Blog

Links

The newsletter@namecheap.com email spam scam

posted: February 28, 2021

tl;dr: The shady companies that Warren Buffett and GEICO use to send spam...

Recently my junk mail folder has been flooded with spam from GEICO and a variety of other companies, some more reputable than others: everything from ADT home security to TommyChongsHemp.com. I’m going to focus on GEICO, owned by Warren Buffet’s Berkshire Hathaway, because they are in a very staid line of business, insurance, where a company’s reputation for adhering to the law and to ethical business practices matters. You might pay premiums to an insurance company for years before you ever file a claim to get some money back, and you need to trust that the insurance company is going to behave ethically in assessing your claim. This doesn’t always happen (see my posts on the problems I had with Sentry Insurance), but in theory it should.

This flood of spam follows a certain pattern. The “from” email address is never anything that might clearly be owned by GEICO, such as geico.com, and the email account is “newsletter”: for example, newsletter@pcund.com. Yet the email is not a newsletter that I may have signed up for: the “newsletter” in the email address is misrepresentation being done to attempt to avoid spam filters. The domain name (the portion of the email address after the ‘@’) also appears in the links in the body of the email: the links do not go to geico.com. The email body clearly appears to be directly from GEICO: nowhere does it say that the email is being sent by another company or person on behalf of GEICO, or who is soliciting potential customers for GEICO.

The body of a recent GEICO spam email

The GEICO spam emails were rarely sent from the same email address twice. Each day would bring one or several GEICO spam emails from different email addresses. Here are the recent email addresses from which I’ve received GEICO spam:

Right off the bat there appears to be a violation of the the very first compliance requirement in the FTC’s guidelines for adhering to the CAN-SPAM Act, with GEICO sending emails from meaningless, misleading domain names. The spammer changes the domain name often to avoid spam filters and to make it harder to chase down who is sending these emails. The GEICO emails do contain a statement in the small print that says “This is an Advertisement”, even though the email’s “from” address claims it is a newsletter. But when I actually go through the unsubscribe process, the emails continue to be sent, always from another, different domain name. Perhaps the spammer would claim that I did successfully unsubscribe from “newsletter@pcund.com” but I am still subscribed to emails from “newsletter@tilynatsst.com”.

Digging deeper, there’s another important characteristic that all these GEICO spam emails share: the domain names are issued by the same DNS registrar: namecheap.com. A DNS registrar is a company that registers a domain name in the Internet’s DNS (Domain Name System) registry on behalf of a registrant who wants to use that domain name. An quick search of namecheap.com turned up articles such as this one: NameCheap is hurting the Internet.

NameCheap is clearly a shady company that sells domain names for cheap to all comers, few questions asked, so that scammers can quickly set up scam websites and send spam, and then move onto another domain name. These cheap, temporarily used domains are called “burner domains”, and NameCheap apparently sells more of them than anyone else. NameCheap, in my opinion, should be kicked off the Internet by ICANN, but ICANN has been going downhill in recent years for a variety of reasons. If you are a legitimate business, you should definitely NOT use NameCheap for any reason, because you may be lumped in with enforcement actions ultimately taken against NameCheap. NameCheap’s legitimate customers are human shields for the criminal activity that NameCheap is enabling. Because of the importance of NameCheap’s domain names to the spam I am receiving from GEICO, I call the email scam I am experiencing the “newsletter@namespace.com email spam scam”. NameCheap is probably not too worried about action from U.S. law enforcement: there are a few people whose names appear in their website, and when I searched for them, the best matches I got were for people living in Ukraine.

One of the websites of the company registering burner domains to send GEICO's spam

The question then becomes: who is registering these burner domains? The DNS registrar is required to collect some information about the registrant, which is publicly accessible via ICANN’s “whois” service and other tools built upon this data. The street address is usually a Las Vegas pack-and-ship company that rents out mailboxes. The company names vary, and a variety of domain names are used, but the websites are all identical except for branding and some graphic images:

I doubt that GEICO is directly engaging with “InfinateRiver” or “BrakeSpoil” or whatever the spam sender is calling themselves today. Usually what companies like GEICO do is set up a marketing affiliate program. GEICO will sign up other companies and people and pay them for each lead from the affiliate that eventually lands on a GEICO website. This creates plausible deniability for GEICO when their affiliates engage in business activities that may be unlawful or fraudulent, such as sending spam that violates the CAN-SPAM Act. GEICO may even make their affiliates sign an agreement stating that the affiliate won’t engage in unlawful activities, and then look the other way when affiliates do so.

So there are probably three shady companies that are being engaged by GEICO to send me spam: a shady affiliate, a shady spammer (“InfinateRiver” et al), and a shady DNS registrar (namecheap.com). Because the email content states that it is from GEICO, and because GEICO benefits from people who respond to the spam, and because GEICO enabled the scheme, I consider GEICO to be ultimately responsible for it. Which leads to the question: why would anyone want to purchase insurance from a company that is engaging in potentially unlawful and fraudulent business practices rife with misrepresentations, starting with the “from” address in the emails themselves? If GEICO’s marketing practices carry over to the claims side of the business, you may never get a fair payment on a claim. I’ve already seen another insurance company lie in court to avoid paying a claim, so I’ve eliminated GEICO from any consideration for my future business.

The sad thing is that I work for a digital agency that produces great emails on behalf of our clients. Our emails are professionally designed, with beautiful images and graphics, proper grammar, and informative information. They are also, in many cases, subject to regulatory review. We take great pains to help our clients adhere to all aspects of the CAN-SPAM Act. Email can be a beneficial tool for both businesses and consumers, to convey valuable information that improves people’s lives. So I am disheartened when I see companies like GEICO sending out spam, instead of working with reputable companies to send out emails that people actually enjoy receiving.

(continued: fighting back with 80 lines of Python)