Jump to content
Sign in to follow this  
bobbear

'419' advice appreciated...

Recommended Posts

Normally the '419' scams I receive, (and I get a lot of them), come from the usual free email accounts all over the globe but this one appears to have registered his own domain:

_____________________________________________________________

Return-Path: <walterbanda[at]walterbanda.com>

Received: from mwinf3010.me.freeserve.com (mwinf3010.me.freeserve.com)

by mwinb3006 (SMTP Server) with LMTP; Thu, 13 Jan 2005 05:39:36 +0100

X-Sieve: Server Sieve 2.2

Received: from mwinf3014.me.freeserve.com (mwinf3014 [172.22.159.42])

by mwinf3010.me.freeserve.com (SMTP Server) with ESMTP id E#######ADE

for <1+fu30000000000000000001###4[at]back30-mail02-03.me-wanadoo.net>; Thu, 13 Jan 2005 05:39:35 +0100 (CET)

Received: by mwinf3014.me.freeserve.com (SMTP Server, from userid 1003)

id DFB44####5A; Thu, 13 Jan 2005 05:39:35 +0100 (CET)

Received: from web1.belizeweb.com (mail.belizeweb.com [206.27.238.23])

by mwinf3014.me.freeserve.com (SMTP Server) with ESMTP id 7635D18000EF

for <############>; Thu, 13 Jan 2005 05:39:34 +0100 (CET)

Date: Wed, 12 Jan 2005 22:33:10 -0600

Message-Id: <200501122233.AA296551162[at]web1.belizeweb.com>

Mime-Version: 1.0

Content-Type: text/plain; charset=us-ascii

From: "Walter Banda" <walterbanda[at]walterbanda.com>

Reply-To: <walterbanda[at]walterbanda.com>

X-Sender: <walterbanda[at]walterbanda.com>

To: <walterbanda[at]walterbanda.com>

Subject: Offer

X-Mailer: <IMail v8.05>

Envelope-to: ######

X-me-spamlevel: med

X-me-spamrating: 71.946196

X-Antivirus: AVG for E-mail 7.0.302 [265.6.10]

Dear Sir,

I do understand that this letter will come as a surprise to you. My name is Walter Banda. I am a Liberian, and an assistant to the former Liberian President Charles Taylor. I am currently in self exile in the UK.

As you may be aware there is an on going vindictive quest to freeze all know assets belonging to the family of Charles Taylor regardless of how it is acquired. Presently I am in control of Six million, three hundred thousand United States dollars only, ($ 6.3 m) belonging to him, which he has mandated me to transfer into a neutral account, to evade possible seizure .

This is a mutually beneficial transaction that can be concluded in a couple of days. You may signify your interest by emailing me at which I will provide further information. A percentage accruable to each party is negotiable. I will be happy to call you if you leave a number so I may proffer more information. Be assured your participation will not bring you into any disrepute as confidentiality is assured.

Best regards,

Walter Banda

_________________________________________________________________

Reporting it to the MX (203.199.83.202=mail.rediffmailpro.com) host draws no response or action from the various vsnl.com/vsnl.net addresses listed. Can, (& do you think will), the registrar of the domain (Network Solutions, LLC), take any action on an abuse report?

Regards,

Bob

Share this post


Link to post
Share on other sites

If you wait for network solutions to do something your grandchildren will have grandchildren. - JMHO :o

Share this post


Link to post
Share on other sites

Merlyn - You were quite right:

Reply from Networking Solutions:

"On November 1, 1999, a three-judge panel of the U.S. Court of Appeals for the Ninth-Circuit ruled that Network Solutions has no responsibility or duty to police the rights of trademark owners concerning domain names.

If the domain owner in question is conducting criminal activity we would ask you to defer to either the police or the proper authorities.

Thank you for choosing Network Solutions."

Thank you for nothing, Network solutions.... :angry: I don't see how the above ruling is relevant to the obvious '419' criminal abuse I highlighted, but one thing is obvious, Network Solutions are not interested and I'm wasting my time... :(

Share this post


Link to post
Share on other sites

Boy do I have a story about Network Solutions ... but I'll spare you the grief. It was about 1998 or '99, and luckily my host provider was able to get me switched to Tucows.

Share this post


Link to post
Share on other sites

If they wanted to, can a registrar, (e.g. Network Solutions), actually take any action against a domain that has been registered with them that is being used for criminal purposes, i.e. can they de-register it and close that account with their client and what immediate effect would that have on the website which presumably is hosted by a third party?

Share this post


Link to post
Share on other sites

Pardon my ignorance, but what happens if a registrar revokes the registration of a domain name which has been registered with them but is hosted by a third party. Do they notify the hosting company who then removes it from their servers and issues updated DNS data? I'm just not across the nuts and bolts of it all at all....

Share this post


Link to post
Share on other sites

The just change the DNS servers to an invalid name and the Domain doesn't resolve. They have no reason to contact anyone. It is against their terms of service you agree to when you register.

Their system, their rules!

I love it!

Share this post


Link to post
Share on other sites

Thanks Merlyn,

I have to admit that I still don't really understand the relationship between the registrar, in this case Network Solutions and the host of the site walterbanda.com which has an NS of rediffmailpro.com and the owner of the site IP address which is VSNL.... :(

What would rediff.co.in/VSNL do if Network Solutions revoked the registration of walterbanda.com, for instance? Is the hosting arranged by the registrar or the client?

So many questions, so little time..... :rolleyes:

Share this post


Link to post
Share on other sites

Hosting and the registrar can be the same or different. The DNS servers that tell you where to go are on the Registrar side of things. So no matter where a site is hosted if the registrar removes/changes the DNS servers the site will never come up for most people.

Share this post


Link to post
Share on other sites

Thanks for that - I think the murk is beginning to clear slightly..... In this case I think that the site was registered with Network Solutions and the criminal then arranged his own hosting with Rediff.com India Ltd on servers owned by them or VSNL. From what you say, though, if Network Solutions revoked the registration because of offences against their Acceptable Use Policy and invalidated the DNS data than the guy would be more or less scuppered until he re-registered the domain name with another registrar, then he'd be off again.... :(

I don't think they will do that though - it seems that Network Solutions have no interest in enforcing their AUP, no matter what the evidence of misbehavior is.

Share this post


Link to post
Share on other sites

The other insect in the ointment is that the domain has an associated email address of walterbanda[at]walterbanda.com and would that be affected if the site registration were revoked??? In fact I think the site has only been registered to get a 'bullet-proof' personal email address so I suspect that it wouldn't, but I just don't know if the hoster would continue to host an unregistered domain..... It's all too complicated for me..... :unsure:

Share this post


Link to post
Share on other sites

Yep, it's hard to follow sometimes, especially when so many folks play the game so differently.

You can "register" a Domain and do noting with it.

You can "register" a Domain and "park" it somewhere.

You can "register" a Domain and actually make it active ... and this requires data, such as DNS to point to where it's actually residing.

Registrar can "suspend" a Domain .. basically removing the DNS pointers to it .. site still exists on some computer somewhere, but there's no way to access it via the "Internet" .. and being "suspended" means that the current Registration is still valid (and this data usually locked down to prevent any changes) and can't be "re-created" elsewhere.

Registrar can "Revoke/Delete" the entry for that Domain ... but all this means is that the Domain owner could simply re-register the same Domain with another Registrar ... So in theory, getting compliments for "doing something" but actually accomplishing little.

And of course, you have the Registrars that "have no control" over anything but collecting the fees for registration ....

Share this post


Link to post
Share on other sites
But even if by chance they did, wouldn't the 'criminal' simply go to another registrar? The list I'm looking at shows 390.

http://www.icann.org/registrars/accredited-list.html

Keith

23115[/snapback]

I agree - he would, but surely that's not a reason for a registrar not to take action against flagrant abuses of their AUP - if every registrar were professional and took the required action, then a blatant criminal would have a much harder time, (and it costs him money too!).

Share this post


Link to post
Share on other sites
But even if by chance they did, wouldn't the 'criminal' simply go to another registrar? The list I'm looking at shows 390.

http://www.icann.org/registrars/accredited-list.html

Keith

23115[/snapback]

That's probably irrelevent by now, because if "Walter Banda" is going to get any money out of this particular spam, he's already gotten e-mail addresses to work on. He can just claim he has to change to Hotmail "for security reasons." Later on he could become BillBanda.com.

The main issue is that the more people along the chain are honest, the harder life is for the crook.

Share this post


Link to post
Share on other sites

Thanks Wazoo - that's interesting. Just one question(!), if a domain registration is suspended or revoked, what happens to an associated email account? Does it remain active in both cases or is it inactivated in some way too?

Cheers,

Bob

Share this post


Link to post
Share on other sites
if every registrar were professional and took the required action, then a blatant criminal would have a much harder time, (and it costs him money too!).

Well, couple thoughts/questions on that ...

Costs him money: What's the cost on regitration? $15 or thereabouts? I've heard that spammers actually (somehow) really do make money ... and enough to make their work continuable. Else, they wouldn't be in business for very long. Makes me sick and my head spin, but somehow this holds water.

With 390 registrars, if they were blocked once per day they could still go for over a year. I'm guessing the minimum time to get reported and get banned (by a registrar that cares about more than collecting fees) would take at least 2-3 days. But lets say its 5 days. At day 4 the 'criminal' is setting up another domain with another registrar. But in reality, they could get banned from site A in 3 days, site B in 28 days, site C in 12 days, etc. That's years and years worth of spamming - for just 'one' fake identity.

I really don't know a lot about all of this, so these are just the way the knowledge is entering my head as I read things here and there... I will always appreciate having my thoughts corrected where necessary.

Edited by kdcinfo

Share this post


Link to post
Share on other sites
Well, couple thoughts/questions on that ...

23123[/snapback]

I hear what you are saying and yes, there are always ways around things, but I still think that is no reason to say hey, let the criminals and spammers do what they like, they'll find a way anyhow. Personally I favour a 'zero tolerance' approach...... :)

If I report a 419 scammers response address, some responsible abuse teams will reply in the same day with an 'account closed' notice, others will never reply and I know that they have taken no action against the scammer who continues to use the same response account indefinitely. I know which I think is the right action. Even though the scammer will simply set up another 'throw-away' email account he has lost any responses on the closed account.

Christine - I agree, such action has to be quick - it's no good closing the stable door after the horse has bolted....

Share this post


Link to post
Share on other sites
I hear what you are saying and yes, there are always ways around things, but I still think that is no reason to say hey, let the criminals and spammers do what they like, they'll find a way anyhow. Personally I favour a 'zero tolerance' approach...... :)

Oh, please don't get me wrong. I'm all about reporting 'till my fingers shrivel up.

But for a better chance at defeating an enemy is to understand not only the enemy, but what their options are... If people know the spammers can do this and that, perhaps they can think of other ways of approaching the entire situation.

Aside from that, being realistic can help avoid the "UGH!!! I keep submitting but nothing is happening" stage. :huh:

Share this post


Link to post
Share on other sites
Well, couple thoughts/questions on that ...

Costs him money: What's the cost on regitration? $15 or thereabouts? I've heard that spammers actually (somehow) really do make money ... and enough to make their work continuable. Else, they wouldn't be in business for very long. Makes me sick and my head spin, but somehow this holds water.

With 390 registrars, if they were blocked once per day they could still go for over a year. I'm guessing the minimum time to get reported and get banned (by a registrar that cares about more than collecting fees) would take at least 2-3 days. But lets say its 5 days. At day 4 the 'criminal' is setting up another domain with another registrar. But in reality, they could get banned from site A in 3 days, site B in 28 days, site C in 12 days, etc. That's years and years worth of spamming - for just 'one' fake identity.

I really don't know a lot about all of this, so these are just the way the knowledge is entering my head as I read things here and there... I will always appreciate having my thoughts corrected where necessary.

23123[/snapback]

I think that these 419 guys make their money like this: Some curious person who doesn't really believe it answers the post and gets the hard sell. The person on the other end asks him to set up a bank account with a token amount of money in it. Then the scammer needs a little more money for faxes, bribes, whatever. It goes on as long as the sucker lets it. It starts out as a combination of entertainment and greed for the sucker, and the scammer puts on a good show, so it gets harder and harder for the sucker to admit that nothing fun will ever happen. Most suckers probably top out at a few hundred dollars, but from the scammer's point of view, it was worth it.

I don't believe spammers make money selling fake Viagra, but rather they make their money selling spam services to people who think they can make a fortune selling fake Viagra. And most of the time there's no genuine fake Viagra anyhow. They charge your card and you never even see the stuff. There's no shortage of stupid people who think they're smart enough to rip others off. (Ref. Amway)

Share this post


Link to post
Share on other sites
Thanks Wazoo - that's interesting. Just one question(!), if a domain registration is suspended or revoked, what happens to an associated email account? Does it remain active in both cases or is it inactivated in some way too?

I'll try to answer the only way it can be answered ... if example.com was suspended/revoked, the DNS changes made to reflect that status, then your e-mail addressed to Bob[at]example.com would hit your outbox (your network system or your ISP's e-mail handling system) which would then "look up" the data needed to send that e-mail on it's way. As the DNS records are now indicating "there is no such place as example.com" ... you'll end up with a shiny error message advising you that you have fat fingers and can't type, as you obviously can't spell example.com correctly <g>

Share this post


Link to post
Share on other sites
Well, couple thoughts/questions on that ...

Costs him money: What's the cost on regitration? $15 or thereabouts?

Those numbers are nebulous at best. Some folks waive fees for registraion if you also host with them. Others have special arrangements, say for the alleged exploits of Ralsky for instance, burning out hundreds of domains a day ....

I've heard that spammers actually (somehow) really do make money ... and enough to make their work continuable. Else, they wouldn't be in business for very long. Makes me sick and my head spin, but somehow this holds water.

Some spammers create income from those silly/stupid/desparate people that do in fact fall for the pitch. One nailed pharmaceutical spammer was basically buying a bottle of pills at something like $3 US, spewing the spew and asking the amazingly low price of between $85 and $145 depending on the spam run. It's obvious that it doesn't take but a couple of fools and most costs are covered. On the other hand, it's pretty much a given that the top spammers are usually actively pushing product .. geeze, that means warehousing, shipping, manual labor, payrolls, etc .... much easier to simply offer the spam spew service to those wannabe's that can't figure out how to build their own list of millions of known-good-opred-in-really-want-your-crap e-mail addresses.

Merlyn recently posted a link over in the newsgroups that talks about yet another way to "make" money from spam ... (and the rather nice news of finally getting busted for it <g>)

http://www.oag.state.tx.us/oagNews/release.php?id=747

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×