Spam through CIRA contact form (1 Viewing)

theinvestor · Mar 25, 2022

From: Ceres Poulsen

Email address: info@zocloive.info ***If you wish to reply to this message, contact this email address ***

Subject: Custom Designed Logos that are Affordable, Fast, and Hassle-Free

Message:

We provide high quality custom made logo and mobile phone compatible websites and our rates are very reasonable. Feel free to write back to see our portfolio

Why is CIRA allowing this to happen?

MapleDots · Mar 25, 2022

I'm quite surprised at this, you have to jump through so many hoops to use this form that it would be very inconvenient to use for spam.

Whoever that is has lots of time on their hands.

theinvestor · Mar 25, 2022

It’s the first time I’ve ever received a spam email inquiry from their contact form. They are targeting those with recently registered TBR domains which I find even more interesting.

Eby · Mar 25, 2022

theinvestor said:
They are targeting those with recently registered TBR domains which I find even more interesting.

That is so true. I have received a few lately. Was supposed to get them through the CIRA contact panel. But seems like these businesses are desperate for clients and are trying anything to survive. I just deleted them.

FM · Mar 25, 2022

theinvestor said:
It’s the first time I’ve ever received a spam email inquiry from their contact form. They are targeting those with recently registered TBR domains which I find even more interesting.

They probably are targeting all recently registered domains like they do in other TLDs. But since CIRA doesn't publish a zonefile, the only recent registrations they know about are TBR ones...

theinvestor · Mar 25, 2022

They also run under cabbagetreesolutions.net

rlm · Mar 25, 2022

Setting up a linux server to receive email, then have a script to read incoming emails and auto-click a link is very easy to do.

[notify]richard.schreier[/notify] might be able to convince the appropriate CIRA personnel to add a captcha to the online contact form.

If people have figured out a loophole to abuse, the abuse will only grow exponentially....

Groot · Mar 25, 2022

rlm said:
Setting up a linux server to receive email, then have a script to read incoming emails and auto-click a link is very easy to do.

[notify]richard.schreier[/notify] might be able to convince the appropriate CIRA personnel to add a captcha to the online contact form.

If people have figured out a loophole to abuse, the abuse will only grow exponentially....

I'd assume they're already using invisible captcha, but if not, it should definitely be added.

domains · Mar 25, 2022

I get a batch of emails in my spam every day, sometimes a few in my inbox, about getting me to buy web services, SEO, lists, logos, apps, etc. etc. Then these same people follow up with more emails wondering why you didn't respond to the earlier one.

Also at least a couple phone calls a day and a few texts per week.

They are a relentless bunch, hunting down people who have registered domains and trying to sell them services.

richard.schreier · Mar 28, 2022

[notify]rlm[/notify] we have added the requirement to include a CAPTCHA in the sprint backlog, thanks for the suggestion.

GeorgeK · Mar 29, 2022

richard.schreier said:
[notify]rlm[/notify] we have added the requirement to include a CAPTCHA in the sprint backlog, thanks for the suggestion.

Be careful which CAPTCHA you use, because some will not work globally (e.g. many Google services are blocked in China, if you use reCAPTCHA).

richard.schreier · Mar 29, 2022

[notify]GeorgeK[/notify] thanks George.

MapleDots · May 26, 2022

Picked this domain up May 25th from WHC TBR and the very next day May 26th (in the morning) I get spam through the CIRA contact form.

I have a feeling someone is abusing the WHC TBR and I am wondering if anyone is getting the same from MyID TBR?

[notify]FM[/notify] [notify]richard.schreier[/notify] - there is obviously something happening here that will probably get worse if not addressed.

rlm · May 26, 2022

MapleDots said:
Picked this domain up May 25th from WHC TBR and the very next day May 26th (in the morning) I get spam through the CIRA contact form.

I have a feeling someone is abusing the WHC TBR and I am wondering if anyone is getting the same from MyID TBR?

[notify]FM[/notify] [notify]richard.schreier[/notify] - there is obviously something happening here that will probably get worse if not addressed.

Yeah I’ve been getting a few each week too, they’re using .info email addresses if I remember correctly…

MapleDots · May 26, 2022

Easy enough to track down

https://bluevoir.info

Block them from the CIRA end

richard.schreier · May 26, 2022

As you know we have implemented a CAPTCHA as part of the MDF (message delivery form) process. We don't currently have the ability to blacklist the email address of the requestor and you should note that validating the email address is also part of the process. My fear with a blacklist model is that the "bad guys" would simply find a new email address to use and we would constantly be chasing the problem.

Having said that, you have the ability to route that email to spam through an inbox rule for any incoming email from the CIRA message delivery process that includes "info@bluevoir.info" in the body of the email (or whatever text you choose). Our system doesn't care what you do with the email.

MapleDots · May 26, 2022

Hello and good day richard

It is probably safe to say this company sends out hundreds of spam emails through your form.

Realistically nobody is going to use more than a few cira form requests per day so limiting EVERY form user to lets say 12 form submits per day should eliminate the problem of most spammers abusing your system.

richard.schreier · May 26, 2022

Good idea [notify]MapleDots[/notify], I will take the notion of "rate limiting" by requester email address to our dev team. Note that we do have limiting in place today based on the domain name and the requesters IP address. And some follow up, "they" are only doing 1-3 per day on one email address.

mcm · May 26, 2022

You can implement CAPTCHA and the spammers will just use a service like 2captcha or capmonster to have a human overseas solve them for a fraction of a penny. Seriously, $1 will get you 1000+ solved reCaptchas.

Email link verification is useless since anyone with basic Python knowledge and a Catch-All email can have them automatically opened.

Just the way the cookie crumbles... *TIRED*

rlm · May 26, 2022

They seem to change emails every time I get a new message:

info@tarapillar.info
info@greatpin.info
info@upskillys.info
info@cotou.info
info@givavi.info

Spam through CIRA contact form (1 Viewing)

DNCanada.ca

MapleDots.ca

DNCanada.ca

Ebenezer Thevasagayam

WHC.ca

DNCanada.ca

Bonfire.ca

Member

DomainMedia.ca

CIRA.ca

Leap.com

CIRA.ca

MapleDots.ca

Bonfire.ca

MapleDots.ca

CIRA.ca

MapleDots.ca

CIRA.ca

Member

Bonfire.ca

Sponsors who contribute to keep dn.ca free for everyone.

Sponsors who contribute to keep dn.ca free.

Members who recently read this topic: 2