 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
katana
SWW Expert
Joined: 25 Dec 2006
Last Visit: 15 Mar 2010
Posts: 1780
|
 Posted: Sat Jul 21, 2007 1:11 am Post subject: Petslifeonline Advertising request |
 |
|
Hi all 
My son received this E-mail
| Quote: |
From: Jason <jgoldspink@googlemail.com>
Subject: PetLife
Date: 20/07/2007 13:22:45
To: *****Removed******
Text:
My name is Jason and I help promote PetLife, (www.petlifeonline.co.uk).
Petlife International Limited is a specialist supplier of dog bedding,
hygiene and pet care products, with a head office based in Bury St
Edmunds, Suffolk. 20 people work from the office and warehouse there,
and another 20 people are employed at the factory in South Witham,
Lincolnshire.
PetLife have an affiliate scheme set-up with Affiliate Future
(www.affiliatefuture.co.uk), you will receive 5% commission for every
lead you send to PetLife that results in a sale.
I was reading your site *****Removed****** and was wondering if
you would be interested in joining PetLife's affiliate scheme.
If you would be interested then you can sign up by using the following
link:
http://www.affiliatefuture.co.uk/registration/step1.asp?ref=2126
If I can be of any further help or you have any questions please email
me and I'll get back to you as soon as I can.
Thanks for your time.
Kind Regards,
Jason |
Just wondered if anyone had any thoughts as to its authenticity.
His site has absolutely nothing to do with real pets
_________________
If we have helped please consider a donation |
|
| Back to top |
|
 |
olliver
Expert Developer
Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
|
| Posted: Sat Jul 21, 2007 11:04 am Post subject: |
|
|
Hmmm... There's nowhere the recipient's name mentioned anywhere. This email looks like a template that can be sent to thousands of "prospective customers" without a change. So it qualifies as both bulk and unsolicited. Unfortunately you did not post the headers, which are important to determine the origin of the email and query NANAS about spams from that ip address.
Jason doesn't mention who he is (last name, website, function), there's just an anonymous Gmail account and there's an incentive given to send spam ("promotion", "affiliate scheme"). This is supported by the fact that he offers the "bidniz opportunity" to someone who hasn't got the remotest thing to do with pets and therefore no way of directing targetted traffic to that destination. Might be an indicator of some dude that has a dirty mailing list that is of shady origin or had been compiled from scraped email addresses by the sender himself.
affiliatefuture.co.uk is a domain that belongs to the following outfit:
| Quote: |
| Internet Business Group PLC (IBG) is a group of companies focusing on enabling e-commerce through the application of specialised marketing and technology. With a vision for growing online businesses, IBG's companies convert web traffic into transactions. |
http://www.ibg.co.uk/
Here's the part that links both sites together:
| Quote: |
| Launched in February 2002, AffiliateFuture is established as a leading Performance Marketing network; delivering tens of thousands of transactions per week to hundreds of clients who range from small clients to major international operators. AffiliateFuture operates on the principle of linking client spend with tangible results, and it therefore represents the purest form of performance marketing |
http://www.ibg.co.uk/Advertising/Default.asp
Google's Newsgroup archive sheds some light on that matter, too:
http://groups.google.com/groups/search?q=affiliatefuture.co.uk&start=0&scoring=d
You may notice that some of those messages are nothing but advertisements by affiliates who hope to get someone to click the link, so they earn money.
On another note, it seems that Jason is the same person as Tractor Boy in this thread from 2004:
| Quote: |
You can view the latest server with a
basic page and image (at least there should be one) [L=Click
Here]http://www.jgoldspink.btinternet.co.uk/[/L] and the image file is [L=here
to view]http://www.jgoldspink.btinternet.co.uk/images/banner.gif[/L]
Thanks Again,
Jason |
http://groups.google.com/group/macromedia.dreamweaver/browse_thread/thread/e339684633c2d758/917cafcada4b999a/
Note the macromedia email address has nothing much to say, as it seems to be generic email address used by any registered user from there:
http://www.google.com/search?q=webforumsuser%40macromedia.com&hl=en
Anyway, if it's the same person, than the following myspace profile belongs to him, too:
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=77243916
Found via that one from Google cache, as the email's more than likely his:
http://www.google.com/search?q=cache:UbCghZZl-cMJ:profile.myspace.com/index.cfm%3Ffuseaction%3Duser.viewprofile%26friendid%3D76086751+jgoldspink
Seems to me this guy needs to be educated about email marketing practice:
http://www.spamhaus.org/faq/answers.lasso?section=Marketing%20FAQs
As a summary, in my opinion your son should not reply to this email, as it has a spammy odour and this guy shouldn't be rewarded for sending solitations to any address he can get hold of. Perhaps reporting his affiliate id in connection with the email may help, provided that ibg.co.uk are responsible and legitimate marketers that don't want people to abuse their system.
Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe. |
|
| Back to top |
|
|
katana
SWW Expert
Joined: 25 Dec 2006
Last Visit: 15 Mar 2010
Posts: 1780
|
| Posted: Sat Jul 21, 2007 11:32 am Post subject: |
|
|
Cheers a notepet 
My son had no intention of replying to him,
especially as the link asks for his credit card no, which, like most 14 year olds, he has not got 
I just wondered if it was a common one going round.
I can get the headers if it would be any help.
_________________
If we have helped please consider a donation |
|
| Back to top |
|
|
olliver
Expert Developer
Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
|
| Posted: Sat Jul 21, 2007 2:19 pm Post subject: |
|
|
| katana wrote: |
| Cheers a notepet |
Glad to be of service to you.
| Quote: |
My son had no intention of replying to him,
especially as the link asks for his credit card no, which, like most 14 year olds, he has not got |
As I wrote before: The marketer may be well advised to reconsider his current ways of [not] earning money as affiliate.
| Quote: |
| I just wondered if it was a common one going round. |
That crossed my mind as well, but I couldn't found anything meaningful in NANAS. In case that was part of an actual spamrun, he might have managed to fly under the radar or was just fortunate enough not to hit any spamtraps.
| Quote: |
| I can get the headers if it would be any help. |
That'll be great. Of course you might want to redact your son's email address, to avoid even more unsolicited top notch bargain offers 
Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe. |
|
| Back to top |
|
|
katana
SWW Expert
Joined: 25 Dec 2006
Last Visit: 15 Mar 2010
Posts: 1780
|
| Posted: Sun Jul 22, 2007 1:46 am Post subject: |
|
|
Header
Return-Path: <jgoldspink@googlemail.com>
Delivery-Date: Fri, 20 Jul 2007 14:22:50 +0200
Received-SPF: neutral (mxeu6: 209.59.187.2 is neither permitted nor denied by domain of googlemail.com) client-ip=209.59.187.2; envelope-from=jgoldspink@googlemail.com; helo=cobalt.site5.com;
Received: from [209.59.187.2] (helo=cobalt.site5.com)
by mx.kundenserver.de (node=mxeu6) with ESMTP (Nemesis),
id 0MKsUu-1IBrVR3oqt-0007oE for *****Removed******; Fri, 20 Jul 2007 14:22:50 +0200
Received: from host217-40-217-69.in-addr.btopenworld.com ([217.40.217.69] helo=SEO1)
by cobalt.site5.com with esmtpa (Exim 4.63)
(envelope-from <jgoldspink@googlemail.com>)
id 1IBrVP-0008KO-2Z
for *****Removed******; Fri, 20 Jul 2007 08:22:47 -0400
From: Jason <jgoldspink@googlemail.com>
To: *****Removed******
Subject: PetLife
Date: Fri, 20 Jul 2007 13:22:45 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: Thunderbird 1.5.0.4 (Windows/20060516)
Message-ID: <00FA1F01$07140D162F8A$18F31E@SEO1>
X-Antivirus: avast! (VPS 000758-0, 19/07/2007), Outbound message
X-Antivirus-Status: Clean
X-Antivirus-Scanner: This message has been scanned by ClamAV.
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cobalt.site5.com
X-AntiAbuse: Original Domain - *****Removed******
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - googlemail.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-PhishingScore: 0
tests=
X-SpamScore: 3.4
tests= MSGID_DOLLARS_RANDOM RDNS_NONE
Envelope-To: *****Removed******
_________________
If we have helped please consider a donation |
|
| Back to top |
|
|
olliver
Expert Developer
Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
|
| Posted: Sun Jul 22, 2007 2:24 pm Post subject: |
|
|
Thanks for posting the headers.
| katana wrote: |
| Received-SPF: neutral (mxeu6: 209.59.187.2 is neither permitted nor denied by domain of googlemail.com) client-ip=209.59.187.2; envelope-from=jgoldspink@googlemail.com; helo=cobalt.site5.com; |
That SPF check comes from Schlund (=> "kundenserver.de") where your son appears to host his domain. It shows that Jason used cobalt.site5.com to relay his promotions (Note that he didn't send it via Google themselves). Either he's got a site on that server or he's making use of a cracked system/site.
| Quote: |
Received: from [209.59.187.2] (helo=cobalt.site5.com)
by mx.kundenserver.de (node=mxeu6) with ESMTP (Nemesis),
id 0MKsUu-1IBrVR3oqt-0007oE for *****Removed******; Fri, 20 Jul 2007 14:22:50 +0200 |
That's the actual received header. It says that Jason's MX delivered the mail to your Son's email account at Schlund. Because the mail was sent via a server where Gmail accounts obviously don't exist the following header may be forged and shouldn't be trusted. In this case, however, it's not as I will prove later on :
| Quote: |
Received: from host217-40-217-69.in-addr.btopenworld.com ([217.40.217.69] helo=SEO1)
by cobalt.site5.com with esmtpa (Exim 4.63)
(envelope-from <jgoldspink@googlemail.com>)
id 1IBrVP-0008KO-2Z
for *****Removed******; Fri, 20 Jul 2007 08:22:47 -0400 |
If the header is not falsified, it shows he sent his mail from a static DSL line (business account). Whois says the following:
| Quote: |
inetnum: 217.40.217.64 - 217.40.217.71
netname: Terry-PIGOTT-000000008351049
descr: BT-ADSL
remarks: Please send abuse notification to abuse at btopenworld.com
country: GB
admin-c: IT337-RIPE
tech-c: RJG3-RIPE
status: ASSIGNED PA
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
source: RIPE # Filtered |
Some Terry Pigott rented 8 Ip addresses from BT for his business (probably SEO related). This ip address is well known for Wiki spam:
| Quote: |
| Please refrain from adding nonsense to Wikipedia, as you did to Affiliate marketing. It is considered vandalism. If you would like to experiment, use the sandbox. |
http://en.wikipedia.org/wiki/User_talk:217.40.217.69
If I feed Google with Terry Piggott and SEO, I get to these fellows:
www.zzmarketing.co.uk aka www.zoomzoom.co.uk
That's interesting because of four things:
1. They're situated in Norwich, just like the person we assume to be Jason.
2. zzmarketing.co.uk is hosted by site5, just like where the mail originated from
3. Terry Piggott is business owner
4. Jason himself wrote on 4th of May this year
| Quote: |
My New Job
Category: Jobs, Work, Careers
Hurrah, I've got a new job. Now working in online marketing for these lovely people Zoom Zoom.[1]
Just in time to get a pay cheque before going to PinkPop Festival in Holland on May 26th, yay! |
(emphasis mine)
[1] denotes a link to www.zoomzoom.co.uk/
source: http://blog.myspace.com/index.cfm?fuseaction=blog.view&friendID=77243916&blogID=260861777
Looks like we know who Jason is and whom he's working for. Perhaps you'd like to drop his boss a few lines about his email marketing practice, but then again, if these fine fellows think it's okay to plug their links at Wikipedia, they might not care too much about it. And of course they will claim that their campaigns aren't spam because it's what the other guys do.
Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
