Beware those scam emails from .top, .stream and .download domains

Member for

1 year 6 months
Submitted by AlReaud on Mon, 10/03/2016 - 17:43

Since the advent of .top, .stream, and .download domains there has been a plethora of new spam emails that are flooding the Internet. This result comes from cheap hosting accounts available from many providers. Hosting providers have no incentive, however, to stop this because they are making money from hosting questionable accounts, and there are technical and legal challenges to stopping spam.

Spotting the scam emails is pretty easy, they usually come from strange addresses ending in .top, .stream, or .download, but can be from other domains with entreaties to protect children, etc. Usually, but not always, the emails contain only images, and the links are very ephemeral. The most important thing you can do to protect yourself from these is to DISABLE REMOTE CONTENT (Google your specific email browser to get the information on how to do so). The next most important thing, other than marking them as spam and deleting them immediately, is to set filters that mark and delete email from .top, .stream, and .download domains.

By disabling remote content, the image that is usually enclosed in the spam email isn't downloaded. That prevents the compromised server these things redirect to from knowing that your email address is valid and being read. It can do so because as seen below, the embedded links in the email have a unique signature that is associated with your email address.

Five examples are (redirects are done using the text only browser, Lynx, and Wireshark for packet capture, PLEASE DON'T FOLLOW ANY OF THE LINKS BELOW UNLESS YOU ABSOLUTELY KNOW WHAT YOU ARE DOING!):

I'm waiting for my count of suspicious spam email to reach 100, then we're going to do some mapping to see who owns these sites and domains, who the hosting providers are, what the IP address and countries are, etc. There is a need to find out the commonalities between them to be able to effectively fight this scourge of the Internet. Safe emailing, folks!


Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol type start> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id> <u> <s> <sup> <sub> <hr>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enter the characters shown in the image.