It's Fixed in the Next Release

Observations on Everything

How to Kill HostGator Affiliate Spam

gator-targetHonestly I thought the whole affiliate spam thing died a well deserved death a decade ago, at least for any business that considers itself reputable. Hell even Vistaprint has cleaned their act up in this area.

But no, today I got a message to one of my role accounts (role accounts are things like sales@, support@, accounting@ and so on). As regular readers can probably guess the role accounts I use aren’t particularly easy to guess, but at the same time they’re for use by actual people, so they don’t have the same random characters I use for tracking addresses. Someone could have picked this address up from a variety of places.

The bottom of the email contains this text:

You are receiving this email because you subscribed to HostGator promotional newsletters.
5005 Mitchelldale Suite #100,
Houston TX 77092 USA
+1 (866) 964-2867

This is followed by a link with the label “Unsubscribe”. Here’s when the bullshit starts: it’s not an unsubscribe link. It’s an affiliate link. Here’s the target (with the affiliate ID obscured to stop the asshole in question from getting any traffic).

http://secure.hostgator.com/~affiliat/cgi-bin/affiliates/clickthru.cgi?id=asshole%20

Now check the mail headers, and sure enough the DNS tracks back to members.linode.com, which is most certainly not HostGator. So I’ve opened a ticket with HostGator, and sent them a full copy of the message, which will give them enough information to find the asshole. It’s my hope they’ll be terminating the affiliate account without paying out a cent.

If I hear back, I’ll post an update.

Update

That was quick, about 90 minutes later I got this message:

Thank you for contacting us with your concerns. We are taking the necessary steps to remove this affiliate from our program as this is a violation of our TOS. Thank you for bringing this to our attention.

Spam via Zoominfo, Another in the Don’t Trust Series

Update: Part of the problem is the “allow people to contact me through this address” flag, which was set on. Hard to believe I’d let that happen, but I’ll assume that part was my failure, although the spam in question came in directly, not through Zoominfo’s servers. It’s probable that there was still a loss of data integrity at Zoominfo.

One of the great things about maintaining your own domain is the ability to put up a good fight when it comes to spam. It’s a real battle. This domain has been registered since the late 90’s, when an open Internet meant that just about anybody could harvest contact information from domain registration databases. Read more