Email Spam Filter:
jwSpamSpy
Try it for free!


About spam / "419" / Blog
jwSpamSpy
Recent spam domains
Spam domain blacklist

Software
Links
joewein.de
joewein.net
Contact
Google

 
SPAM: arkolaptops.com / arko-laptops.com

The following spam was caught by our filter on 2004-11-23. Several things look suspicious, see comments below.

The spam evidence:

Hi!

Please visit our new laptop internet-store.
http://www.arko-laptops.com

You may find our prices pretty attractive! We
ship laptops directly from manufacturer storages.
Without stores, without transfers, without taxes.
That's why we can offer you such a deal!

If you buy 2 laptops you will get 7 discount

Thank you for your attention!



Here are the mail headers:
Received: from amsat.org ([128.54.16.15])
	by ################# with esmtp (Exim 4.43)
	id 1CWNzE-0005NO-H0
	for #################; Tue, 23 Nov 2004 00:52:49 +0100
Received: from mailbox1.ucsd.edu (mailbox1.ucsd.edu [132.239.1.53])
	by amsat.org (8.13.1/8.12.3) with ESMTP id iAMNYDul041327
	; Mon, 22 Nov 2004 15:34:13 -0800 (PST)
Received: from 211.193.9.81 ([211.193.9.81])
	by mailbox1.ucsd.edu (8.13.1/8.13.1) with SMTP id iAMNY4ah003327
	for ; Mon, 22 Nov 2004 15:34:06 -0800 (PST)
Date: Mon, 22 Nov 2004 15:34:04 -0800 (PST)
Message-Id: <200411222334.iAMNY4ah003327@mailbox1.ucsd.edu>
From: info@arkolaptops.com
To: pa3aes@AMSAT.Org
Subject: Laptops at low prices - up to 21
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Spamscanner: mailbox1.ucsd.edu  (v1.5 Aug 25 2004 09:28:35, -2.6/5.0 3.0.0)
X-Spam-Level: Level 
X-MailScanner: PASSED (v1.2.8 87727 iAMNY4ah003327 mailbox1.ucsd.edu)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.4
	(amsat.org [128.54.16.15]); Mon, 22 Nov 2004 15:34:13 -0800 (PST)
X-MailScanner-SpamCheck: spam, SpamAssassin (score=6.763,
	required 5, BAYES_60 0.37, FORGED_MUA_OUTLOOK 3.92,
	NO_REAL_NAME 0.01, RCVD_IN_BL_SPAMCOP_NET 1.22,
	RCVD_NUMERIC_HELO 1.25)
X-MailScanner-From: mkdcb@hotmail.com

What's wrong with this picture?

  • http://www.arkolaptops.com/Contact_Us.html lists no phone or fax numbers and only a hotmail.com address for contact.
  • Even though their website claims that Arkolaptops is a 6 year old company, domain arko-laptops.com was only registered on 2004-11-16, less than a week ago. The website is hosted in China. paycenter.com.cn, the registrar for the domain, has no working WHOIS registry. The WHOIS data for arkolaps.com is completely bogus, the data for arko-laptops.com lists an address in France.
  • This claims to be a US company, but the website does not sound like it was created by a native English speaker.
  • The website uses a Russian visitor counter.
  • The company accepts money order, Western Union and other difficult to trace payment methods, but no relatively secure methods such as COD, PayPal or Escrow). Buyer beware!


Domain Name:arkolaptops.com


Registrant: 
tcco
	11111111
	222222
	
	

Administrative Contact: 
tcco tcco
	tcco
	11111111
	11111111 Beijing 
	gm
	tel:  028 88888888 
	fax:  028 88888888 
	tcco@yahoo.com
	
Technical Contact: 
tcco tcco
	tcco
	11111111
	11111111 Beijing 
	cn
	tel:   88888888 
	fax:   88888888 
	tcco@yahoo.com
	
Billing Contact: 
tcco tcco
	tcco
	11111111
	11111111 Beijing 
	cn
	tel:   88888888 
	fax:   88888888 
	tcco@yahoo.com
	
 Registration Date: 2004-11-16
       Update Date: 2004-11-16
   Expiration Date: 2005-11-16
	
    Primary DNS:  		
  Secondary DNS:  		

Domain Name:arko-laptops.com
   nicolas pelletier
   4, rue de la bajatiere
   grenoble 38100
   France
   Registered through: GoDaddy.com (http://www.godaddy.com)
   Domain Name: ARKO-LAPTOPS.COM
      Created on: 03-Nov-04
      Expires on: 03-Nov-05
      Last Updated on: 03-Nov-04
   Administrative Contact:
      pelletier, nicolas  dogojoll@hotmail.com
      4, rue de la bajatiere
      grenoble 38100
      France
      0476440017
   Technical Contact:
      pelletier, nicolas  dogojoll@hotmail.com
      4, rue de la bajatiere
      grenoble 38100
      France
      0476440017
   Domain servers in listed order:
      NS1.DNSSERVER9.COM
      NS2.DNSSERVER9.COM


Anti-Spam Resources:
jwSpamSpy is spam filtering software (currently in beta test, expected release: May 2004)
Anti-spam domain blacklist – list of domains that I refuse to receive mail from
Recent additions to domain blacklist (with whois details)
"419" scam sender/contact addresses ("Nigeria connection" address book)
DNS-based IP and domain name blacklists
Dynamic IP addresses (700 KB!)
Free email providers

How to trace senders of spam
Link exchange offer spam
Getting creative with spam
Clueless virus filters spam innocent third parties
Smyrnagroup spammers (in German)

Lookup an IP address on blacklists (http://dnsbl.net.au/lookup/)
AOL dial-up address ranges and mail servers