whoapiad space available here, contact us todayad space available here, contact us today

Is Microsoft Spamming Affiliate Links Through GoDaddy’s ExpressEmailMarketing Service, or Just the Sloppy Work of Another Spammer?

July 31, 2012

In an update to our previous post about an email spammer sending out affiliate spam for .CO renewals at GoDaddy, it appears as though the same spammers are back at it, cycling through disposable Gmail addresses as the old ones get flagged/blocked.  Or does it?

I certainly havn’t been able to keep them out of my inbox.  I’ve marked a number of these emails as spam, but before long I began getting similar ones from new @gmail addresses which Gmail is not sending to my junk folder.  This cycle has repeated at least one or two times now.

The current email I’m getting this spam from is renewsdotco@gmail.com.  (The address I first cited in the previous article was godaddyrenew@gmail.com. ) This time the subject line reads, “GoDaddy is HOT.Renew and SAVE 30% NOW. 3 days no Miminum!”

What I’ve noticed this time though, is that rather than identifying themselves as 200.name in the email as they did previously, the emails are now using Go Daddy’s corporate info in the footer.

This email was sent by Godaddy, 14455 N. Hayden Rd., Ste. 226, Scottsdale, AZ 85260, using Express Email Marketing.

GoDaddy Affiliate Spam Email

this is the entire content shown in body of email

Although at first, I had assumed that they were deliberately using this info to intentionally deceive recipients, it turns out that the email marketing service being used to send this spam is a service called Express Email Marketing , which is owned by Starfield Technologies, a company closely affiliated with GoDaddy.

According to Wikipedia, “Starfield handles research and design for GoDaddy’s web based services.”  ExpressEmailMarketing.com in fact forwards to GoDaddy’s website.

But it doesn’t end there.

When I hover over the affiliate links within the email, I notice that in my status bar the URL indicates the spammer is redirecting the offers through the domain Bing.vc.

So is the spammer also infringing on Microsoft here?  It sure looks that way.

At first glance, Bing.vc does appear to be registered to Microsoft.  But why in Hades would Microsoft be pimping themselves for affiliate income through GoDaddy .CO renewals?

Here is the whois information for Bing.vc according to DomainTools:

Registrant ID:WFW7942507-GNHP
Registrant Name:Microsoft Company
Registrant Organization:Microsoft
Registrant Street1:Microsoft Road
Registrant Street2:
Registrant Street3:
Registrant City:Seattle
Registrant State/Province:State of Washington
Registrant Postal Code:98101
Registrant Country:US
Registrant Phone:+01.206
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: domain@bing.vc

You will notice that the field for Street address is ‘Microsoft Road’, and the field for Phone number is ‘+1.206’.  I would have said that clearly the registrant of this domain is trademark-squatting and didn’t put a lot of effort into hiding their tracks.

The funny thing is, Bing.vc does forward to Bing.com.  Of course that may be part of the hoax, as well.

Following the rabbit hole down a little further, Bing.vc is currently using the following Name Servers:

Name Server:F1G1NS1.DNSPOD.NET
Name Server:F1G1NS2.DNSPOD.NET

A whois check for DNSPod.net reveals the following registrant information:

YanTai DiSiPu Network Co., Ltd.
Room 1210-1211, HuaXin Int. Building,
No. 28 ChangJiang Road, Development Dist
YanTai, ShanDong 264006
China

Is Microsoft really routing traffic through a third-party Chinese DNS Server?

Either one of two things seem to be going on here. You tell me which is more plausible …

The first scenario is that Microsoft is using Bing.vc to spam GoDaddy affiliate links through GoDaddy’s own in-house email marketing service.

OR

The second, more plausible scenario, is that someone out there, let’s call them ‘Spammer Steve’, has managed to pull the wool over some poor GoDaddy Affiliate Program representative’s eyes. How they could manage to get accepted, then get away with promoting affiliate links to a non-opt-in list of subscribers using GoDaddy’s own email marketing service, not to mention running the links through a pretty blatantly TM-infringing domain name, is beyond me.

I’ve tried to connect a few of the dots here. If anyone is able to deduce more information as to the possible identity of the spammer in questoin you are encouraged to post it below. thanks.

It bothers me, not merely because of a few extra unwanted emails in my inbox, but because this type of behavior reflects poorly on the domain industry where outsiders tend to assume the worst and lump all domainers into the same category.

Previous post:

Next post: