In the last few days I have been receiving several emails from "web's biggest directory" (www-goto.com) asking the domain owner to "update" their "free" listing. Several of our customers have also received these emails and asked us about them.
Just wanted to forewarn everyone, because I am pretty sure these are unsolicited emails and they are a little tricky for novice web site owners. They draw the person in on the first page to "update the listing" and then a series of questionable "options" appear on the next steps. One is a subscription to some sort of list, and the rest are all some type of paid services. I attempted this on one of my domains to test it, rejecting to select any list subscription or paid service. I then received another email reply stating my "listing has been updated" but please click the "update ok" link to proceed.
I am quite wary of the "update ok" link and am almost certain this type of thing would subscribe the domain owner to somethig they don't want. So forewarn your customers/domain owners.
Traceroute on www-goto.com (which is not the same as goto.com) shows DNS of 18.104.22.168. 22.214.171.124 is registered with APNIC:
inetnum: 126.96.36.199 - 188.8.131.52
descr: Madgen Solutions Pvt. Ltd. provides collocation services, shared
descr: hosting services, private servers hosting, mailing solutions and
descr: mailservers and is located in Malviya Nagar, New Delhi, India
remarks: send all spam and abuse reports to [email protected]
Every domain I registered and added on my server has been receiving junk from goto directory for almost a year now !!
Im not sure how they are harvesting the e-mails or the data, because they seem to be including genuine headers and meta information from other search companies, but are sending the 'renewals' out to generic e-mail addresses.
I've found headers and meta information in the e-mails from them which is identical with info I have given on genuine search engines, but the e-mails are the problem, which usually always are addressed to [email protected] .
Obviously the way to reduce such spam is NOT to use a 'catch-all' system for your mailbox, but use named mail accounts instead, and then set your mail to bounce everything that is not sent to a named account. When naming your accounts, try NOT to use the common generic terms like info, sales, webmaster, customerservice, etc ., but use less obvious terms.
When I had combined registry and hosting through Yahoo every domain had a core address of [email protected] which forwarded to the Yahoo address. You could create and destroy other addresses, but admin was not disposible. So if a spammer decided to use admin, there was no getting away from the spam. Yahoo would normally put it into the Bulk folder, but it would never be a spam-free account again.