Jump to content

Private Anonymous Domain Reg and the USPS


Devilwolf
 Share

Recommended Posts

I've noticed that a lot of spam friendly registers such as namecheap and aplus offer spammers anonymous domain registration that allow the spammer to use the registers' address as their own, and the register will forward MAIL and email.

According to USPS regs a commercial mail receiving agency (CMRA) operator has to appear before the postmaster IN PERSON to apply to operate a CMRA, and in order to forward mail, the CMRA operator has to keep a copy of customers ID and a signed form on file, and provide a copy of all the forms to the postmaster every three months.

http://www.usps.com/forms/_pdf/ps1583.pdf

NOTE: The applicant must execute this form in duplicate
in the presence of the agent,
his or her authorized employee, or a notary public.

The agent provides the original completed signed PS Form 1583 to the Postal Service and retains a duplicate completed signed copy at

the CMRA business location. The CMRA copy of PS Form PS 1583 must at all times be available for examination by the postmaster (or

designee) and the Postal Inspection Service. The addressee and the agent agree to comply with all applicable Postal Service rules and

regulations relative to delivery of mail through an agent. Failure to comply will subject the agency to withholding of mail from delivery until

corrective action is taken.

I'm testing this out against namecheap.com's whoisguard which states on their website that they forward physical mail. Whoisguard is based out of a CMRA run by UPS, so I also targeted UPS for not getting proper 1583's on file from every company that whoisguard is forwarding mail for, because under USPS regs UPS is only supposed to accept mail for names that they have a 1583 on file for.

Will prob take about month for the US Postal inspectors to respond, but I'm hoping that UPS will kick namecheap out of their store sooner or fine the franchise owner for allowing illegal activity.

If you can not go after the spammers, go after the people the spammers do business with.

Seems that California has even stricter regulation of CMRA's

http://law.onecle.com/california/business/17538.5.html

(a) It is unlawful in the sale or offering for sale of consumer goods or services for any person conducting, any business in this state which utilizes a post office box address, a private mailbox receiving service, or a street address representing a site used for the receipt or delivery of mail or as a telephone answering service, to fail to disclose the legal name under which business is done and, except as provided in paragraph (2) of subdivision (
B)
, the complete street address from which business is actually conducted in all advertising and promotional materials, including order blanks and forms. Any violation of the provisions of this section is a misdemeanor punishable by imprisonment in the county jail not exceeding six months, or by a fine not exceeding two thousand five hundred dollars ($2,500), or by both.

Link to comment
Share on other sites

...According to USPS regs a commercial mail receiving agency (CMRA) operator has to appear before the postmaster IN PERSON to apply to operate a CMRA, and in order to forward mail, the CMRA operator has to keep a copy of customers ID and a signed form on file, and provide a copy of all the forms to the postmaster every three months. ...
Thanks for the investigation & research. Certainly a proportion of the membership has demonstrated time and again a wish to more actively "engage the enemy" and this should interest those with spammers in areas under US Postal Service jurisdiction.
Link to comment
Share on other sites

Took me a bit of work to get thru the USPS burecracy, which is a few levels deep. CMRA's have to be registered with the local postmaster, but the actually background checks and record keeping is handled by regional departments, and investigations of violations are then handled by a local department of the Postal Inspectors.

My first calls where blown off, I was given a circular reference (call customer service, they say call postal inspectors, inspectors say to call customer service). Calling the actual post office and asking to speak to the postmaster eventually got me to a ph# to an operations unit, that referred me to a non-public number to a investigations dept.

The women at the investigation department first acted a bit peeved, as I suspect they don't generally get calls from the public, but once I explained the situation, and mentioned that they where providing CMRA services without getting any ID she was a lot more interested in talking to me.

Link to comment
Share on other sites

...The women at the investigation department first acted a bit peeved, as I suspect they don't generally get calls from the public, but once I explained the situation, and mentioned that they where providing CMRA services without getting any ID she was a lot more interested in talking to me.
Potential risk to national security, I should think they would be very interested - if not then other, more steely-eyed and square-jawed types, would be queueing up with pointed questions to put to the APS. Thanks again Devilwolf.
Link to comment
Share on other sites

Potential risk to national security, I should think they would be very interested - if not then other, more steely-eyed and square-jawed types, would be queueing up with pointed questions to put to the APS. Thanks again Devilwolf.

I managed to track down one of the advertised sites to an address in florida (the site had been sued for fraud and child porn in 2007.)

Seem that in spite of all the laws suits and past investigations, I was the first person to ever call the city and ask the simple question... "Does this business have the permits to operate a adult business in a residential neighborhood?"... The answer was No, and the city doesn't allow escort services, and the city doesn't want adult businesses in general.

The city business license manager said she will refer the case for criminal investigation because its a money for sex business. I made sure to give her a link to news story about how the site has been linked to child sex (a guy used the site to hook up with a 14 year old girl, the site managed to weasel out under the CDA safe harbor).

Link to comment
Share on other sites

I got a call today from the USPS Inspectors. Asking a few follow up questions. The agent said that he was going there in person to inspect both the UPS Store's and the private domain company's permits and regulatory filings. (hahaha they are gonna get audited on a friday...)

I asked him to call or mail me the results if he is allowed to. He said he would.

If he does call me back, and I have more time to speak to him, does anyone have any questions they would like me to to ask.

I intend to ask the following

Are their local offices that investigate CMRA abuse, and how do you contact them directly or convince 1st tier call center staff to put you in touch?

If a company does not forward mail, but allows its address to be used as the public face of another company is that a CMRA.

Can a company operate a CMRA from a PO Box?

If a US company is using an offshore CMRA to hide its US location, is that a violation of USPS rules?

Are their any types of scams run out of CMRA that the USPS considers a priority to focus on.

My business license tactic also seems to be bearing fruit as the city clerks office said they are issuing a C&D until the company gets licensed. A little victory, but I bet in a small rural bible belt town its gonna get around that So and So runs a porno biz that hooked up a 14 y/o girl with a molester... That will make her popular at the next PTA cookie sale.

Sending spam to a Satanist Is Not With Out Its Risks

Link to comment
Share on other sites

...Sending spam to a Satanist Is Not With Out Its Risks
Well, you scare the heck out of me 'wolf and I never did you no wrong. :D The questions? Can't think of any others, it's all out of my own balliwick anyhow. I should think you, personally, will have reduced problems in contacting USPS officials henceforth (if you don't bug them too much) but they may not be prepared to hand out such access to the public at large. One of the few (perhaps the only) luxury of Gov't work for the investigative arms is the ability to keep out of sight of the "clients", the public at large. Just like "real" detectives, they get to regulate their own workload that way.
Link to comment
Share on other sites

One of the few (perhaps the only) luxury of Gov't work for the investigative arms is the ability to keep out of sight of the "clients", the public at large. Just like "real" detectives, they get to regulate their own workload that way.

True, but I figure that has to be a effective way to expedite such info thru the gatekeepers. Its just a matter of knowing the right buzzwords so that you don't get into a loop of getting referred back and forth from one bottom tier call center to another.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...