Saturday, July 21, 2007

The reason why all these lottery notifications always come from Holland

iDeceive has a link that explains why so many of the lottery winning noifications you get in your email are coming from Netherland.

Dutch police arrest 111 West Africans in 419 clampdown

Dutch police have arrested 111 suspected 419 scammers. The arrests on Saturday follow the end of a seven-month investigation - dubbed Operation Apollo, AFP reports.

Eight of those detained were carrying false papers. Many others among the group of West African (mainly Nigerian) suspects are reckoned to have entered the Netherlands illegally or to have overstayed their permitted stay.

The alleged scammers are suspected of running a series of lottery-based (AKA 419-lite) scams. Prospective victims of these frauds are first informed by email that they have won fictitious lottery prizes. Victims are then tricked into handing over money-up front to cover processing fees or other fictitious expenses. The promised windfalls never materialise and dupes are left nursing their losses.
Investigators in the Netherlands estimate that 2,000 internet con-men are active in the country.

Unrelated but interesting : Harvard prof scams $600,000, then hands it to 419ers

Wonder Crew Unsubscribe,, and

X-SID-PRA: Confirmation Department
X-Message-Info: LsUYwwHHNt060LY3N4Ugg6uoo6pi8yZesED9xjzqM1hRzBmxnAy+5SipqnHykXRO
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.2668);
Mon, 16 Jul 2007 09:32:48 -0700
Received: by id hjfb5i0cvqg8; Mon, 16 Jul 2007 16:31:33 -0400 (envelope-from )
Date: Mon, 16 Jul 2007 16:31:33 -0400
MIME-Version: 1.0
From: Confirmation Department
Subject: JCPenney Participation Confirmation
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 16 Jul 2007 16:32:48.0853 (UTC) FILETIME=[F274A050:01C7C7C6]

[3 graphics that link to]

\majorities \

\Essences \volunteering \Antal \directly \antiguo \bought \relevant \Cordova \cheesy.porkium \..Survey \calibration \RCP \chosen \forested \peripherals \lifespan \adoring \ticketed \facilitate \laying \GMAT \cataract \despondent \KEEPSAKES \

\products.even \forbids \ina \cover. \­half \raspy \Grumman \investigational \designing \Saint \vegetables.not \Gandhi \economists \noticia \92.95 \drinks \Californians \SNA \courrier_des_lecteur \Bathtub \desiring \Jobs \tribal \for. \sues \
\Pars \1602 \Stryker \religion \Habib \Halles \Mauna \dietitians \Saturday \00.1 \reinforces \Cassano \anxieties \Ketchikan \composting \improvised \D6751.02a \Stripper \megabit \Citys \1834 \Acciona \discontent \comfortable \debacle \
\grievances \Incarnation \Lonesome \inevitability \1116 \1.1 \demonised \teddy \contact \appointment \Fmt \Queda \imitating \outwardly \consultancy \webcast_ \outcry \Emeryville \flares \succession \withdrawn \59 \chiefs \PQ \couch \

\kind \problems \ljus \Etheridge \..Results \sz \particuliè \carrot \Yates \4225 \en \outcomes \rant \Simone \affections [nonsense continues]

Again, the page goes to "Wonder Crew" which only has unsubscribe button in it. See why unsubscribing is a very bad idea.

Whois gives

Registrar: ENOM, INC.
Domain name:

Registrant Contact:
Whois Privacy Protection Service, Inc.
Whois Agent ( *
Fax: +1.4256960234
PMB 368, 14150 NE 20th St - F1
Bellevue, WA 98007

I have been getting these JC Penney Confirmations, Order Confimations, Thisandthat Confirmations, Anything confirmations several of them a day for the past at least 3 years. Know what? I am sick of it.

I am disgusted by the fact that claims how they have such great zero spam policy, yet they allow bulk registrations, and the registrant details for are suspiciously too close to the geographical area of this other Nameless Person or is it Company with an Original Name.

Registration Service Provided By: eNom, Inc.

Domain name:

Registrant Contact:
eNom, Inc.
DNS Manager (
Fax: +1.4258833553
PO Box 7449
Bellevue, WA 98008

Enom About US site provides a lot of info regarding him.

Please note: this person can not be contacted ( the phone voice mail is always full or will cut you off),he is a spamer and uses bots and fake info to collect names and email addresses. He uses these to send people to one or more of his many duplicated sites pretending to loan or offer to loan you money. if you fill in the form you will get even more spam email ( No one will lend you money) I do not even own property and I was getting 10 to 20 of these a day with fake names attached. offering to get me a $365,000 loan for a property which I don't own. Obviously they do not research, they just send out bulk emails. All the domains registered recently have been new as of Dec 2006. Be advised , It is very easy to buy up Domain names and start a web site, many re3gistrars offer cheaper prices in bulk. If you get email from this person do a who is search, if my info is correct you will see the exact same person attached to them. report them at the bottom of the Who is page. it is the only way to end it.

I've found eNom to be the worse company I've dealt with in my life. Arrogant, stuck up and downright thieves. eNom could give DELL's customer support line a run for it's money, at least at DELL they reply. This company is still trying to charge me $200 for my own domain, they even renewed it a further year so I couldn't have it for even longer.

Enom report abuse page
+ Google reveals 48,600 hits for query ' spam' review
Enom review 2
Reporting spam & Where to send your complaints (suggests



Registrant [680427]:
XSS, Ltd.
Sokolnicheskaya pl. 4A

Administrative Contact [680427]:
Ilya Poyarkov
XSS, Ltd.
Sokolnicheskaya pl. 4A
Phone: +7.4957488116 was the service used to register
That website has now only a forum, but it has interesting topics. Such as this. Based on what I can guess of the words in Russian, the whole domain seems to be a playground for Russian bulk domain registrants and spammers.

* And (used in domain registration email address above for this Wonder Crew)
Whois Privacy Protection Services, Inc.
Whois Agent (
Fax: +1.4254842044
PMB 368, 14150 NE 20th St - F1
Bellevue, WA 98007

Again registered by! gets a few hits in Google, and they are all indicating spam.

Hm. Let me think. makes a big fuzz how they have strong antispam policies and zero spam tollerance.
Yet gets nearly 50,000 hits only in google for a very simple search for their name and the word spam.

All of the spams that I have received from companies (or the same spam group) that uses for the past over three years, have always had this Whois Privacy Protection Services, Inc, without a real email address, or a name, as the registrant. In the years, this means I have got thousands if not tens of thousands of spam by them. Too bad one of the email addresses suffering for this I need to keep for other purposes, and the anti-spam tools seem too dumb to just ignore all of them.

If really had this anti-spam attitude, and zero spam tollerance, I believe they would not allow companies to register without a name for registrant, and a real address and contact details.

If they had truely this zero spam tolerancy, they would not allow this Wonder Spam company to be hosting on their services fof bulk domains for over 2 years, with their main page just harvesting for email addreses. just got their own name tag., just to catch your email addresses and sell them

X-SID-PRA: Window Replacement Specialists...
X-Message-Info: LsUYwwHHNt0yvR6EbKRcxAnZyp3EuoPtlPsoz+wtuw9vd2NoxZ7CV7e+wA7FJnYu
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.2668);
Fri, 20 Jul 2007 12:48:05 -0700
Received: by id hk553i0cvqgd; Fri, 20 Jul 2007 19:49:17 -0400 (envelope-from )
Date: Fri, 20 Jul 2007 19:49:17 -0400
MIME-Version: 1.0
From: Window Replacement Specialists...
Subject: The windows you want at the right price
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 20 Jul 2007 19:48:05.0567 (UTC) FILETIME=[E3D04CF0:01C7CB06]








And so on a long page of nonsense text in addition to incorporatecrew webpage.
There were a few pictures that I did not have a look at.

The main page that was linked to thse spams, is "Wonder Crew" that offers to remove your email address in case they have got it by mistake. *

That site owner and registrant info :

Registrar: ENOM, INC.
Whois Server:
Referral URL:

Registration Service Provided By: Enom, Inc

Domain name:

Administrative, Technical, Registrant Contact:
Whois Privacy Protection Service, Inc.
Whois Agent (
Fax: +1.4256960234
PMB 368, 14150 NE 20th St - F1
Bellevue, WA 98007
Creation date: 11 Jul 2007 03:06:36

Shady registrant details if you ask me.
At least has a zero spam policy. Too bad the spam itself was over 8000 characters so can't use their spam reporting website.

* Why using the unsubscribe from spam is always a bad idea
One more reason not to "unsubscribe" from spam [Cnet]
Don't view HTML by default []

A Ghanan faker trying to get your money

From : chr kanu
Reply-To :
Sent : Monday, July 9, 2007 1:00 PM
Subject : Dear Sir/Madam,URGENT BUSINESS
MIME-Version: 1.0
X-Originating-IP: []
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.2444); Mon, 9 Jul 2007 06:00:25 -0700
Received: from BLU111-W33 ([]) by with Microsoft SMTPSVC(6.0.3790.2668); Mon, 9 Jul 2007 06:00:21 -0700
X-Message-Info: LsUYwwHHNt0W9hfqf5comrBG9CjO88k1HgNbqQuqqkBX6PvKJvTHSP8ggOXNRRAV
X-OriginalArrivalTime: 09 Jul 2007 13:00:21.0498 (UTC) FILETIME=[1B8C5DA0:01C7C229]

Content-Type: multipart/alternative; boundary="_238cafa8-45bf-4c1e-b376-47611aab70d2_"
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

I am a staff of one of the leading banks in Ghana. I
will give you the name of my bank and other important information if
receive a positive reply from you. For security reasons I cannot
disclose my full identity to you now until I am sure of your
cooperation. I work in the operations dept where I serve as account
officer to numerous customers. One of the customers whom I worked as
his account officer was a wealthy diamond merchant from America.
Because this man was good to me when he was alive, I took it upon
myself to travel to his country last month, to see if I could locate
any of his close relations.

On reaching there I discovered that his only surviving uncle died a few
months back. I sponsored this trip on my own and nobody in the bank
knew I was undertaking the journey so I did not present any official
report of my findings in the bank. Now there are two things I could do
with regards to the money. First, as his accounts officer, I could
formally notify the bank authorities that the man is dead and has no
next of kin. In this case the money would be forfeited to the
after some time. As a matter of fact this is the proper thing I am
supposed to do.

Another thing I can do is to arrange for someone else, a foreigner, to
act as the next of kin of the late man so that he will claim the
money. This is the option that I can do to help anybody and myself
since the money actually is public fund due to the fact that my friend
was a close ally to the late brutal military president that looted
government treasury. And that is why I have chosen to do it.
I want you to be my partner. All you would have to do is act as the
next of kin of the dead man and the whole money in the account will be
transferred to your account. As the accounts officer to the late man, I
have all the necessary documents that will require claiming the money
in the account. The total money in the account is USD17 million. Your
share will be 30%, which is USD5, 100,000. My colleague and i will
share70%. Reach me immediately by mail so that I can give you further
details.Also provide me you with direct telephone to reach you.
kanu christopher

Play free games, earn tickets, get cool prizes! Join Live Search Club. Join Live Search Club!

This one particularly makes no sense at all.
So you work in a bank, have a foreign rich customer who dies, you go search his relatives, find none, and now you are telling that the government in Ghana gets the money of an American who died there? Unless anyone with a hopefully American passport can fake to be their relative and they will get 30 % for faking it.

Uh oh. The 'dear sir/madam' part is always a brilliant start...

Dear Mr Scam Kanu, how did you find me? What race was this dead man of? Do you personally think that your story makes any sense?

Wednesday, July 18, 2007 - the first penis enlargement spam I have ever received that had a picture of the male body part in it

Subject: Don't be left out, join millions of men in the revolution
Date: July 18, 2007 11:29:26 AM GMT+01:00
To: [email]
Received: ... : from ixirnx ( []) by isp (Xserve/smtpin007/MantshX 4.0) with SMTP id l6IATZUY008642for [email]; Wed, 18 Jul 2007 03:29:36 -0700 (PDT)
Message-Id: <000401c7c926$321c3c80$0100007f@pwbdawq>
Mime-Version: 1.0
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
Content-Type: multipart/related; boundary="----=_NextPart_000_0027_01C7C926.321C3C80"
X-Priority: 3
X-Msmail-Priority: Normal
Original-Recipient: [email]

Content of spam a huge picture of a male body part with penis enlarge patch rx mentioned, the image linking to

I usually find the penis enlargement ads kind of amusing, but this is the first time in 15 years that I get a penis enlargement spam that actually has a picture of the thing in it.
And that grossed me out.

Of the domain that this spam is advertising we get
(Oh, isn't the use of polandmail so .. American??)

Registrar: CATALOG.COM, INC.
Registrant :
Jason Litalien (CTLGDN-490412)
11615 Dundalk
San Antonio, TX 78251
Admin Contact:
Jason Litalien (490414)
11615 Dundalk
San Antonio,TX,US 78251
Tech Contact:
Jason Litalien (490413)
11615 Dundalk
San Antonio,TX,US 78251
Created on 17-jul-2007

Monday, July 16, 2007

'Standard Bank' in 'Southafrica' with someone trying to offer you $ 52m...

Subject: Good day,
Date: July 17, 2007 2:20:01 AM GMT+01:00

Good day,

Thanks for finding time to read this proposal. After thinking about this
transaction and the need to make contact with someone to assist me do it,
I found it interesting and decided to contact you for this business transaction.
Be so kind to contact me at your earliest convenience for a possible business
deal involving money transfer of about $52,000,000.00.

I am presently in Southafrica working as an Auditor General with the below
bank at their offshore department. With your sincere assistant and co-operation,
I am determined to work this deal out if we can do business. As at this
moment, I am constrained to issue more details about this business until
your response is received.

If you are not familiar with the above information which I believe is scanty
for security purposes, please contact me for further details.

This deal is worth taking and highly profitable. Thank you for your time
and attention.

Do redirect you positive response to my private email:

Warmest regards,
Frank Mark


Auditor General,
Dept.of Offshore Mortgage Services,
Standard Bank,

Uh, sure. Talking so openly about scamming the bank he works for $ 52 million, and can't even spell South Africa crrectly. And 'Standard Bank'? That has got to be the worst name for a bank ever, you'd think that even an advance fee scammer would be able to be a bit more creative... / Liquid Ventures

Subject: Albizzia lebbeck 50 mg
Date: July 16, 2007 3:47:52 PM GMT+01:00
To: [another user's email]
Received: from [..] ( []) by (Xserve/smtpin013/MantshX 4.0) with ESMTP id l6GDlcrC013566; Mon, 16 Jul 2007 06:47:39 -0700 (PDT)
Received: from [] by; Mon, 16 Jul 2007 13:47:52 -0100
Message-Id: <01c7c7af$e7bd8530$5a2cd452@jacanale>
Mime-Version: 1.0
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2800.1506
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7C7C0.AB489F20"
X-Priority: 3
X-Msmail-Priority: Normal
Original-Recipient: [email]

Second month you will notice an increase in penis size of up to 1 inches, plus an increase in Girth (Width) of 5%, plus all the benefits of the first month. When you are sexually aroused, your brain releases a hormone causing blood to enter the penis and fill your erectile tissue (Corpora Cavernosa). The cells in the Corpora Cavernosa are filled with blood until an erection is achieved. You can have a BIGGER PENIS!
There are stories and myths of penis size from around the world. One of the common stories is that men from different cultures or races have penis length differences. This is entirely inaccurate. The most common differences are in length and girth but remember, there are differences in all people in regards to height, weight and appearance

Of which the spammer's (or the one's who gets the profit for anyone buying that cr.p) whois info gives

Domain Name: TRYFASE.COM

owner: Sammy Lee
organization: Liquid Ventures Inc
state: --
postal-code: 0000
country: HK
phone: +852.94528422
admin-c: CCOM-1028986
tech-c: CCOM-1028986
billing-c: CCOM-1028986
created: 2007-07-12 20:39:46 UTC
contact-hdl: CCOM-1028986
person: Sammy Lee
organization: Liquid Ventures Inc