Anyone else getting spammed on sponsor email addys?

[dcortez]

For some time, we have been receiving blatent brutal spam to addresses we specifically provided sponsors. Most recently, this has escalated significantly in volume.

At first we thought spammers were just guessing typical email addresses one might provide a sponsor, but we're getting spam on very unique email addresses asigned to individual sponsors (when we signed up) so that we could track this sort of thing.

Is anyone else getting spam like this?

Any ideas on how this may happen?

Are sponsors distributing their affiliate lists?

Are sponsors databases being hacked?

??

[u-Bob]

same here. (spam mails directly to UNIQUE addresses. no bruteforce address guessing). Contacted the sponsors about it...

Quote:

Any ideas on how this may happen?

sponsor server(s) compromised, sponsors selling the list to spammers, rogue employees selling the list to spammers,...


My advice: See it as an opportunity to learn something about your sponsors. Some sponsors will just thank you when you contact them, others will investigate, some will admit they've had a small problem and apologize, others (like wild west cash for example) won't even bother to reply to your msgs,...

[dcortez]

Quote:

Originally Posted by u-Bob

same here. (spam mails directly to UNIQUE addresses. no bruteforce address guessing). Contacted the sponsors about it...


sponsor server(s) compromised, sponsors selling the list to spammers, rogue employees selling the list to spammers,...


My advice: See it as an opportunity to learn something about your sponsors. Some sponsors will just thank you when you contact them, others will investigate, some will admit they've had a small problem and apologize, others (like wild west cash for example) won't even bother to reply to your msgs,...

On closer examination of the 'offending sponsors', it looks like there may be a common thread to them via their billing processor.

Perhaps the billing companies are the ones with the weak data security and the affiliate programs they manage are not as safe as we would expect.

This raises the higher tier issue of whether sponsors and their employees/subcontractors should be bonded given the information they have such casual access to.

[SmokeyTheBear]

i recently got hit with some to a fresh email addy that only 2 companies that have that email are epassporte and pimproll .. the spam just started a day after epassporte had their "database problems" , but i also had just been added to pimproll so im still trying to figure this one out..

anyone else that can narrow it down would help

[RogerV]

Hell yea I fuckin hate it not sure which program is doing it

[martinsc]

i use the same gmail for all sponsors and havn't yet received a single spam mail at it...

[Nasty]

Quote:

Originally Posted by dcortez

For some time, we have been receiving blatent brutal spam to addresses we specifically provided sponsors. Most recently, this has escalated significantly in volume.

Is anyone else getting spam like this?

Same here, I use a different email address for every sponsor and every site and starting yesterday have received spam to over 50 different email addresses, was thinking maybe my host's mailserver was the culprit

[Tempest]

Yep...

http://www.gofuckyourself.com/showthread.php?t=602795

[edgeprod]

Every time I sign up to a program or site, I give it a unique email address, like [email protected], for example -- and my site.com (or whatever) mail server just shoots it out to my "main" account. I take a look at the header to see what email it came to, and more often than not, it's a "major" sponsor that sold my address or got hacked.

NOTE: This hasn't happened with EpicCash, lol, it was just an example.

[edgeprod]

Oh, right, just remembered when I saw that other thread ... I *always* get spam on my fucking platinum bucks custom email address ... that one had to have gotten out.

[dcortez]

Looks like this problem has increased for many over the past couple days and the trend seems to suggest that the common billing processor may be the culprit in releasing (or not securing sufficiently, or both) our affiliate information.

This is getting ridiculous - the spam has been flooding in over the past couple days and getting worse each day.

I'm tempted to set up aliases for each of my (sponsor) violated addresses and send them back to the sponsors directly - let them deal with their mess!

[Tempest]

Quote:

Originally Posted by edgeprod

Every time I sign up to a program or site, I give it a unique email address, like [email protected], for example -- and my site.com (or whatever) mail server just shoots it out to my "main" account. I take a look at the header to see what email it came to, and more often than not, it's a "major" sponsor that sold my address or got hacked.

NOTE: This hasn't happened with EpicCash, lol, it was just an example.

yeah.. you can't really use something like [email protected] as the spammers put those in to try..... I do other things like [email protected]... and the fuckers are getting those ones.. It wouldn't be so bad if the sponsors could correctly update ones email addresses all the time, but they tend to fuck it up.. Otherwise I'd just change the email address and deny the old one at the server.

[gooddomains]

spamming.....

[edgeprod]

Quote:

Originally Posted by Tempest

yeah.. you can't really use something like [email protected] as the spammers put those in to try..... I do other things like [email protected]... and the fuckers are getting those ones.. It wouldn't be so bad if the sponsors could correctly update ones email addresses all the time, but they tend to fuck it up.. Otherwise I'd just change the email address and deny the old one at the server.

Yeah, it's code -- I just didn't want some schmuck to comment on it and get the wrong idea.

[kursk]

I've just recently been getting spam on a daily basis..

[Barefootsies]

Quote:

Originally Posted by edgeprod

Every time I sign up to a program or site, I give it a unique email address, like [email protected], for example -- and my site.com (or whatever) mail server just shoots it out to my "main" account. I take a look at the header to see what email it came to, and more often than not, it's a "major" sponsor that sold my address or got hacked.

NOTE: This hasn't happened with EpicCash, lol, it was just an example.

Same here. I use specific e-mail addy's when signing up. When spam starts rolling, I look to see which addy's it's coming from. Then I know who to drop.

[Tom_PM]

Quote:

Originally Posted by dcortez

For some time, we have been receiving blatent brutal spam to addresses we specifically provided sponsors. Most recently, this has escalated significantly in volume.

At first we thought spammers were just guessing typical email addresses one might provide a sponsor, but we're getting spam on very unique email addresses asigned to individual sponsors (when we signed up) so that we could track this sort of thing.

Is anyone else getting spam like this?

Any ideas on how this may happen?

Are sponsors distributing their affiliate lists?

Are sponsors databases being hacked?

??

Are you getting any from PimpRoll or Adult Elite? We've been checking into Smokey's and havent found any unusual activity.

We dont even email our members or anything, so I can assure you we're not emailing spam to our affiliates!

[u-Bob]

bump***********

[edgeprod]

Quote:

Originally Posted by Barefootsies

Same here. I use specific e-mail addy's when signing up. When spam starts rolling, I look to see which addy's it's coming from. Then I know who to drop.

If I dropped every sponsor who sold my email address, I'd hardly be promoting ANYONE!

[dcortez]

Quote:

Originally Posted by PR_Tom

Are you getting any from PimpRoll or Adult Elite? We've been checking into Smokey's and havent found any unusual activity.

We dont even email our members or anything, so I can assure you we're not emailing spam to our affiliates!

I will try to put a table together of all the 'sponsors' whose names are being used in spam so we can find ground zero for this problem and deal with it.

If sponsors/processors are leaking and/or selling affiliate info to spammers, then they should be subject to FTC penalties just like sponsors who turn a blind eye to their affiliates violating spam laws.

Enough is enough already!

[CyberHustler]

i hate spam

[The Duck]

Quote:

Originally Posted by SmokeyTheBear

i recently got hit with some to a fresh email addy that only 2 companies that have that email are epassporte and pimproll .. the spam just started a day after epassporte had their "database problems" , but i also had just been added to pimproll so im still trying to figure this one out..

anyone else that can narrow it down would help

I have been recieving a buttload of spam im sure are coming from someone hacking epass.

[madawgz]

yes, but they are all blocked

[MontrealPimp]

things that make you go hmmmm ;) You will see many more threads like this one over the next little while, that I can assure you all of.

[Michael O]

Quote:

Originally Posted by PR_Tom

Are you getting any from PimpRoll or Adult Elite? We've been checking into Smokey's and havent found any unusual activity.

We dont even email our members or anything, so I can assure you we're not emailing spam to our affiliates!

I don't think the problem is at sponsor level.
I did a test signup to a pimproll site and a few days later the spam started rolling in.
That was a short time after Dave had said PimpRoll don't mail ex members and the spam didn't look like a mail sent to exmembers.
I checked with Dave and he confirmed no mailings had gone out.

[Peaches]

I wonder if European Lee has been given access to these databases. He's already stolen and spammed 2 that I know of. What are you getting spammed with?

[dcortez]

Quote:

Originally Posted by Keyser Soze

I don't think the problem is at sponsor level.
I did a test signup to a pimproll site and a few days later the spam started rolling in.
That was a short time after Dave had said PimpRoll don't mail ex members and the spam didn't look like a mail sent to exmembers.
I checked with Dave and he confirmed no mailings had gone out.

The email addresses in question here are the ones affiliates give their sponsors when they sign up for an affiliate program.

Enough affiliates (myself included) are convinced that the spam we are getting is the result of our affiliate info (ie. the email address) being 'let go' in some manner to the spammers by someone who manages that info (sponsor? processor handling affiliate program? employees/agents stealing the sponsor/processor databases? hackers stealing the sponsor/processor databases).

The first time this happened (over a year go), the email addresses I was using could have been potentially guessed, but in order to tighten up and track the offenders, I have been using very unique email addresses mapped 1:1 for each sponsor - and these unique addresses are showing up as the recipients for the spam we are getting.

These addresses were leaked somehow and I think we need to reconcile where these leaks are considering the implications.

If a sponsor or processor was hacked, they should let us know so we at least have the option to change our passwords/email addresses, etc.

From the flood of spam we have been getting for the past couple days it's not just one or two isolated sponsors - it's a bunch of them, but I do believe they may have a common processor, which begs the obvious questions.

I'd be willing to accept a sponsor/processor dropping the ball security-wise and owning up to it - security is a tough challenge in this biz.

I will not be as accepting of sponsors and/or processor who are leaking our data intentionally for whatever reason.

[SmokeyTheBear]

Quote:

Originally Posted by Peaches

I wonder if European Lee has been given access to these databases. He's already stolen and spammed 2 that I know of. What are you getting spammed with?

porn and viagra , half of the porn is can spam , half is not

[SmokeyTheBear]

Quote:

Originally Posted by dcortez

The email addresses in question here are the ones affiliates give their sponsors when they sign up for an affiliate program.

Enough affiliates (myself included) are convinced that the spam we are getting is the result of our affiliate info (ie. the email address) being 'let go' in some manner to the spammers by someone who manages that info (sponsor? processor handling affiliate program? employees/agents stealing the sponsor/processor databases? hackers stealing the sponsor/processor databases).

The first time this happened (over a year go), the email addresses I was using could have been potentially guessed, but in order to tighten up and track the offenders, I have been using very unique email addresses mapped 1:1 for each sponsor - and these unique addresses are showing up as the recipients for the spam we are getting.

These addresses were leaked somehow and I think we need to reconcile where these leaks are considering the implications.

If a sponsor or processor was hacked, they should let us know so we at least have the option to change our passwords/email addresses, etc.

From the flood of spam we have been getting for the past couple days it's not just one or two isolated sponsors - it's a bunch of them, but I do believe they may have a common processor, which begs the obvious questions.

I'd be willing to accept a sponsor/processor dropping the ball security-wise and owning up to it - security is a tough challenge in this biz.

I will not be as accepting of sponsors and/or processor who are leaking our data intentionally for whatever reason.

what day exactly did the spam start ( time even if you know )

[u-Bob]

1st spam mail to a unique address (only used to signup with "Sponsor 1"):

Date: Tue, 25 Apr 2006 05:49:06 -0700
To: <j-******[email protected]>
Subject: SEXUALLY EXPLICIT : asian babe sucks a huge cock tastes cum

(replaced reference to Sponsor 1 with ******)

1st spam mail to a unique address (only used to signup with "Sponsor 2"):

Date: Tue, 25 Apr 2006 07:03:28 -0700
To: <j-******e@-1 of my domains-.be>
Subject: SEXUALLY EXPLICIT : Sexy bitch reveals shaved hahahaha

[Michael O]

Quote:

Originally Posted by dcortez

The email addresses in question here are the ones affiliates give their sponsors when they sign up for an affiliate program.

Enough affiliates (myself included) are convinced that the spam we are getting is the result of our affiliate info (ie. the email address) being 'let go' in some manner to the spammers by someone who manages that info (sponsor? processor handling affiliate program? employees/agents stealing the sponsor/processor databases? hackers stealing the sponsor/processor databases).

The first time this happened (over a year go), the email addresses I was using could have been potentially guessed, but in order to tighten up and track the offenders, I have been using very unique email addresses mapped 1:1 for each sponsor - and these unique addresses are showing up as the recipients for the spam we are getting.

These addresses were leaked somehow and I think we need to reconcile where these leaks are considering the implications.

If a sponsor or processor was hacked, they should let us know so we at least have the option to change our passwords/email addresses, etc.

From the flood of spam we have been getting for the past couple days it's not just one or two isolated sponsors - it's a bunch of them, but I do believe they may have a common processor, which begs the obvious questions.

I'd be willing to accept a sponsor/processor dropping the ball security-wise and owning up to it - security is a tough challenge in this biz.

I will not be as accepting of sponsors and/or processor who are leaking our data intentionally for whatever reason.

I know I get tons of it myself to sponsor emails, I also use the [email protected] for sponsors.
I also notiched an increase a couple of days ago, I started getting spam to emails I haven't gottent to before.
Seems like the spammer recently updated his database.

[u-Bob]

Quote:

Originally Posted by Keyser Soze

I also notiched an increase a couple of days ago, I started getting spam to emails I haven't gottent to before.
Seems like the spammer recently updated his database.

Question is, how/where did he get them?

[Tempest]

Quote:

Originally Posted by u-Bob

Question is, how/where did he get them?

Exactly... For me it can't be ePassporte.. I don't have an account with them.

[Michael O]

Quote:

Originally Posted by u-Bob

Question is, how/where did he get them?

yes that is the questions, I guess I used [email protected] at around 40-50 sponsors.
On my :blackhole: email list I have 22 updated it with fatpockets@ and one more yesterday.

Its something sponsors should take a litte more serious cause if someone has their webmaster email lists do they also have their member email list?

[Tempest]

Quote:

Originally Posted by Keyser Soze

Its something sponsors should take a litte more serious cause if someone has their webmaster email lists do they also have their member email list?

I've never received any spam on my WM email with one particular huge sponsors. But I signed up for one of their "all access" type of sites with a VERY unique email address.. Within a month I was getting spam on it.. the same spam I get on other WM email addresses.

[dcortez]

Quote:

Originally Posted by Keyser Soze

yes that is the questions, I guess I used [email protected] at around 40-50 sponsors.
On my :blackhole: email list I have 22 updated it with fatpockets@ and one more yesterday.

Its something sponsors should take a litte more serious cause if someone has their webmaster email lists do they also have their member email list?

The email addresses I'm getting spam on are not as simple as [email protected] - that's why it points to database security and/or sponsor integrity issues.

Also, if security has been compromised, then depending on the sponsor, other affiliate info may be at risk as well such as: passwords, bank info, id info, etc.

We need to determine if the problem is simply someone (stupidly) trying to cash in on an email list or if this spam demonstrates that our affiliate info is not safe with sponsors and/or processors.

As far as I can tell, this batch of spam started April/25. That's when email addresses I have hardly received email on before started getting hammered.

I suppose we could also follow up on which sponsors are the beneficiaries of this spam although it's often difficult (and dangerous) to follow links in spam to sniff out the affiliate codes.

Either way, this being the incestuous bunch it is, the spammers are probably following these threads as we try to ferret out who they are and how they got our info. I don't know about you, but it sure would be nice to send them and their partners in crime a very clear message.

[dcortez]

Let's get down to business and start working the problem from both ends.

As we should know, a sponsor and/or affiliate code in spam does NOT necessarily mean that the sponsor and/or the affiliate are perpetrators of the spam - although the most common point of spam is to drive traffic to an affiliate account.

With that in mind, let's peel back to who seems to be benefiting from this spam and see where the trail leads...

For starters, who runs HardFlics.com ?

One of the spammers is routing the traffic to:

http: // www . hardflics . com / index.phtml ? 1261829120

[studiocritic]

I started this thread the other day:
https://gfy.com/fucking-around-and-business-discussion/602222-sponsors-spam-allow-spam.html

Lots of people said it was a dictionary attack (lol), or my mail server was compromised.. so, what now?

[studiocritic]

i still haven't seen a single sponsor in any of these spam threads. WTF

[betsy!]

yes my husband and i got some recent spam from an address [email protected]. we emailed the sponsor hoping for some non dramatic resolution. waiting for response......

[dcortez]

Quote:

Originally Posted by studiocritic

Lots of people said it was a dictionary attack (lol), or my mail server was compromised.. so, what now?

Some of the addresses I'm getting spam on were never on my current mail server (they were registered with the sponsor years ago on a now gone server) - mail server being compromised does not explain these spams.

There IS one common thread to virtually all of the sponsors (apparently) involved and even the (apparent) beneficiaries of the spam - the same billing processor seems to keep coming up from both ends.

This may just be an obvious coincidence with such a small number of popular processors out there to start with - or not?

What do you think?

Would it be reasonable (without implying any complicity) to ask the billing processor to officially chime in on this issue and add their perspective to it?

[Tempest]

Quote:

Originally Posted by dcortez

With that in mind, let's peel back to who seems to be benefiting from this spam and see where the trail leads...

For starters, who runs HardFlics.com ?

One of the spammers is routing the traffic to:

http: // www . hardflics . com / index.phtml ? 1261829120

I posted some in this thread...

http://www.gofuckyourself.com/showthread.php?t=602795

[dcortez]

Here's another one:

http: // www . pepesadventures.com / ? revid=19381 & pid=36

This is Platinum Bucks isn't it?

[Tempest]

Quote:

Originally Posted by dcortez

Here's another one:

http: // www . pepesadventures.com / ? revid=19381 & pid=36

This is Platinum Bucks isn't it?

Yep... They're spamming lots of platinumbucks sites, all revid 19381

[Tempest]

Quote:

Originally Posted by dcortez

For starters, who runs HardFlics.com ?

One of the spammers is routing the traffic to:

http: // www . hardflics . com / index.phtml ? 1261829120

hardflics.com redirects to harderflicz.com for me... there's like entire "program" worth of sites like this in all niches, no webmaster links though. Processed thru Paycom. Been around for quite some time now as I've run accross their sites before.

There's a link on their sites to
naughty.com
has the same whois/hosting as hardflics.com

2257 records indicate this:

Elizabeth Leach
Balboa Point Building Piso 6
Avenida Balboa
Panama City, Panama

hardflics.com registered to:

Casa Dominio SA
Corregimiento de Bella Vista, Avenida Balboa
Edificio Tricom, piso No 6
Panama
PA

administrator
Gabriel Dominguz legal at casadominio.com
Casa Dominio SA

casadominio.com - hosted by dynamicpipe.com ontario canada
hardflics.com - hosted by dynamicpipe.com ontario canada

harderflicz.com registered to:
Lux Cadella Corporation
1601 NW 97th Avenue
Unit 3-101
Miami
FL
33102-5216

Admin contact:
Jorge Marin legal at luxcadellacorp.com
Lux Cadella Corporation

harderflicz.com - hosted by dynamicpipe.com ontario canada

luxcadellacorp.com - hosted by Qix Hosting???

Qix Hosting and dynamicpipe are listed as the same company here:
http://www.switchanddata.com/custome...int=1&navid=39

[Agent 488]

it's getting outta hand in the last couple dayz.

[u-Bob]

* bump *

[dcortez]

The spam is directed to a bunch of new domains created around April 25 this year.

The volume of spam to affiliate email addresses is still very high today.

You would think that the spammers would realize that their jig is up by now and they are going to be losing all their sales when their account is closed.

[edgeprod]

I just got spammed on the email I gave to Platinum Bucks, and on the one I gave to ProAdult.

[u-Bob]

* bump *