Anonymous Commenter Claims: "Fake diplomas are 100% legal."

Yet another Anonymous coward decided to comment, this time in response to my previous article on fake diplomas from December 2007: Fake Diplomas Are Illegal.

Here was his comment (dollars to donuts it's a man.):

Anonymous said...

Whomever made this post, isn't that bright!!! Is it illegal to pretend to earn credentials that you didn't, to gain advancement? YES! Absolutely! So, is it illegal to take a fake diploma and use to get a job? Yes. Is it illegal to buy a fake diploma and just hang on your wall? No. Is illegal to joke with your friends about graduating? No. This person is trying to take something that isn't black & white and making it black & white. Fake diplomas are legal. They are legal to buy. A lot of fake diploma companies take major credit cards. If it was illegal, Visa would not accept them! You can't use a Visa to buy meth! haha Fake diplomas are 100% legal. There are illegal acts you can do with it, but people need to be warned about that side of it, without being scared out of simply owning one.

You know, if you want to be taken seriously, "Anonymous", you should really not post anonymously. That and you should get your facts straight. Clearly you didn't read the article.

> Whomever made this post, isn't that bright!!!

Heck of a way to legitimize your post. I will, for now, ignore your stellar lack of skill in grammar and the use of punctuation.

"Whomever made this post?" It's pretty clear who I am. I've been at this for a while.

> Is it illegal to pretend to earn credentials that you
> didn't, to gain advancement? YES! Absolutely! So, is it
> illegal to take a fake diploma and use to get a job? Yes. Is
> it illegal to buy a fake diploma and just hang on your wall?
> No. Is illegal to joke with your friends about graduating?
> No.

Correction (and here it is clear you do not know the law): "Novelty" diplomas, only in a very small number of US states, are legal. The law has a pretty specific definition of that, thus the use of the word "Novelty".

I recommend that you read this website: counterfeitdegrees.com. They are a veritable cornucopia of information regarding the specific legalties of this industry.

On the main page you see the following:

Parallel to the types of fake degree consumer, are two types of fake degree businesses:

• Fake degree suppliers make no pretense of being colleges or leading consumers to believe their resumes can translate to real degrees. They unabashedly sell, advertise, and fiercely market "fake," "phony," "bogus," and "novelty" degrees.
• In comparison, diploma mills go to great lengths to create an illusion of reality and authority. Savvy marketing ploys and misleading information draws customers that may believe an evaluation essay or exam, combined with their resume, earns them an academic degree.

So you can't even just say that "selling fake degrees is legal", because that statement is trying to make things "black & white". It depends on how you word how you want to sell them, and for what purposes.

Further, there are indeed very specific federal and state laws covering this type of industry. You should most definitely read this link also, as it outlines each.

Let me show you, really specifically, a couple of very recent examples of this spam.

Subject: Get a diploma for a better job.

BECAUSE YOU DESERVE IT! Is your lack of a degree holding you back from career advancement?
Are you having difficulty finding employment in your field of interest because you don?t have the
paper to back it up ? even though you are qualified?
If you are looking for a fast and effective solution, we can help!
Call us right now for your customized diploma: Inside U.SA.: 1-718-989-5740 Outside U.S.A.: +1-718-989-5740.
Just leave your NAME & TEL. PHONE # (with country-code) on the voicemail and one of our staff members will get back to you promptly!

Subject: Need a diploma? Call us.

BECAUSE YOU DESERVE IT! Is your lack of a degree holding you back from career advancement?
Are you having difficulty finding employment in your field of interest because you don't have the
paper to back it up - even though you are qualified?
If you are looking for a fast and effective solution, we can help!
Call us right now for your customized diploma: Inside U.SA.: 1-718-989-5740 Outside U.S.A.: +1-718-989-5740.
Just leave your NAME & TEL. PHONE # (with country-code) on the voicemail and one of our staff members will get back to you promptly!

Note how the subject line of one of them directly states that this is to be used "for a better job"? Did you notice that? What about the use of the sentence "Is your lack of a degree holding you back from career advancement?". Nothing "jokey" about that, "Anonymous." These spammers - about whom I am specifically writing, because you might have noticed that this is a blog about spamming, and these fake diploma operations are promoted via criminal spamming - are not selling a diploma in the hopes that you just want to "joke with your friends about graduating". They are specifically saying: you "need" this diploma, because you can't advance in your career, or you are unable to get a better job without one.

Many other subject lines in recent messages make the claim that younger candidates are getting the job faster than you, therefor you would (again) "need" this fake diploma to stand out. This is not Novelty. This is a criminal act. It is extremely clear.

What's worse is, we're in a down economy, as you may have noticed. The enticement is even higher to purchase these as "proof" of someone's abilities since there are fewer and fewer jobs available. The spammers behind this know that that's the case, and recent spam volume in this sector is way higher than in previous years. You don't think this is dangerous? You think these spammers are really targetting unemployed professionals because they just want to "joke about" having a degree? Shame on you!

So I have to ask you, "Anonymous", where are the spam messages you apparently seem to be arguing with me about which only sell diplomas so you can "joke with your friends about graduating?" The only spam I've ever seen promoting diplomas are ones which very much get across that these are to be used to "get a better job."

Also: How much, reasonably, does a novelty degree cost? If I want to go to a joke shop and get a "PHd in Beerology", that's probably $20. Money not well spent, but that is probably the extent of that. The diplomas that these criminal diploma spam operations are selling often sell for upwwards of $400 apiece. It depends on the "degree" you want to get.

> This person is trying to take something that isn't black &
> white and making it black & white. Fake diplomas are legal.

On the contrary: you, "Anonymous", are trying to lump diploma spammers in with any other kind of seller of novelty diplomas. My posting was extremely clear, and I think any normal human being with eyes could tell the difference between a joke diploma that costs $20 which claims I have a "Masters in Fishing" and a $400 diploma claiming to be from the University of Arizona which claims I have a PHd in Nuclear Physics and has a pretty convincing looking embossed seal on very carefully watermarked paper.

> There are illegal acts you can do with it, but people need
> to be warned about that side of it, without being scared out
> of simply owning one.

They should sure as hell be scared of other people owning them if they're claiming to be a surgeon, a lawyer, an accountant, etc. Would you want surgery from someone based on their fake diploma?

I didn't say novelty diplomas were illegal, I said fake diplomas are illegal, and my posting went into a great deal of detail explaining why. The law is extremely clear, and the litany of ongoing court cases which have been taking place recently (and on a weekly or monthly basis since my original posting was published) is pretty conclusive evidence that selling fake diplomas is, indeed, illegal. Further: many states are actually now strengthening the law to include the manufacture of fake diplomas as an illegal act.

Quit posting anonymously, and don't be so facile about this topic.

SiL

Further Reading:

• Earth Times News: Resumes That Can Kill: Fraudulent Credentials a Growing Threat, Says Scherzer International
• NBC 15, Madison, Wisconsin: Doyle Signs Bill Cracking Down On Diploma Mills
• Stuff.co.nz: Victoria University busts most cheats

P.S. You'll notice I didn't even bother to go into the legality of fake transcripts. Want to try me on that one?

LowCostLinks.com: Another scumbag forum-spamming operation.

I recently encountered another registration attack against the forums at InBoxRevenge.com. This was one of thousands we see every month.

These registration attacks are executed using automated software such as XRumer, with the hopes that we aren't monitoring registrations, and are automatically approving all new accounts. If that were the case, the process would look like this, all originating from the forum-spamming software itself (usually via a botnet.):

- Visit a topic on the forum. (Usually they choose a fairly low number for the thread id. It's nearly always 1 or 2)
- Visit the registration page
- Agree to the terms
- Create a new registration
- Wait a predetermined amount of time.
- Based on known algorithms used by most forum software, visit the "confirmation URL" which is usually sent to the registration email address.

Because of our particular forum registration requirements, that last portion fails. The software notices this, and often tries a minimum of four times, and (so far) a maximum of on average 14 - 30 times, always using the same username, email address and frequency of registration. Very often the source IP address used in these registrations is dynamic, which very strongly indicates that this software is using a botnet to perform these registrations. This is not always the case, not in every instance, but it is very frequently so.

Yesterday I encountered six such attacks from a domain called LowCostLinks.com, all using bogus email addresses which indicate that whoever it was that was doing this was no fan of either our forum or another well-known cybercrime researcher:

Date Entered / Email
04/20/2010 04:26:24PM / ksforum.inboxrevenge.com.a.dzgrymzusn@lowcostlinks.com
04/20/2010 06:59:33PM / inboxrevenge.com.a.mcdemjtodu@lowcostlinks.com
04/21/2010 06:05:51AM / krebsonsecurity.com.a.twzqlokuvk@lowcostlinks.com
04/21/2010 06:06:01AM / krebsonsecurity.com.a.twzqlokuvk@lowcostlinks.com
04/21/2010 06:06:09AM / krebsonsecurity.com.a.twzqlokuvk@lowcostlinks.com
04/21/2010 06:06:20AM / krebsonsecurity.com.a.twzqlokuvk@lowcostlinks.com

Username in all cases was: soepxozk
IP address for all registration attempts was 207.219.37.17, a home DSL account hosted by Telus, located somewhere in British Columbia.

Clearly they have a bone to pick with Brian Krebs as well. That, I can tell you, means they're probably involved in - or at least "fans" of - far worse things than rinky little forum spamming operations.

LowCostLinks.com is easily one of the most bogus operations I've seen in a while, and their administrator didn't do anything to dissuade me from that opinion, as you'll see below.

LowCostLinks is well aware that they engage in forum spamming. Based on an email discussion I had with their anonymous admin, he didn't care whether it bothered me or anyone else. In fact their convenient "How To Stop Forum Spam" page makes it clear that their "opt out" policy (found here) is to instead tell forum operators that it's up to them to block LowCostLinks. He also rested on the misguided opinion that forum spamming isn't spamming, since it isn't performed via email.

Unfortunately for "companies" (and I use the term loosely) like LowCostLinks, they're woefully uninformed about what their actual platform means from a legal perspective. The same way that an individual can be seen to be "attacking" a website by repeatedly attempting to guess the username and password of a specific third-patry account - without authorization - this repeated attempt to register can be perceived, especially in a court of law, as an attack.

Automated registrations can and have been considered a direct form of "attack" againt any third party website, since by its very nature it ignores the terms and conditions of most forum software on the internet today. In our particular case, we've made a very clear amendment to our terms and conditions for new registrants which specifically describe that we consider any automated registrations to be an actual attack against us. We define it pretty specifically as well:

- Automated attacks are expressly forbidden
- Automated registrations mean that usually no actual human being is even reading the terms and conditions, or performing the registration.
- Automated registrations further mean that only very specific pages of our forum would load, but none of the attendant assets such as images, stylesheets or javascript files. This makes it particularly easy to outline the timestamp of the attacks, since it's very obvious in the server logs, then further reinforced by the data captures I've added in.
- If an automated registration occurs more than once, we can assume that they still agreed to our terms and conditions (since you have to click the "agree" button to continue,) which means that they agree we should pursue all means to get their email and other accounts shut down, since they are not only in violation of our terms of service, but those of their email and hosting provider

But even if we hadn't put these very specific clauses in place, a court of law would still perceive this activity to be unauthorized, malicious, and, in some cases, illegal.

The average idiot forum spammer is typically trying to place links within forums for the purposes of boosting the search engine ranking of the site they want our forum, and thousands of others, to link to. This is usually known as "Search Engine Optimization" or "SEO".

Usually, page rank is based on actual useful, valid content. So for example if I write a posting about pharmaceuticals, and it has links to research papers about pharmaceuticals, that means the page rank of those research papers gets a tiny boost, because it's assumed that the content is both related and relevant.

In this case though: we're talking about utter noise: totally unrelated postings on thousands of forums, linking to sites which on its own would not have a very high page ranking at all. Further: we're talking about subverting actual, relevant, content-related search results by flooding forums with totally unrelated links to sites which have no bearing whatsoever on whatever their main focus is.

Now: that part is, just like regular email spam is perceived to be, annoying, and a nuisance, but not by definition illegal.

However the means to make these links appear can most certainly be charged in a court of law as being malicious, unauthorized, and as previously mentioned an actual attack against which the server or servers this scummy operation chooses to execute their auto-registrations.

he administrator of LowCostLinks claimed that my complaint to him would be re-posted on the lowcostlinks.com website because he claimed it would be "great for sales!" Instead I thought I'd post it here to make clear just what type of characters we're dealing with here, and that LowCostLinks is a nuisance about which any forum operator out there should very much be aware.

Date: Wed, 21 Apr 2010 11:05:27 -0400
Subject: Stop auto-registering to my forum!
From: SiL
To: lowcostlinks@gmail.com

Automated registration attempts made at inboxrevenge.com, by date, descending order:

[above-mentioned list of attack entries redacted - SiL]

Explain yourselves!

SiL

Date: Wed, 21 Apr 2010 11:34:29 -0400
Subject: Re: Stop auto-registering to my forum!
From: "LowCostLinks.com" <lowcostlinks@gmail.com>
To: SiL

re:"Explain yourselves!"

I think you of all people must know what's up if you managed to find our gmail address. We create posts on forums for a fee. Simply deny access to the @lowcostlinks.com email domain and you will never hear from us again. We are not trying to post on "live" forums, sorry for the inconvenience.

Nice abuse policy, yes? Completely unacceptable.

Also note that he lies about registering to "live" forums. IBR is most definitely live. So are hundreds or thousands of others out there, all featuring fake profiles created by this idiotic organization.

Date: Wed, 21 Apr 2010 11:55:31 -0400
Subject: Re: Stop auto-registering to my forum!
From: SiL
To: "LowCostLinks.com" <lowcostlinks@gmail.com>

How about instead you stop violating CAN-SPAM law by continuing to allow your scumbag "affiliates" from attempting automated registrations against thousands of forums?

It's pretty clear you're obviously pro-spam, so I'll make sure that my law enforcement contacts know that.

> We are not trying to post on "live" forums, sorry for the inconvenience.

Then what the hell are the automated registrations for?

You should also be aware that under most countries' privacy laws, this constitutes an attack.

SiL

Date: Wed, 21 Apr 2010 11:58:57 -0400
Subject: Re: Stop auto-registering to my forum!
From: "LowCostLinks.com" <lowcostlinks@gmail.com>
To: SiL

Go ahead, call your cop buddies, it's hilarious how little you know about
forum "spamming" ;) Have a nice day SiL.

Date: Wed, 21 Apr 2010 12:00:15 -0400
Subject: Re: Stop auto-registering to my forum!
From: "LowCostLinks.com" <lowcostlinks@gmail.com>
To: SiL

P.S. you might want to take a read here: http://lowcostlinks.com/how_to_stop_forum_spam.php

So clearly he isn't taking any of this seriously. So be it.

Date: Wed, 21 Apr 2010 12:06:28 -0400
Subject: Re: Stop auto-registering to my forum!
From: SiL
To: "LowCostLinks.com" <lowcostlinks@gmail.com>

On Wed, Apr 21, 2010 at 11:58 AM, LowCostLinks.com
<lowcostlinks@gmail.com>wrote:

> Go ahead, call your cop buddies, it's hilarious how little you know about
> forum "spamming" ;) Have a nice day

"buddies" you say.

On Wed, Apr 21, 2010 at 12:00 PM, LowCostLinks.com
<lowcostlinks@gmail.com>wrote:

> P.S. you might want to take a read here:
> http://lowcostlinks.com/how_to_stop_forum_spam.php

That is a bullshit response, and you know it. You're actively encouraging your "affiliates" (why not just call them spammers?) to continue automated registration against forums, then leaving it up to forum operators to do the extra work of blocking your domain.

You will regret this.

SiL

Date: Wed, 21 Apr 2010 12:14:37 -0400
Subject: Re: Stop auto-registering to my forum!
From: "LowCostLinks.com" <lowcostlinks@gmail.com>
To: SiL

SiL, please stop acting so SiLly. Making idle threats doesn't do anybody any good.

Don't create a forum signup form if you do not want people signing up to it. I am sorry, am I missing something?

1. We do not encourage anybody to make our posts for us.
2. We have an opt out program just like any can spam compliant email posting company does. (But we don't post unsolicited emails, so we don't fall under that law anyways.)
3. We do not attempt to hide our identity.
4. We comply with all "do not post" requests.

Good luck finding another one of the thousands of competitors I have that is as genuinely truthful as us.

Don't worry, we have added all of your domains to our black list, you should not receive any more registrations, please provide any more forums you might have.

Again, no hard feelings, have a nice day!

P.S. this entire thread will be posted on our website, they're great for sales!

In that message he incorrectly linked to the url "http://www.google.com/search?q=forum+backlinks+for+sale" when trying to illustrate how much better his site was than his "competitors", which wasn't anything I mentioned in my original message.

But look at the logic. Honestly. Yeah that's the only reason anyone would put together a forum: so that bogus "companies" like LowCostLinks.com can forum-spam it out of existence. Completely obvious isn't it?

Date: Wed, 21 Apr 2010 12:23:20 -0400
Subject: Re: Stop auto-registering to my forum!
From: SiL
To: "LowCostLinks.com" <lowcostlinks@gmail.com>

> Don't create a forum signup form if you do not want people signing up to
> it. I am sorry, am I missing something?

Clearly, you are, see below. hat is one of the stupidest answers I have ever received from anyone, ever.

> 1. We do not encourage anybody to make our posts for us.

Sure you don't.

> 2. We have an opt out program just like any can spam compliant email
> posting company does.

you are defining "opting out" as telling the owner of a forum to block your domain. That's not "opting out."

> (But we don't post unsolicited emails, so we don't fall under that law
> anyways.)
>

Yes you do fall under that law. It doesn't just apply to email. Nice to know that you don't read.

> 3. We do not attempt to hide our identity.

Yes you do:

registrant-firstname: Oneandone
registrant-lastname: Private Registration
registrant-organization: 1&1 Internet, Inc. -
http://1and1.com/contact
registrant-street1: 701 Lee Road, Suite 300
registrant-street2: ATTN: lowcostlinks.com
registrant-pcode: 19087
registrant-state: PA
registrant-city: Chesterbrook
registrant-ccode: US
registrant-phone: +1.8772064254
registrant-email: proxy2145160@1and1-private-registration.com

> 4. We comply with all "do not post" requests.

Sure: by telling me to block any registration attempts. How about I and all my colleagues continually, 24 hours a day, keep trying to log in to your affiliate form. Maybe we should do so as many times per second as we can, from numerous randomized IP's I mean it's just up there waiting for thousands of automated attempts to log in right? If you don't like it, why did you create an affiliate login form?

> P.S. this entire thread will be posted on our website, they're great for
> sales!

Hey it's also great for law enforcement investigations, charges, arrests, indictments, and convictions. My team has led several of those since 2005 against operations just like yours. You are violating computer trespassing laws. You don't seem to care, so I will make you care.

SiL

This last email seems to drastically change his tune:

Date: Wed, 21 Apr 2010 12:39:21 -0400
Subject: Re: Stop auto-registering to my forum!
From: "LowCostLinks.com" <lowcostlinks@gmail.com>
To: SiL

Content-Type: text/plain; charset=ISO-8859-1

We made a few signups to your forum, our apologies for that. Forum signup forms are meant to be signed up on, are they not? I get plenty of false affiliate signups daily, I just figured it was the way of the net.

Forums are created to post messages on, we post our messages on forums, if the owner deletes the message, or asks us to stop, we do not post anymore. That is basically what we do. Good luck with your future fights, and congratulations on stopping so many spammers out there!

We do not require forum owners to block our email domain to stop posting, it is only an additional option. As well as deleting the very first message, that is another way to stop our posts as well.

Those are not the only opt out methods however, a simple email telling us to "stop posting" will do the trick. I have proof of numerous, kindly worded messages to and fro from such situations, should law enforcement ever find the need to get involved.

Basically we have 3 opt out policies, you took care of two of them, you have already been added to our opt out list, and should not receive anymore registrations.

So suddenly now that I've clarified that we go after operations like his, he's apologizing. He's also suddenly saying that my request was now all I had to do.

He's a liar! (Surprise.)

Also: welcome to the brain of a forum spammer. If they didn't have the internet, they'd just as soon use your bedroom wall or perhaps your car's front seat to plaster thousands of posters announcing where people could get porn for $12, or promoting fake Viagra pills. After all: why else did you buy your house or your car? Your house has a prominent front door which faces the street. It's OBVIOUSLY there for me to put posters on.

Subject: Re: Stop auto-registering to my forum!
From: SiL
To: "LowCostLinks.com" <lowcostlinks@gmail.com>

On Wed, Apr 21, 2010 at 12:39 PM, LowCostLinks.com
<lowcostlinks@gmail.com>wrote:

> We made a few signups to your forum, our apologies for that. Forum signup
> forms are meant to be signed up on, are they not? I get plenty of false
> affiliate signups daily, I just figured it was the way of the net.

Registration to a forum, by a human being who reads our terms and conditions - which expressly forbid automated attempts - is certainly allowed, with the idea that the human being has a brain, and will recognize that repeated automated attempts will have a habit of looking like an automated attack.

That registration is also assumed to be made by a human being who will actually contribute to said forum. This is true of any forum. Forums don't exist purely for you and your affiliates to auto-register at so you can promote whatever bogus links you want.

Especially since my forum is very clearly against this type of automated promotional activity, especially since it has a habit of being run by organized criminals, it's especially telling that your affiliates chose specifically to auto register to it, since it's extremely clear we disallow that exact type of illicit activity.

> Forums are created to post messages on,

By human beings, for the purposes of contributing to specific topics of discussion.

> we post our messages on forums,

Automatically, using software such as Xrumer or several others.

> if the owner deletes the message, or asks us to stop, we do not post
> anymore.

That is unacceptable. You're in violation of your hosting company's terms of service, which specifically disallows automated attacks against other servers, or unauthorized access to other servers. You are performing both of these acts, which I remind you are also against computer trespassing laws in the US, Canada, the UK, Japan, Hong Kong, China, and several other countries.

> That is basically what we do. Good luck with your future fights, and
> congratulations on stopping so many spammers out there!

You really, really need to investigate other alternatives to what you do.

> We do not require forum owners to block our email domain to stop posting,
> it is only an additional option. As well as deleting the very first message,
> that is another way to stop our posts as well.

That is not what you said in your first reply to me. I'll quote it back to you since you conveniently forgot all about that:

"Simply deny access to
the @lowcostlinks.com email domain and you will never hear from us again. We
are not trying to post on "live" forums, sorry for the inconvenience."

Funny how you never mentioned:

1) Yes, right away, sorry to bother you.

2) We take this email seriously, and will acknowledge your request for us to stop doing this.

Your reply was basically: too bad, it's up to you to block us.

> Those are not the only opt out methods however, a simple email telling us
> to "stop posting" will do the trick.

See above! You did not do that, and you are lying to me now about this being your policy.

> I have proof of numerous, kindly worded messages to and fro from such
> situations, should law enforcement ever find the need to get involved.

Oh so it needs to be "kindly worded". I notice that isn't anywhere on your "how to stop forum spam" message either.

> Basically we have 3 opt out policies, you took care of two of them, you
> have already been added to our opt out list, and should not receive anymore
> registrations.

And it took repeated back-and-forth emails to get this simple answer out of you.

This does not excuse your behavior, and reports have already been sent to numerous authorities outlining not only this offense, but many others by your organization which are not hard to find at all.

Too bad you didn't just take my first email seriously. Oh well.

SiL

So there we have it. Further proof that spammers lie, as usual, all the time. And further proof that spammers essentially see any online entity, no matter who actually owns or operates it, as their own personal promotion vehicle.

I'd like to add that searching for lowcostlinks.com routinely turns up all kinds of bot-monitoring sites which list many, many automated registrations.

How any of this is "great for sales!" is baffling.

I have yet to receive a response from their hosting company, the infamous "1and1.com", who routinely are found to be providing hosting to all manner of spamvertised properties, phishing operations and numerous other unsafe and unsavory properties. Doesn't mean it won't happen.

Forum spamming is just as bad as any other form of spamming, but affiliates who join these programs should be aware: they are an accessory to computer trespassing and unauthorized attacks against forums.

SiL / IKS / concerned citizen

Marmeladies.com and Lady-Marmelady.com - Updates on this Russian Dating Scam

Just a quick update that I made a brief addendum to my January posting regarding the by-now-well-known "Lady Marmelady" Russian dating spam setup.

In a nutshell:

Marmeladies.com appears to be a fairly recent additional property spammed in precisely the same way.

The URL "littledatenow.com" is a very heavily spammed URL. As with previous "Lady Marmedlady" spam, it never divulges where you will end up, but the confirmation email inevitably leads there should you foolishly complete a registration. (And why would you do that? It was received via spam. Use your brain!)

When the spammers promoting this are not spamming that particular URL, the link in the spam message is nearly always (yet again) an MSN Live Spaces URL, or that of some other free-redirection url. That started in March, but especially in the recent two weeks has instead changed back to the "littledatenow.com" URL. A few hours after I posted that domain, I started receiving notice from numerous recipients that the new domain being spammed is "dateyourgirl.com".

The MSN Live Spaces urls typically redirect or link to an unpronouncable domain name, passing one of a series of affiliate ID's. The domain at the current time is redactjuri.info, and they pass affiliate ID's 132, 134, 135 and 136 (that I have seen or been informed of.)

Here's a list of all the domains that these MSN Live Spaces locations redirect to:

http://united-states-russian-dating.ru/
http://sexy4sex.info/
http://redactjuri.info/index.php?idAff=###
http://pornorate.ru/index.php?idAff=###
http://jink.ru/index.php?idAff=###
http://pove.ru/?idAff=###
http://gerl-007.ru/index.php?action=3
http://sexualmeet.ru/

(Where "###" is any of the aforementioned "affid" values of 132, 134, 135 and 136.)

redactjuri.info is again registered via GoDaddy using totally fake - and, I might add, incomplete - contact information. Hosted on IP address 111.148.252.71, provided by "North Star Information Hi.tech Ltd. Co." in (of course) Beijing, China.

littledatenow.com was registered via Regtime LTD. on April 5th 2010, just in time to be spammed to millions of recipients. It features questionable contact information claiming to be in Russia. The site is hosted on IP address 219.232.228.204 courtesy of course of "CNCITYNET" in Beijing, China. dateyourgirl.com was registered today (April 19th, 2010) using different but more than likely still fake Russian contact information, registered at Regtime.net. It's hosted on the exact same IP address in China.

[I wonder why the sudden change? Possibly reading this blog? Keep it up. I hear from hundreds of angry recipients of your spam, Marmeladies.]

Nobody from Marmeladies has responded to numerous requests into why they continue to use criminal spam operations to promote their service, but their "service" appears to be a 100% scam anyway based on the multiple messages I've received from the victims of their ongoing financial swindling.

Stay far, far away. Marmeladies.com is a complete and utter scam, more than likely run by criminals.

SiL / IKS / concerned citizen

[Edited 04/19/2010 9:23:09 AM to include MSN Live Spaces redirection information.]

[Further edited 04/19/2010 2:34:16 PM to include newer spammed domain, dateyourgirl.com]

[Further edited 04/20/2010 10:32:23 AM to include further MSN Spaces redirection URLs.]

My "Winnings" and "Inheritances" Update

Take a look at the dollar total in the right-hand-side of this blog. That number is the running total of how much I am told that I have either "won" or "inherited" since I started keeping track of it in January 2009.

As I write this, I just updated that total to be:

$37,135,922,034.73

That is just over thirty seven Billion USD.

Of course I haven't actually won or inherited anything. That should be obvious. This is based on messages sent by criminals who hope I will believe I won or inherited money, so that they can then tell me to wire them "fees" to ensure the money gets sent to me.

When I first started tabulating this, it was meant to be a one year experiment to see how much I would have "won" if I took seriously the claims of every one of the Nigerian scam emails I receive on a daily basis.

Within the first full year of tabulating, I had "won / inherited" $15,010,243,226.36. (Fifteen Billion USD.) On average I was "winning" 20 - 40 million dollars every single day. I arrived at my first Billion USD of tabulated winnings on Jan. 14th, 2009. The next on Jan. 27th. On average, I was winning a Billion dollars every two to three weeks.

Fast forward to 2010 and what a difference a year makes.

I "won" the equivalent of all I won in 2009 within the first two months of 2010, hitting $30,452,821,816.30 on March 3rd. I now routinely receive from 50 - 90 of these messages every single day. There has never been a single day where I have not received any Nigerian scam messages claiming I have won the "Microsoft Lottery", the "Toyota Lottery", the "Yahoo / Microsoft Lottery", the "Euro Powerball Lottery" or any of the other so-called lotteries these morons keep promoting.

I'm not sure why, suddenly, after new year's eve the volume on this particular type of spam experienced such a drastic spike, but it's officially reached what any normal email recipient would have to think was a ridiculous level.

To the idiots sending this spam: if you send the same "YOU HAVE WON!!!1!!" message more than once a year? People will think you are stupid. More than once a month? Come on.

But several times a day?

Every single day?

How often do people seriously think they can win a lottery?!

Unfortunately, the answer seems to be that at least one person does, because I don't see this trend ending anytime soon.

Some more stats in case anyone out there needs further proof of how utterly stupid the criminals are that send these messages:

- Per day, I now win or inherit around $224 million dollars. Every day.
- The lowest amount I have won in a single day this year: $8,833,127.56.
- The highest amount: $1,726,677,256.77 (That was last week.)
- On average I am winning a Billion dollars every 2 - 5 days. In mid-February it was literally every single day that I was winning one Billion dollars.

Who needs a stimulus package?

I think there greatly needs to be further education of the general, non-tech-savvy public, because as the saying goes, if it didn't work, we wouldn't be seeing this spam.

I'm frankly tired of seeing "soft" news stories about otherwise smart people who get duped into these scams. Literally every one of them ends with the same epilogue: "If it sounds too good to be true, it probably is."

I've got a better line they should start using: "Are you high?!"

Seriously: does anyone really believe that they are actually the "winner" of a lottery every other day?

At this rate, I can't even guess how high this will go. My existing projection tells me that based on today's date, and the average I am winning / inheriting every single day, I will reach the following total on Dec. 31st of this year:


$107,498,721,679.48

Or: nearly one hundred and eight Brillion dollars.

If you found this blog posting while looking to see if "your email has won you $10,000,000.00!!!!!!11!!", please read this:

Use your brain.

No lottery in the world will notify you by email, and they will not require you to ever PAY them any money. Use your brain.

The only way you win a lottery is on the off chance (alleged to be one in several billion) that your number, which you payed for at a lottery booth, has won. Your email address cannot "win" anything. Use your brain.

Similarly, you are very unlikely to be notified at random via email when some long-lost alleged relative has died and left you an inheritance.

But most importantly:

You won't win a lottery or inherit hundreds of millions of dollars every single day. You just won't.

SiL / IKS / concerned citizen

MSN Live Spaces: Wake Up!

Several of you may remember that last year I posted an open letter to Yahoo Groups since, at that time, they were the most abused free services used by spammers.

Over the course of many months, several of my colleagues and I assisted Yahoo's abuse teams to rectify the problem, and now they have a very accurate filtering system in place, as well as other means of stopping mass registrations of new Yahoo Groups entries.

Well here we are, only 8 months later, and we're seeing the same abuse happening on MSN Live Spaces, Microsoft's social media portal.

To be clear, the abuse of MSN Live Spaces has been going on at least as long as Yahoo Groups abuse, but it's only recently that we've seen a noticeable increase in the use of MSN Live Spaces Links in spam messages. For the accounts that I monitor, I'm talking about at least a 500% increase. For friends of mine, the increase is even higher than that. On average I now see over 180 messages every day which feature these links.

Some of my colleagues have had mild success in contacting members of MSN support regarding this. To date there has been only a tiny response to this problem, and the barrage is only increasing.

MSN's abuse process for reporting one single, individual offending MSN Live Spaces account is to fill out a form located here, manually entering as much information as the user can find out about the link, and including information which I guarantee the user will not know at all, such as which MSN account was the creator of the Spaces account in the first place.

Filling out that form for one offending URL is fine, if you're only receiving, say, one or two per day. Nobody I know is receiving fewer than 40 or more of these every single day. This is far from an intuitive method of reporting abuse.

All attempts to contact MSN Spaces abuse teams directly, including via this abuse form, has been met with no response, and no feedback on what happened to my report. In most cases, URL's I have reported remain alive several days or weeks later.

MSN Spaces: Wake up!

As we speak, the predominant spam I'm seeing for this is promoting the bogus (and previously mentioned) "Marmeladies.com" fake Russian Dating scam, but many more recent examples seem to focus on "Elite World Casino", another bogus online casino, possibly featuring malware in its installer software. Other newer spam messages I'm monitoring are now also promoting a Korean-hosted "Auto Warranty Source" website, currently hosted at americanwarrantyexpress.com, but of course that URL changes weekly. It's the same affiliate ID every time, however. This turns out to be a scammy US-only auto-insurance operation promoted by the Russia-based "AffZoo.com" affiliate program.

Prior to this month, the #2 type of spam abusing this service was for "Downloadable Software", a site which sells counterfeit versions of Microsoft Windows, Microsoft Office, and a variety of other popular software titles. The software these sites provide is known to contain malware and will cause your Windows computer to join one or another known botnet, operated by criminals, and actively engaging in illegal activity. MSN Live Spaces was likely chosen as the free-hosting solution for this spam because it's a Microsoft portal, so it would make these patently illegal software websites appear to have an air of legitimacy. I reported some 300 of these in the past two months. Only a very small portion of those URLs were ever shut down. (I just checked again and several dating back to January are still active.)

The point is: MSN is not doing anything about this. It's been going on for at least a full year now, and it's only getting worse. The abuse form provided to users is only going to be used by those who really want to spend a lot of time reporting one single URL. People receiving anything like the same deluge I'm seeing aren't going to bother, and of course MSN offers no bulk-reporting service whatsoever.

An obvious suggestion would be to have a quick, easy-to-click link that reports the MSN Live Spaces URL that you are currently viewing, and there you go. Done. Click on it, provide some details about why you think it's scammy, and submit. Blogger does this. Google Pages does this. Numerous types of forum software do this. MSN Live Spaces does not. Why?

Given that so far only 1% or less of my abuse reports have seen any kind of action taken; I believe it is safe to say that MSN effectively has no abuse process for this issue. As far as I'm concerned, I could block all inbound email messages featuring a "spaces.live.com" URL, and my spam would drop by at least two thirds. I know I'm not the only one thinking this, and already at least one spam blocklist has indeed flagged spaces.live.com as featuring a large amount of spammy URLs.

What will it take for MSN to address this problem? Why isn't anyone from MSN Live Spaces responding to any abuse complaints? Why has there been absolutely no modifications to their abuse form in well over a year, given that this problem has only increased?

I'd like to encourage readers of this posting to provide feedback directly to the MSN Live Spaces team, using their feedback form, especially if you, like me, are continuing to see the majority of your inbound spam messages featuring MSN Live Spaces links. This has to stop.

SiL / IKS / concerned citizen

China, Certainly, But What About Russia and Ukraine?

Yes it's been a while. I've been busy. :)

I wanted to post a few quick thoughts on the whole Google vs. China situation.

As most of you have no doubt read, Google very publicly announced that it was the subject of a number of coordinated attacks from Chinese-hosted sources. Google and the international news media have very much raised the focus of the ongoing attacks on behalf of Chinese IP addresses, and this has raised numerous questions about China and its government's involvement in these attacks. I reserve judgement on the particular topic of whether members of the actual government of China had direct involvement or not. [For those of you who have missed all of this, there are dozens of articles out there, but this one should be a good starting point.]

In recent weeks, the investigation into the Chinese attacks have led to two specific universities being involved directly in the attacks against Google and other corporate entities [source], and further led to the discovery of the author of a significant portion of the malware used in the attacks against Google, who did in fact turn out to be Chinese. [source]

All of this got me thinking: why hasn't the same bright light also been shone upon Russia, Ukraine and Eastern Europe, since - together with China - they constitute the majority of all attacks against all servers worldwide on a daily basis? This is not merely my opinion. Do any amount of research into botnets and criminal online operations, and Russia especially shows up most frequently, with Ukraine and China not very far behind. Off the top of my head there are at least a dozen very well-renowned cybercriminal bloggers and security researchers which echo this assessment, and all of them appear to just mention it in a manner which implies this is nothing special.

This past weekend, CNN engaged in mock coverage of a cyber "war", using the title "Cyber Shockwave", and using the subtitle "We were warned", with the intention of underscoring that cyber criminal activity is "serious business", and focusing on the potential for a country's electricity grid, oil pipelines and other infrastructure to be rendered inoperative. [Some coverage of this.]

Many respected contributors participated in this multi-hour examination of what a cyber attack could result in in terms of damage to a country, but nobody at any point mentioned that as we speak there are thousands of attacks taking place against ordinary websites every single day, with the hopes of taking them over so that criminals located in Russia, Ukraine and China can continue to profit via black market fake pharmaceutical products.

A piece of rampant malware named Zeus bot, also known as Zbot, which solely exists to capture banking information, has been a tool used to illegally withdraw money from the bank accounts of several small businesses in the US, and subsequent money transfers to individuals located in Russia and Ukraine, on a daily or weekly basis. This continues to have a devastating effect on numerous banks and small companies as well as school boards and other municipal govenment entities in the US. Brian Krebs has nearly single-handedly been reporting this since at least June of last year. [source, source, source, source and source.] Nobody goes after these people. Why not?

A few points I'd like to add to each of these, lest we continue to refer to spam as being "merely annoying":

• The Zeus bot malware was very often executed by individuals who received it as an attachment to a piece of spam.
• The money mules hired by the Russian criminals to participate in the receipt of the money stolen from these businesses were recruited via spam messages claiming to represent fake financial "processing companies".
• The majority of hijacked servers and home PC's are used in one way or another to support the sending of spam, the hosting of sites promoted via spam, or the deeper infrastructure to obscure the location of sites promoted via spam messages.

I submit to you that email spam is far more than a "mere annoyance": it's a very broad and obvious signal leading to much deeper and more insidious criminal activity should the recipient care to do any digging.

The #1 spamming operation in the world today, by any measure, is Russia-based Spamit and Glavmed, and the ties between this affiliate program and numerous types of malware, identity theft, fast-flux hosting on hijacked Windows PC's, hacking and takeover of pulic websites on a variety of platforms, and probably more that we aren't aware of, takes place every single day. This is a criminal organization and there have been many reports which draw the conclusion that a high-ranking Russian government official has ties to it. Nobody does anything about this. Why not?

"Discount Pharmacy" is another criminal online pharmacy operation, this time alleged to be tied to one Vincent Chan [source]. It's been in operation since 2004 (six years now!) and it remains profitable, because again this operation relies on hosting provided by hacked and compromised windows server operating systems, predominantly located in the US. The profits from this operation siphon their way to both china and Russia. Nobody has bothered to investigate this operation despite the fact that (so far) they have taken over several thousand windows server systems. Why not?

bulker.biz, later known as bulkerbiz.com and currently still operating under an unknown moniker, continues to spam bogus pharmacies like "My Canadian Pharmacy" and "Canadian Health&Care Mall". Their sites, DNS and image hosting are all provided by hacked and compromised Unix, Linux and FreeBSD servers, using a custom compromise which I first described in great detail in 2006 [link]. Not one law enforcement agency has investigated this operation, despite the fact that several of their operators are US-based, and a significant number of these hijacked unix servers have also been US-based. As usual, both Russia and Ukraine feature highly in this operation. Nobody has gone after them. Why not?

You can see the pattern here.

I began my research primarily into spamming operations because spamming was an annoying problem which it was obvious that law enforcement and other agencies simply don't take seriously because it is so pervasive. My tactics have greatly modified over the years to focus more on the purely criminal elements of these spamming operations, and my research has lead where most other cybercriminal researchers have ended up: spam is merely the annoyance. Peer deeper and we see a litany of persistent criminal activity on an international scale, and it's not merely my research which bears this out. Look at the research of most malware investigators, from M86 to SecureWorks, to F-Secure, to PandaLabs, to MacAffee, to Sophos, to Brian Krebs and the Wall Street Journal. All of them started from the other side of the equation: malware, botnets, command and control and money laundering, inevitably resulting in the discovery of "Canadian Pharmacy" spam of one sort or another being sent. This is usually seen as a side-effect. The true criminality from the perspective of malware and botnet investigators is that someone is running the botnet and that it is predominantly criminal. The side effect is always: oh by the way they also send spam on behalf of Spamit and Glavmed, or Bulker.biz.

It took Google to raise the issue of Chinese attacks against servers and other infrastructure, but only because they hinted that the Chinese Government might have a hand in this. I want to re-re-re-raise the following issue, because I believe it to be related, and at least as important as the statments and investigations that Google has been making regarding China:

China, in tandem with Russia and Ukraine, is the source of consistent, large-scale attacks against perhaps thousands of servers of every sort, every day, hundreds to thousands of times per day, for the purposes of taking these servers over, so that they may be used as all manner of infrastructure to support the serving of fake pharmacy websites, which profit criminal spam operations located in those countries.

They have all collectively been doing this consistently for at least 5 years now.

No law enforcement agency in any country has taken a single notice of this, nor have they begun any large scale investigations into these operations despite my notification of this activity, and despite the research of dozens of other respected malware, botnet and security investigators.

I have to ask, since we're in to the second year of those financial attacks, and beginning year six of the other myriad criminal compromises of public web infrastructure: what will it take for law enforcement, and more importantly our governments, to bring Russia, Ukraine and China to task for their continued lack of attention to this criminality?

I have to ask, because so far the likes of CNN are willfully ignoring this fact. The average cyber criminal relies on profit to continue performing these persistent attacks. The only reason one of these criminals would actively go after a power station is if they were out to swindle one of their accounting personnel into sending them money. They're doing this right now to less obvious targets. Wake up.

SiL / IKS / concerned citizen

Lady Marmelady: Another in a Long Line of Bogus Russian Dating Sites

UPDATE (April 18th, 2010): A few things to add to this, since this remains a pretty popular and routinely discovered posting on this blog.

First: the spam promoting "Lady-Marmeladies.com" has mutated into spam that either is still promoting that bogus Russian dating setup or the more recent "marmeladies.com". That switch occured not long after I first posted this in January, and it appears that Marmeladies.com is the predominant spammed property.

Second: As of this April 19th update, the spam promoting these properties has not stopped, and in fact is now third or fourth in quantity compared to the well-known "Canadian Pharmacy" fake Russian pharmacy setup.

Predominantly Gmail recipients (but definitely many, many others) are continuing to receive massive, massive amounts of this spam, with most of it promoting the URL "littledatenow.com". This has been going on for several weeks promoting that specific URL. The predominant means this group is using to promote either "Lady Marmelady" or "Marmeladies.com" is via unwanted spam sent via botnet to most likely millions of email addresses, none of whom ever opted in.

---

Starting on Dec. 12th, I started receiving notices from numerous readers of this blog that yet another strain of ridiculous "Russian dating" spam had begun. (I also received a pretty large batch of it but I had to weed through spam logs to find them.)

I've decided to write this entry to outline what it is, because enough people were curious about it that I thought it was worth doing.

Here are a few examples of the ridiculously worded messages being sent in the hopes of enticing potential "mates" for these alleged "single Russian women" These are just from the past 24 hours.

Subject: Want to know what the real Russian girls love and warmth?

I want you now, tell me reciprocate and get me! A smart click

[Links to: http://cid-e96fb019c8ac25b9.spaces.live.com]

Subject: I can do for you is - what can not no girl!

Want to know what the real Russian girls love and warmth? Visit here

[Links to: http://cid-340515fcc8a5b596.spaces.live.com]

Subject: You have little joy in life? Lacks warmth and affection? Come to me.

I can do for you is - what can not no girl! Speed to come

[Links to: http://pprp.net/index.php?idAff=136&action=3]

Subject: Want to know what the real Russian girls love and warmth?

I sexual Russian blonde, want to see, come closer Knock here

[Links to: http://cid-5af57dfa325d5e11.spaces.live.com]

The MSN Live Spaces links (all reported, but they take a while to come down of course) link to the url "mdok.net".

Each of those MSN Live Spaces URL's feature the following image:

[Hosted on the same mdok.net domain, and named "Ebulk-Img.JPG".]

It only identifies the alleged "dating site" by the name of "Dating".

That image has extremely compressed copy. Clearly they don't seem to care that anyone might actually wish to read what it says before linking forward to the target URL. Here's the copy so it can be fed into search engines (I'm including it verbatim, I'm not altering anything the image contains.):

Welcome to the
Best russian brides online dating site.

Our clients who have already married Russian wives** illustrate better than anything the work we do.
We have been introducing single Russian women since 1997, and we are one of the oldest international marriage companies on the Internet.
What is there in Russian women than no one can fnid in women from other countries? Probably, if you decided to visit the site, you already know what women in your country lack. Russian women are undoubtedly beautiful and sexy, loyal and trustworthy, family-oriented and very feminine.
A great many websites on the Internet are dedicated to russian women marriage. However the number of these sites only makes it more difficult to find a real Russian wife. If this is not your first experience of dating russian women online or dating online at all, then you probably know that there are plenty of scams. You may read about them and - avoid them. I know a couple of sad stories about guys who have been disillusioned in any kind of online dating. Don't become one of them. Believe me, a lot of beautiful lonely women are really trying to find their second half on the Internet. You do have a wonderful opportunity to find your beloved and have a happy life where there will be no place for loneliness.
We represent only real women who are genuinely looking to marry a foreigner. I may assure you that we filter out the scammers and check all profiles. We are always aware if a woman is actively searching for her Mr. Right. We delete all inactive profiles, and you can be certain to find only real women on this site.

Wow. Just tugs at the heartstrings, doesn't it? Something which has always baffled me is when spam arrives with text that could only have been written with spam filter evasion in mind, and then links to a site which speaks to the visitor in the first person. If I received this message, I've clearly never heard of whoever it is that's promoting this rather obvious scam of a site, yet the idiots behind this assume I'm going to have the slightest interest in their fake-personal endorsement of this scam of a website. "I know a couple of sad stories", "Believe me", "I may assure you", etc.. Who is this "I" person? Why on earth would anyone take this seriously at all?

But I digress...

For the nerdier among you: That domain is registered using an address in - you guessed it - Estonia, hosted on IP address 58.218.177.98, which is - you're right again - hosted in China. DNS servers are ns2.datinghosting.net and ns1.datinghosting.com, both also hosted no that same IP. That domain was registered on Jan. 11th. (Yesterday.)

So: nothing terribly surprising so far. An anonymous website, called only "Dating" yet claiming to be "one of the oldest international marriage companies on the Internet" (Really? You registered this site yesterday.)

If you actually visit mdok.net, the goal of the site - no matter which of the "ladies" you click on - is to ultimately get you to register. I would be willing to wager that not one single piece of information presented to the user is genuine.

The title on all pages gives the user no idea whatsoever of what site they are actually registering for. The title on every page is "The best selection on Russian brides". The goal here appears to be to keep the actual brand of this site a secret from the user. The landing page shows a list of what appear to be professionally photographed models with the phrase "100% Checked" underneath the images. (Well that's certainly encouraging.) Clicking on an individual "lady" results in a pretty generic "description" of the model with the only link encouraging the user to "Contact me!"

Apparently this registration process has changed over the past three weeks. The original form featured both country, US state and city. The first people to report this to me mentioned this specifically because trying to actually find the city they wanted to enter was a wild goose chase due to the ridiculous method the programmers of these sites used to list the city names. (It started with some numerical code, and listed literally every known city in the US, in no particular order. Ingenious, really. I'm sure that ensured lots of new registrations.) The current one merely asks you for a username, first name, date of birth, country, email and a captcha value. It also features a checkbox stating "I agree with Terms of Use", but the link for the so-called "Terms of use" goes nowhere. Another red flag. (Stay far away.) Once again we have some real geniuses at work here.

Upon successfully posting the form, you are presented only with the following text:

Thanks for registration!

We'll let you know by email how to contact the ladies

Note that at no point does it ever pass forward any specific "lady"'s ID, even though all of the call-outs are to "Contact me!". At no point does it ever mention where you just registered. No real tangible information whatsoever. On the surface this seems to be an identity theft operation. (Note: as usual no SSL or other secure processing is in place at any point.)

Several individuals did a bit of legwork and created bait registrations to see where the trail led.

About two weeks after sending in their registration, they receive the following "welcome message":

From: info@w-rus.com
Subject: Your account details on www.lady-marmelady.com

Greetings!
Thank you for the registration on our site www.lady-marmelady.com.
Here your account details:
Your login is [#######]
Your password is [########]
E-mail of information service
info@w-rus.com
Save or remember this information!

And look at the messages that start showing up immediately after that:

Dear [username]!

If you have problems with your site www.lady-marmelady.com and can't reach it or login there, you can always go to the site www.dmlogin.com and login to your account there with your login and password.

These ladies did not get any mails for the past 7 days.
We are sending you the list of active profiles (ladies that have been on the site this week) that have NOT received any mails in the last 7 days and that seem to meet your requirements for a partner.
If you like somebody, just click on the profile and write to them.

Also: within one day of the new registration being approved, "private messages" start arriving:

From: noreply@dmlogin.com
Subject: New Private Messages has arrived!

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For replying use the links below or go to the site, login and answer your mail there.

If you have problems with your site www.lady-marmelady.com and can't reach it or login there, you can always go to the site www.dmlogin.com and login to your account there with your login and password.

Hello #######,

You have received a new private messages on www.lady-marmelady.com.

From raptornat 26y.o., 1 message(s), last message at 25-12-2009 08:15:08 GMT Read the letter(s)

To your account [##########]

If you've forgotten your password - write to us at info@dmlogin.com
If you don't want to receive such a message - correct your Account Settings at the site.

Huh? So I can login to either lady-marmelady.com or dmlogin.com?!

lady-marmelady.com was registered in Turkey using contact information from Moscow, Russia on Nov. 30th, 2009.
dmlogin.com was registered using contact information from St. Petersburg, Russia on Jan. 20th, 2009.

Neither of these is anywhere near being "the oldest international marriage companies on the Internet". Not even close.

Liars.

In literally every case, the people who sent me this information claimed that all they had done was register, using bogus information and a newly created email address. They had not entered *any* information on the site itself. No photos. No personal details. No information about the user's height, weight, eye color or hair color: Nothing. And yet, starting the day after their registration was activated, each of the people who contacted me about this scummy operation claimed they were receiving anywhere from 3 - 5 new private messages a day, every single day.

Hey guess what? You can't read private messages without paying money to lady-marmelady.com.

Given that the initial contact regarding this whole setup claimed "you can be certain to find only real women on this site", this sounds extremely suspect. Genuine dating sites don't act like this one does. No normal human being on the other end of a dating site will contact someone without seeing the slightest hint of personal information. For anyone who had any doubts about whether this is a legitimate site or not, that right there should tell you: this is 100% fake.

Subsequent messages consistently claim that no fewer than a thousand new "ladies" have been "activated" on the site:

On our site www.lady-marmelady.com 1641 new ladies have been activated this week!

There are 1014 among them who match your criteria.

On our site www.lady-marmelady.com 1608 new ladies have been activated this week!

There are 993 among them who match your criteria.

On our site www.lady-marmelady.com 1086 new ladies have been activated this week!

There are 635 among them who match your criteria.

That's an average of from 58% to 63% who "match your criteria", despite these users never having logged into the site to set any such "criteria". Again: FAKE! Stay far away.

So who's responsible for this scam?

Messages sent to the user on behalf of lady-marmelady.com come from info@dmlogin.com. dmlogin.com appears to be a separate operation. Its affiliate program is: owndating.com (Registered in March, 2007)

The affiliate program for lady-marmelady.com is profitdating.com (registered in June, 2009)

Neither of these organizations has responded to numerous requests regarding why they use criminal spammers to promote their services. I wonder why?

Nutshell: yet another bunch of scammers from Russa. What else is new?

I would very strongly recommend against joining this scam of a site. (I guess that actually means: either of these sites. They can't even keep that part straight.)

I'm starting a counter to keep track of how many times someone from Russia is lying to the public at large. This sole example represents no fewer than 30 distinct lies, not including the repeated emails the individuals who brought this to my attention continue to receive. Much of the Russian individuals I hear from regularly via crap like this seem to have a pretty consistent track record of being outright liars.

Stay safe.

SiL / IKS / concerned citizen

P.S. I edited the last paragraph because some readers felt it was overly broad. Apologies to any non-criminal Russian citizens I may have offended.