Domain offer spam from [email protected]

[Peter]

Just received the spam below. Appears to be a new 1 going about. Carried out a quick search on google and only 4 or 5 responses for the email address. Anyway be vigilant.

From: [email protected] <[email protected]>
Subject: domain.com (modified but this will match your domain)
Message

Hello,
I am interested in purchasing this domain name (not the website content, only the domain).
If you are open to selling please let me know ASAP and I will submit my best offer.
Thanks for your time,
Steve Johnson ([email protected])

Notice the email it was sent from was actually [email protected]. The email address this was sent too is only used on my whois.

 

[gladdy]

received an email from Steve couple of days ago, same story email account permanently closed on reply. ))

 

[SearchEngineZ]

Mine doesn't expire until mid-2013, so it doesn't seem to be expiry dates triggering it.

Best I can think of is:

1) They only target domainers (ie multiple WHOIS entries)
2) They only want to know if you reply to emails

Perhaps they are maintaining a list of domainers who are responsive, for another list they use for their more genuine inquiries - so that this other list avoids spam filters???

 

[RevolutionaryDomains]

[email protected]

I just received this, only he has a new email addy, or so it would appear.

It seemed a bit fishy considering s/he uses a free yahoo email addy to contact people for business. Not to mention the ciphersense addy is also attached in the email. Silly kids!



Received: (qmail 334 invoked by uid 30297); 6 Sep 2012 17:27:11 -0000
Received: from unknown (HELO p3pismtp01-057.prod.phx3.secureserver.net) ([10.6.12.121])
(envelope-sender <[email protected]>)
by p3plsmtp01-02.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for <removed.com>; 6 Sep 2012 17:27:11 -0000
X-IronPort-Anti-Spam-Result: ApoCAEbaSFDRVd+plGdsb2JhbABFgm6CUqQKkW8IIgEBAQEJCQsJEimCMgcCFw8GAQE4gQ8BBAEFAQMBBisih1sBAQIPAZxWCQOKZoE9CYJqAQWFTAMBiX0Gii6EDIMchwOBUIs5gmWFRYQ7gWGBST5Dg2CCFw
Received: from mail-ie0-f169.google.com ([209.85.223.169])
by p3pismtp01-057.prod.phx3.secureserver.net with ESMTP; 06 Sep 2012 10:18:30 -0700
Received: by iec9 with SMTP id 9so3980422iec.0
for <removed.com>; Thu, 06 Sep 2012 10:18:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=ciphersense.com; s=ciphersense.com;
h=message-id:mime-version:from:to:reply-to:date:subject:content-type
:content-transfer-encoding;
bh=Aq8a5Fpmi30USuPfzi6F0XzTCMXVQOSLE2XuNmsN42s=;
b=SjrJPeUcOS8iXLWIgQiiQK8coMVdg/pGl6NK9xGqzy2FzpPyzTDrgSf6ndJoFwyOBW
NvWEJRB+xfxlbonTygdYthMieSDvA91cAp4xr5brBkgcMfRv7b7r231XcX+P6VitdJVa
M/ZqRFHCrfiUT6dzve/s1VJ1lMHDedp4Ijnk4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20120113;
h=message-id:mime-version:from:to:reply-to:date:subject:content-type
:content-transfer-encoding:x-gm-message-state;
bh=Aq8a5Fpmi30USuPfzi6F0XzTCMXVQOSLE2XuNmsN42s=;
b=b3lvr8x/3GYmd4xP8xEhrd1KYGbEmuAGbhCQ9S9koYt9nEOFk0f1vpA02c9tyLeZjp
bL+ufy+FHGkco1Iyly8AYevPVWkNX//3g2oaZYIBcUvygZKtQZS7MGqpdgo1POnMWh0c
/ad/yUre1TXTqhHB2V6YO8KVmsUoKkmXmkNfvbae0kJGKT+95GClz50VENmGwHP8+lPW
eZhmnKKqO9e4PLypceCDIwPCFkQhzgJEV47xRRT1x13PM7zGefiOCLl33TSgB6/vXJv0
t5aBKXf9FMqblUbOhpcLBrDkw5Z1pbh4cesJ5mudTt3EnM9/kzdWgg3elI5IEfKrLMOV
s7rQ==
Received: by 10.50.57.202 with SMTP id k10mr4147524igq.45.1346951595131;
Thu, 06 Sep 2012 10:13:15 -0700 (PDT)
Return-Path: <[email protected]>
Received: from njacksondwin8-d ([2601:d:3f00:13:793b:cefe:480d:8441])
by mx.google.com with ESMTPS id bp8sm6537909igb.12.2012.09.06.10.13.13
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 06 Sep 2012 10:13:14 -0700 (PDT)
Message-ID: <[email protected]>
MIME-Version: 1.0
From: "[email protected]" <[email protected]>
To: removed.com
Reply-To: [email protected]
Date: Thu, 06 Sep 2012 10:13:14 -0700 (PDT)
Subject: removed.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnYaIromDk8FzKOciKLucnYLw7y5l0ejLDf1b7RaQyM9zV3HPamoZGyJTIEgqjju7AgzcMR
X-Nonspam: None



From Subject (Thread Messages) Date Size
Hello,
I am interested in purchasing this domain name (not the website content, only the domain).
If you are open to selling please let me know ASAP and I will submit my best offer.
Thanks for your time,
Mike Howard ([email protected])

 

[polski]

I'm new to this forum and just want to say thanks for this thread - I got an "inquiry" from mikesbikes444 earlier this afternoon (on a domain that currently is registered through 2014) and am glad I googled before replying.

 

[dompro]

I would like to know what is the point of those (e.g. domain appraisal or some other scam?), had someone replied and figured it out?

 

[Kate]

I would like to know what is the point of those (e.g. domain appraisal or some other scam?), had someone replied and figured it out?

On a blog somebody suggested it could be a ploy to spot domains that could be stolen from bouncing E-mails.

Or see post #18.

 

[CreationNation]

I am also receiving these.

I had seen on another site that if you reply back, the person offers an amount, but then wants you to go through an appraisal process for the domain (which is where they make their money) before they will buy it.

 

[hand-held]

Got one today too. They're being sent on behalf of DNF member Chad, not sure if he's active here. Draw your own conclusions!

 

[EdwinJ]

Just received this today:


----- Original Message -----
From: "[email protected]" <[email protected]>
Sent: Monday, September 10, 2012 3:42 AM



Hello,
I am interested in purchasing this domain name (not the website content, only the domain).
If you are open to selling please let me know ASAP and I will submit my best offer.
Thanks for your time,
Mike Howard ([email protected])

 

[Don]

I also rec'd one today...

date: Sun, Sep 9, 2012 at 10:26 PM
from: [email protected] [email protected]

--

Hello,
I am interested in purchasing this domain name (not the website content, only the domain).
If you are open to selling please let me know ASAP and I will submit my best offer.
Thanks for your time,
Mike Howard ([email protected])

--

Figured I'd see more of the same here.

Oy vey.

 

[enlytend]

On a blog somebody suggested it could be a ploy to spot domains that could be stolen from bouncing E-mails.

That makes more sense than any other theory so far. It's not Godaddy related.

Just got another one of these this AM.

I don't know about anyone else, but I'm getting them sent for decent names - they're not targeting the bottom of the barrel like the appraisal scams.

 

[AndyB]

I too got the same email as above, from mikesbikes444. When I got a 2nd one, to a different email address for a totally unrelated domain, I got suspicious. The good news, is that I joined this forum because of it

 

[bulkdomainz]

One here from MikesBikes444 too asking if a domain is for sale! As the domain had no content so I wondered what content he was going on about!

 

[Domain Divestments]

Just got a message from him.

 

[RogueWriter]

Definately not just a godaddy thing, received one inquiry for a domain regged via dotster.

The 'checking for bouncing' emails is an interesting theory. Hmmm.

 

[keerock]

Received the same this morning. On a good domain, not just anyone that I own.

 

[savannahmedia]

[email protected]

just got an email as well....whats the purpose???

 

[prorank]

about the domain offer email

I noticed someone asked what teh purpose was for this person to send us these emails saying they want to make an offer on a domain. Well there is only 1 logical explanation and that is the person is most likely collecting emails that are of real people who reply to him. Then he sells a verified list of email addresses...Another spam A..H...
Prorank

 

[GypsumFantastic]

I just received the same email from mikesbikes444 (email copied at end).

I also received a similar one 2 weeks ago for the same domain (from a different email address).

Also, for the same domain again, I've had at least 3 emails offering the plural version of the domain to me.

It's a decent quality 2 word generic dotcom.

So maybe they are targeting specific domains?

Hello,
I am interested in purchasing this domain name (not the website content, only the domain).
If you are open to selling please let me know ASAP and I will submit my best offer.
Thanks for your time,
Mike Howard (mikesbikes444---)

 

[madan712]

Even i received same mail

Guys even i received the below email today. Because i am interested to sell my domain i replied to it.



from: [email protected] [email protected]
reply-to: [email protected]

Hello,
I am interested in purchasing this domain name (not the website content, only the domain).
If you are open to selling please let me know ASAP and I will submit my best offer.
Thanks for your time,
Mike Howard ([email protected])

 

[dompro]

to spot domains that could be stolen from bouncing E-mails.

how domain can be stolen due to bouncing email?

 

[Underdawg]

I too got the same email as above, from mikesbikes444. When I got a 2nd one, to a different email address for a totally unrelated domain, I got suspicious. The good news, is that I joined this forum because of it

HAHA Me too! Thanks mikebikes for helping me find this website. LOL :bingo:

 

[Kate]

how domain can be stolen due to bouncing email?

If the whois record has an expired E-mail address or one based on a domain name that no longer exist, then you can claim the address (eg. free mail like yahoo) or re-register the domain, then recreate the E-mail address and take over the account at the registrar (using the password reminder feature).

 

[dompro]

If the whois record has an expired E-mail address or one based on a domain name that no longer exist, then you can claim the address (eg. free mail like yahoo) or re-register the domain, then recreate the E-mail address and take over the account at the registrar (using the password reminder feature).

thank you, took me 3 times to read to understand it . This is one more reason to have a different whois email from the registrar account email I guess.

 

[Kate]

This is one more reason to have a different whois email from the registrar account email I guess.

Yes, it's an additional layer of security. It also makes sense not to use free E-mail accounts or that you do not otherwise control for critical stuff.