Spam through CIRA contact form (1 Viewing)

theinvestor

DNCanada.ca
Joined
Nov 28, 2020
Topics
104
Posts
1,206
Likes
890
From
Toronto, ON
Country flag
From: Ceres Poulsen

Email address: info@zocloive.info ***If you wish to reply to this message, contact this email address ***

Subject: Custom Designed Logos that are Affordable, Fast, and Hassle-Free

Message:

We provide high quality custom made logo and mobile phone compatible websites and our rates are very reasonable. Feel free to write back to see our portfolio


Why is CIRA allowing this to happen?
 
I'm quite surprised at this, you have to jump through so many hoops to use this form that it would be very inconvenient to use for spam.

Whoever that is has lots of time on their hands.
 
It’s the first time I’ve ever received a spam email inquiry from their contact form. They are targeting those with recently registered TBR domains which I find even more interesting.
 
theinvestor said:
They are targeting those with recently registered TBR domains which I find even more interesting.

That is so true. I have received a few lately. Was supposed to get them through the CIRA contact panel. But seems like these businesses are desperate for clients and are trying anything to survive. I just deleted them.
 
theinvestor said:
It’s the first time I’ve ever received a spam email inquiry from their contact form. They are targeting those with recently registered TBR domains which I find even more interesting.

They probably are targeting all recently registered domains like they do in other TLDs. But since CIRA doesn't publish a zonefile, the only recent registrations they know about are TBR ones...
 
They also run under cabbagetreesolutions.net
 
Setting up a linux server to receive email, then have a script to read incoming emails and auto-click a link is very easy to do.

[notify]richard.schreier[/notify] might be able to convince the appropriate CIRA personnel to add a captcha to the online contact form.

If people have figured out a loophole to abuse, the abuse will only grow exponentially....
 
rlm said:
Setting up a linux server to receive email, then have a script to read incoming emails and auto-click a link is very easy to do.

[notify]richard.schreier[/notify] might be able to convince the appropriate CIRA personnel to add a captcha to the online contact form.

If people have figured out a loophole to abuse, the abuse will only grow exponentially....

I'd assume they're already using invisible captcha, but if not, it should definitely be added.
 
I get a batch of emails in my spam every day, sometimes a few in my inbox, about getting me to buy web services, SEO, lists, logos, apps, etc. etc. Then these same people follow up with more emails wondering why you didn't respond to the earlier one.

Also at least a couple phone calls a day and a few texts per week.

They are a relentless bunch, hunting down people who have registered domains and trying to sell them services.
 
richard.schreier said:
[notify]rlm[/notify] we have added the requirement to include a CAPTCHA in the sprint backlog, thanks for the suggestion.

Be careful which CAPTCHA you use, because some will not work globally (e.g. many Google services are blocked in China, if you use reCAPTCHA).
 
Screenshot-77.png



Picked this domain up May 25th from WHC TBR and the very next day May 26th (in the morning) I get spam through the CIRA contact form.

I have a feeling someone is abusing the WHC TBR and I am wondering if anyone is getting the same from MyID TBR?


[notify]FM[/notify] [notify]richard.schreier[/notify] - there is obviously something happening here that will probably get worse if not addressed.
 
MapleDots said:
Screenshot-77.png



Picked this domain up May 25th from WHC TBR and the very next day May 26th (in the morning) I get spam through the CIRA contact form.

I have a feeling someone is abusing the WHC TBR and I am wondering if anyone is getting the same from MyID TBR?


[notify]FM[/notify] [notify]richard.schreier[/notify] - there is obviously something happening here that will probably get worse if not addressed.

Yeah I’ve been getting a few each week too, they’re using .info email addresses if I remember correctly…
 
As you know we have implemented a CAPTCHA as part of the MDF (message delivery form) process. We don't currently have the ability to blacklist the email address of the requestor and you should note that validating the email address is also part of the process. My fear with a blacklist model is that the "bad guys" would simply find a new email address to use and we would constantly be chasing the problem.

Having said that, you have the ability to route that email to spam through an inbox rule for any incoming email from the CIRA message delivery process that includes "info@bluevoir.info" in the body of the email (or whatever text you choose). Our system doesn't care what you do with the email.
 
Hello and good day richard


It is probably safe to say this company sends out hundreds of spam emails through your form.

Realistically nobody is going to use more than a few cira form requests per day so limiting EVERY form user to lets say 12 form submits per day should eliminate the problem of most spammers abusing your system.
 
Good idea [notify]MapleDots[/notify], I will take the notion of "rate limiting" by requester email address to our dev team. Note that we do have limiting in place today based on the domain name and the requesters IP address. And some follow up, "they" are only doing 1-3 per day on one email address.
 
You can implement CAPTCHA and the spammers will just use a service like 2captcha or capmonster to have a human overseas solve them for a fraction of a penny. Seriously, $1 will get you 1000+ solved reCaptchas.

Email link verification is useless since anyone with basic Python knowledge and a Catch-All email can have them automatically opened.

Just the way the cookie crumbles... *TIRED*
 

Sponsors who contribute to keep dn.ca free for everyone.

Sponsors who contribute to keep dn.ca free.

Members who recently read this topic: 2

Back