valid address so I don’t get a bounce, so I’ve taken to reviewing all new member accounts and deleting any that have spam links (and what constitutes a spam link is entirely at my discretion).  I also added some verbiage to the member agreement to explain this.

As I wrote the above a new idea occurred to me regarding the timing.  When I’m away I’m usually not checking the referrer spam report and regularly updating my .htaccess and blacklist blocks, so maybe what I’m seeing with the comment spam is just the result of deferred maintenance.

Regardless, spammers suck.

Tuesday, October 31, 2006

Compromised Servers Used for Referer Spam Linking

I started seeing a large number of attempted REFERER spam links in my logs over the past few days of the form <valid website>/images/online/<spamvertised product>.  If you take off the “/images/online…” part and just look at the root, they all appear to be valid, normal, websites (one was even for a Minnesota state representative).  The interesting thing is that if you look in “/images” you’ll find something called “99.php”.  That file is a spammer/cracker console.  It appears that all of these servers have been pwn3d by a Russian hacking group and this PHP script is a tool they’re using called “c99drink.” 

So far, out of the random sample of 7 or 8 links that I checked, the output of 99.php shows that each system belongs to iPowerWeb.  It would appear that they have some sort of systemic problem that allowed the crackers to gain access to the system and install their toolkit.

Here’s what c99drink looks like on a typically infected server:

This appears to be a relatively new toolkit, as I could find no hits for it on Google.

Monday, September 18, 2006

And Then… Silence

As I mentioned previously, some dingleberry spammer decided it would be cool to use my domain to generate random addresses for the From address when sending crap to people from his botnet.  In addition to the “enlargement” products being hawked in the original spam run, I started seeing stuff for “pharma” and Rolexes.  There were two distinct ways of handling the addresses, as well.  The original run used ones of the form “First Last” <madeupcrap -at- aubreyturner.org>.  The later runs (Rolexes, etc) used the same pattern but appeared to use a different domain for the From and instead used my domain for the Reply-To address.  I also observed that all spams that targeted a single domain appeared to use the same address on my domain.

Anyhow, I finally decided to throw in the towel and disable the catch-all on this domain.  Fortunately, it turned out that I didn’t have very many addresses on this domain that I needed to keep.  The majority of my contacts have been done using a different domain, so I was able to disable the catch-all and add the 20 or so emails that I wanted to keep.  Now, any email for a non-registered address will simply be rejected during the SMTP connection, so it won’t get a chance to bounce to me.

Should I have to turn off catch-alls for the other domain I now have a list of valid emails for that domain and a handy script that can read it in and produce correctly formatted forwarding entries.  The only pain will be having to enter the 500 or so addresses into the web control panel’s forwarding page.  I’m hoping I don’t have to do that, though, as I like the flexibility of creating a new address on the fly when needed.  That set of 500 addresses represents over 6 years of e-commerce, newsletters, mailing lists, newspaper registrations, etc.  It was very helpful in that you immediately know that the L.A. Times is the one that sold your address to the spammer, as it came in on that particular address.  It’s also funny when phishers send a PayPal account verification email to your old Gradfinder email address (at least before I canned it, since those bastards also sold my email to a bunch of spammers). 

At over 200 emails per day, I finally just had to do away with the catch-all.  From skimming all the crap that bounced to me, I was a bit surprised to see how many people still use “out of office” autoresponders.  Although on further thought, the original reason for discouraging their use has kind of faded, as spammers no longer seem to care where responses and bounces go and don’t use valid info anyway.  So now the innocent Joe Job victim gets to find out that Geoffroy from some company in France is “absent du 25/08/06 au 15/09/06.”

I also saw a few that required me to validate that I was a human and not a spambot.  Given that it was sent by a spambot, I guess it did its job.  But if I’d really sent a message to such a person, I would not complete a validation form.  I’d just write that person off as someone who doesn’t want email and find some other way to get in touch.

The final irony of the situation, though, is that I started receiving spam at the made-up addresses.  It would appear that somewhere out there someone is running some kind of collection scheme and adding the received addresses to a list of spam targets.

I felt kind of like I was in a giant email-based pinball machine. 

Saturday, September 09, 2006

Follow The Bouncing Spam

It appears the botnet Joe Job has started again.  This time it’s “enlargement” products they’re hawking.

I’ve gotten 180 bounces since about 6:00pm yesterday.  At this rate I may be forced to disable my catch-all, but it’s going to be a major PITA.  I’ve probably got over a hundred aliases in use, and they aren’t individually registered.  This means that I’m going to have to grovel through all of my previously received and sent emails and pull out the addresses I used and create explicit forwarding entries for each one.

Update 1:  Got five more just in the two minutes it took me to write this entry. 

Update 1a:  Up to 226 as of 3:39pm.

Update 2:  All of the spams link to various nonsense domains that contain “information” about something called “Man XL.”  The scammer behind this nonsense is an entity calling itself “WW3 DISTRIBUTERS LLC.”  Should you receive such an email, beware clicking the link unless you want to see Prasad’s “business” (if you were unfortunate enough to have clicked, you’ll know what I mean by that).

Update 3:  Internally, all of these sites have a frameset that pulls the main frame content from http://www.cabaretmarin.net.  Hitting that address causes a redirect to http://barbarises.net/ms/?bb, which then redirects to http://barbarises.net/ms/index.php?k=<garbage>.  That appears to be a “campaign” tracking link (i.e. this particular batch of redirects through cabaretmarin.net seems to share this “k” value).

I did a random check of several of these “.info” domains that are in the emails.  The all have similar information (i.e. same name, address, email) and were registered just a few days ago via RegisterFly.  Here’s an example:

Registrant ID:tuJCnDTXYin4eSHs
Registrant Name:patrice pennetier
Registrant Organization:pennetier
Registrant Street1:rue notre dame, 21
Registrant Street2:
Registrant Street3:
Registrant City:tubize
Registrant State/Province:NA
Registrant Postal Code:1480
Registrant Country:BE
Registrant Phone:+1.3292313108
Registrant Phone Ext.:
Registrant FAX:+1.3292313108
Registrant FAX Ext.:
Registrant Email:pennetier@lagema.com

Information on “barbarises.net”:

Domain Name:barbarises.net

Registrant:
Mike Vester
      Allensteiner Strasse 24
      47237

Administrative Contact:
Mike Vester
      Mike Vester
      Allensteiner Strasse 24
      Duisburg 47237
      Germany
      tel: 49 7161 3079405
      fax: 49 7161 3079405
      mike.vester@jelled.net

Technical Contact:
Mike Vester
      Mike Vester
      Allensteiner Strasse 24
      Duisburg 47237
      Germany
      tel: 49 7161 3079405
      fax: 49 7161 3079405
      mike.vester@jelled.net

Billing Contact:
Mike Vester
      Mike Vester
      Allensteiner Strasse 24
      Duisburg 47237
      Germany
      tel: 49 7161 3079405
      fax: 49 7161 3079405
      mike.vester@jelled.net

Registration Date: 2006-07-14
    Update Date: 2006-08-31
  Expiration Date: 2007-07-14

  Primary DNS:  ns1.buckraming.com         220.179.67.133
  Secondary DNS:  ns2.buckraming.com         220.179.67.133

The cabaretmarin.net domain appears to have been registered via a privacy service, though, which is not surprising as this is the first real link in the chain to his spam site:

Registration Service Provided By: Registerfly.com
Contact: support@registerfly.com
Visit: http://www.registerfly.com

Domain name: cabaretmarin.net

Registrant Contact:
  RegisterFly.com - Ref# 19298483
  Whois Protection Service - ProtectFly.com (q0seacfx9h23tj@protectfly.com)
  +1.8458183604
  Fax: +1.8456984014
  P.O. Box 969
  Margaretville, NY 12455
  US

Administrative Contact:
  RegisterFly.com - Ref# 19298483
  Whois Protection Service - ProtectFly.com (fm1v2n5rhvt9jan@protectfly.com)
  +1.8458183604
  Fax: +1.8456984014
  P.O. Box 969
  Margaretville, NY 12455
  US

Technical Contact:
  RegisterFly.com - Ref# 19298483
  Whois Protection Service - ProtectFly.com (qy5r8qhg3urbbxu@protectfly.com)
  +1.8458183604
  Fax: +1.8456984014
  P.O. Box 969
  Margaretville, NY 12455
  US

Thursday, April 20, 2006

Receiving Friendly Fire, Returning Same With Smile..

Now I’m starting to get people sending me emails via my contact form who are a bit steamed about supposedly getting spam from me.  Here’s the best, most succinct, example (from a gentleman who goes by the name TIM BLUST (and whose SHIFT-LOCK is locked in high dudgeon mode)):

I DO NOT KNOW HOW YOU GOT MY E-MAIL ADDRESS BUT PLEASE REMOVE ME FROM IT AND DO NOT SEND ME ANYMORE SHIT

Others were a bit more polite or used a bit more verbiage, but this one hit all the highlights:  How did you get my email? -and- Stop sending me emails.

It’s unfortunate that I can’t find a way to channel all the indignation and send it to its deserving target.  If I could figure it out we wouldn’t have any more problems with this spammer, as he would have long ago been reduced to a small pile of ash…

For the more irate ones, I use the following response:

I am not the one who is sending you email.  The sender has FORGED the email sender information to make it appear to have come from a user on my domain.  In general, one should never trust the “From:” address in a spam email, as spammers generally fake these to avoid getting irate emails such as the one I just got from you. 

For more information about TenTenTwelveCorp’s fraudulent emails, please go here:
http://www.aubreyturner.org/index.php?/orglog/tententwelvecorp/

The more polite ones get a bit more explanation (and no frowny).

TenTenTwelveCorp

This entry will remain as a reference for those affected by TenTenTwelveCorp’s fradulent emails.

If you have received spam email appearing to be from users at aubreyturner.com or aubreyturner.org please be aware that the sender information in these emails has been forged.  I cannot remove you from the email list, since I had nothing to do with sending the spam.  The spammer simply chose my domains to include in his fradulent emails.  For an explanation of what is happening, see below for links to two articles on the topic.

If you are receiving bounces from TenTenTwelveCorp’s fraudulent emails, welcome to the club!    It seems we’ve both been Joe Jobbed by this bastard. 

For more information, please read the following posts and the comments:
F****n’ Spammers
More F-‘in spammers

Tuesday, April 18, 2006

More F-‘in spammers

It seems like a lot of people have either been spammed by “tententwelvecorp” or have been on the receiving end of a Joe Job from their spams.  The onslaught continues apace, but I’ve learned quite a bit from the comments on my earlier post.  People have been finding my site when running searches for info on this stock scammer.

There is also some new information to put out here.  Specifically, in his latest emails he’s expanded his stock picks to include Labwire (LBWR) and Southwestern Medical INC (SWNM), and in a few he’s including a phone number for people to opt-out (since his domains seem to have been suspended).  The number given is (310)598-7434.  Searching Google and doing some reverse searches didn’t turn up anything of interest (or anything linked to “Johnson Eddisson”, should he actually exist).

I’ve also gotten a few emails via the contact form from people who are wondering what’s going on.  This is most especially true for people who don’t know much about computers or email.  I’m including my answer to the latest one here in the hope that people who search for information on this spammer will find it.  I’ve tried to make it readable for the lay person, but as always, it’s difficult to talk about computers, the Internet, and email without using some amount of jargon.

The original message:

I did a search on tententwe… and noticed that you made reference to them.  I keep getting emails (addressed to me) from people who I don’t know and it said to contact info-att-tententwelvecorp.com if I wanted them to stop.  I changed the -att- to @ and tried to send the email but it didn’t work.  I don’t know a lot about the interenet.  Since it sounds like your situation might be similar, I was wondering if you could explain any of it to me?  Thank you.

My response:

What is happening here is that a spammer is using a network of infected PCs to send spam to various people.  These networks of infected PCs are often called “botnets” (from the term “robot network”).  When the PC is infected (which can occur through a virus, a worm, or a trojan) it becomes a node in the botnet and takes commands from a central controller.  In this case, the spammer is using the network of PCs to send out spam.  They do this because sending spam from a legitimate internet-connected server is a quick way to have it shut down (since this act violates the Terms of Service of almost all legitimate hosting services).  These PCs are usually connected to the internet via Cable Modem or DSL and offer a quick and anonymous method to blast out thousands of emails in a short period of time.

The other part of the problem is that the protocols used on the Internet for exchanging email don’t have any security built into them.  They were developed in an era of mutual trust when the Internet was much smaller (and only universities, the military, and very few corporations were connected).  Because the protocols are so lax, it is a simple matter for the spammer to compose a message that appears to be from someone else.  In fact, I did the same thing with the contact form that you filled out to send me your original message.  When it arrives in my Inbox it appears to be from you, even though my web server actually sent it (this is actually considered a legitimate use of the protocol, though).

Since no one likes spam, putting your real email address in the “From:” of a mass mailing is a quick way to render that email address useless.  In fact, many email providers/ISPs will cancel an account if it can be proved that the person who owns the email address actually sent the spam from it.  So, the crafty spammer will either put a bogus email in the “From:” and “Reply To:” fields, or he will put someone else’s email address in there (this is known as a “Joe Job” in that it can be a form of attack against the person whose email address was used by the spammer).

This particular spammer is just making up email addresses as he goes by picking a person’s name and then associating a made-up email address with a VALID domain (the part after the “@” sign).  An example (that I just pulled out of my Trash folder): “Rosamund Hutchins” <hfl-at-aubreyturner.org>.  There is no user named “hfl” at aubreyturner.org, and I don’t know a person named “Rosamund Hutchins.”  But anyone receiving this email will possibly think it’s from her and that it came from my domain, when in fact it came from an infected PC in Switzerland (84-72-176-238.dclient.hispeed.ch to be exact).

However, since I’ve configured a “catch all” address for the domain (i.e. any email that isn’t addressed to a particular user goes to this address), then I receive a message for every single spam email that did not make it to the destination (a “return to sender” or “bounce” email).  So my interest in finding and eradicating the owner of tententwelvecorp is because I own “aubreyturner.com” and “aubreyturner.org”, both of which have been used for the “From:” address in this spammer’s email blasts.  So far I’ve received well over 200 bounce messages.  It’s not clear at this point whether I (and the others who have been on the receiving end of these bounces) was selected because I ticked this guy off at some point in the past or whether he just randomly picked some domains.

Recent legislation in the U.S., called the “CAN-SPAM” act, requires that every commercial email have a valid “From:” address and include information on how to opt-out of the mailings.  None of this spammer’s messages conform to these requirements, so if he is in the United States, he could be liable for a civil judgement of up to $11,000 per violation.  Additionally, by pumping these stocks, he could also be in violation of various S.E.C. (Securities and Exchange Commision) rules (which could be a criminal matter).  So it’s no surprise that “info@tententwelvecorp.com” didn’t work.  His domain has probably been suspended because of the spam he’s been sending.  Further, it appears that his domain’s contact information is bogus, so it’s nearly impossible to contact him.

In his latest round of emails, he is now including a phone number, but I haven’t had time to investigate it.  My suspicion is that the number is either bogus or it belongs to someone he doesn’t like (who will get irate phone calls from people who got the emails).

So, to sum up this long-winded reply: “spammers suck.” 

Since I wrote that reply, I’ve learned (from a commenter in the original post) that the phone number actually has a message requesting you to leave your email address to have it removed.  I’m not sure I’d trust it, though.  An asshole who would use other peoples’ domains for his bounces would just as likely take the opt-out list and use it as a list of “confirmed, hot” leads…

Update:  I see from the latest bounce that he has yet another domain, senginernd.com, which redirects to a Lycos-France member page, appearing to belong to a member called “removalsystem2”.  That site contains his “disclaimer.”  I found this bit interesting:

In compliance with the Securities act of 1933, Section 17(b), the publisher of this newsletter discloses they received payment from an unaffiliated third party for the circulation of this report in the amount of $200,000. Be aware of an inherent conflict of interest resulting from such compensation due to the fact that this is a paid advertisement and is not without bias. As we have received compensation in the form of free trading securities, we may directly benefit from any increase in the price of these securities.

So it would appear that this is a “pump and dump” sort of thing, where he is trying to inflate the price and then dump his shares.  I suppose by his disclosure he thinks he’s covering his butt legally.  Perhaps he is, as I’m not a lawyer.  But it’s pretty slimy.  Also notice that his verbiage implies that this is a “newsletter” and that there are “subscribers” (a term he used earlier in the disclaimer).

Here’s the WhoIs for senginerd.com:


Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/
Domain name: SENGINERND.COM

Registrant Contact:
  MTG-Experts
  Carl Bach (applewave@gmail.com)
  +1.6025413374
  Fax: +1.5555555555
  Pol Comtois Str.
  Los Angeles, CA 60981
  US

Administrative Contact:
  MTG-Experts
  Carl Bach (applewave@gmail.com)
  +1.6025413374
  Fax: +1.5555555555
  Pol Comtois Str.
  Los Angeles, CA 60981
  US

Technical Contact:
  MTG-Experts
  Carl Bach (applewave@gmail.com)
  +1.6025413374
  Fax: +1.5555555555
  Pol Comtois Str.
  Los Angeles, CA 60981
  US

Status: Locked

Name Servers:
  dns1.name-services.com
  dns2.name-services.com
  dns3.name-services.com
  dns4.name-services.com
  dns5.name-services.com
 
Creation date: 18 Oct 2005 14:43:36
Expiration date: 18 Oct 2006 14:43:36


I wonder if there’s really a “Carl Bach”?  It sounds fake.

Friday, April 14, 2006

F****n’ Spammers

I’m not dead.  Or at least my body continues to move about under its own power.  Allergy season just zaps the hell out of me.  And the pounding headache didn’t help.  But today seems a little better in that at least the headache is gone.

Anyhow, it seems that some “sidewindin bushwackin, hornswaglin, cracker croaker” has used one of my domains for the return address on their POS spam emailing.

So far I’ve only gotten 12 bounces, but it’s really annoying, and it’s a form of theft.  They’re stealing my resources to abdicate their own responsibility for spewing crap about some stupid penny stock.

If any of you should come across “Budget Waste Inc” or “tententwelvecorp.info”, drop a bomb on them for me.

Update:  More on this topic here.