Yes, it really is a legitimate domain, unlike many of those which you'll find described herein!

Note, if you are here because you're trying to figure out why you have spam claiming to be from "spamtrapaddress.com", be advised that it did not originate from our system. No outbound mail for this domain has been processed in over two years, and we do publish Sender Policy Framework (SPF) records listing the only legitimate IPs that such mail should come from. If your server accepted it, then decided to bounce it, you need to look at server's configuration and fix its "back-scatter relay" problem!

Also be advised that we tag any server attempting to bounce such mail as an open relay in our own system, and will refuse to accept further mail from it. So don't bother trying to send any questions about this.

Something I've been looking for for some time is a signature for "UPX-compressed" virus files, so that they can be blocked at the receiving mail server level, even before the anti-virus signatures have been updated. Since no one seemed to want to publish such a thing, I did some old-fashioned empirical testing, and found the following two regular expressions which will detect a MIME-encoded, UPX-compressed executable file:

^TV......................AAAAAAAA[HQ]AAAAA.............(J9x6ptYCMyAUFAI7YB|AAAAAAAAAAAAAAAAAA)...$
^jsD986X8LoBsEhBz55KvrQ4O..................VQWCELAwMI....................$

These will be the first two lines of the attachment. Make sure your regular expression parser checks in a case-sensitive manner, to avoid false positives.


Time and the amount of spam being received for these unadvertised domains has dictated that I can not keep the following as up-to-date as I'd like, but it will updated from time to time....

The following have tried to spam us so far:


25 October 2004 - Judging by the amount of spam from this guy, he really wants to hear from a lot of people who are interested in becoming distributors for "Herbalife", whatever that is. If you're interested, Julius L. Moltgen wants to hear from you. And, since this page is indexed by lots of spammers, I'm sure he will get a lot of mail, now.


01 February 2004 - Early last month (January), a company named E Barks Network began sending UCE to several of our spam traps. From their web page:

eBarks.com, a leading Internet marketing company, specializes in using creative and established online mechanisms to drive quality traffic to web sites. Our experts have many years of strategic online marketing experience. eBarks.com is the premier provider of Internet-derived, permission-based direct marketing data solutions.

Fancy words. Little truth in them. The domain was created on 31 December 2003, according to WHOIS, so they can't have much of a track record of being "premier" anything, and sending to email addresses that haven't existed for a minimum of 4 years longer than they've been in business puts their claim to "permission-based" marketing in clear violation of Truth in Advertising.


08 October 2003 - I'm surprised it took this long for WWW-TOPSITES.COM to join in on the spamming of this domain, but they have. This site appears to be a front-end for DMOZ, a "moderated" search engine, but it is just a wrapper to hide behind; I can find no link between www-topsites.com and dmoz.org, other than (probably) stolen content.


Just after Independence day, the Argentine subnet 200.9.212.0/24 sent an opening spam salvo at abusedemailaddress.com, claiming to be "invbuy22@topmail.com.ar".


04 September 2003 - A new spammer has appeared on the horizon, claiming to be an "Opt-in, Permission-based" email marketer. Too bad their first emails went to non-existant addresses on our system, who could not possibly have "signed up to receive offers", as claimed in the following quote from their website, as it existed on 05 September 2003:

What is www.gpmnet.com?
gpmnet.com, a site owned and operated by GlobalPoint Media, LLC., exists to help consumers better understand certain emails they receive. GlobalPoint Media, LLC. is a permission-based marketing company. You have received an email from gpmnet.com because you have signed up to receive offers from GlobalPoint Media, LLC. and its marketing partners. You have signed up by submitting our or another company's registration form with our membership advertisement checked, or by otherwise becoming a member.
One service that GlobalPoint Media, LLC. offers its members is the benefit of receiving advertisers' promotions and offers.
However, if you do not wish to receive any emails from GlobalPoint Media, LLC., please unsubscribe by simply following the unsubscribe (opt-out) procedures contained at the bottom of the email that you had received. To read the privacy policy that all members have expressly consented to, please go to: www.globalpointmedia.com

GPMNET.COM, spamming as globalpmnet.com, is hosted at IP 209.66.67.14, owned by United Layer, Inc., located at 1019 Mission Street, San Francisco, CA, who also hosts their DNS services. The domains themselves are registered to Lilly Almo, GlobalPoint Media, LLC., 163 Amsterdam Avenue, #127, New York, NY 10023, with a phone number of 212-489-0319.


25 August 2003 - Under new names - goldmonkeys.biz, salesjet.biz, and alexoffers.com - our "friends" at NeoVision/BestSpecials have returned.

All information below for those other domains applies to these new domains, i.e., spamming through hijacked proxies, claiming to use "confirmed Opt-in lists" while sending to non-existant addresses, etc.

Oh, there is one exception - goldmonkeys.biz, salesjet.biz and alexoffers.com all resolve to the same IP address, 81.1.243.34, which is a multi-domain server owned by 'www.grinhost.net', a Russian ISP. Apparently, they can no longer afford what U.S. ISPs would charge to house a spam site... And, since GrinHost doesn't have a working abuse@grinhost.net address to deal with violations of their Acceptable Use Policy (quoted, in part, below), it seems they're the perfect place to hide:

The following constitute violations of this AUP:
[stuff omitted]
Unsolicited E-mail, News Bombing (SPAM) Use of the GrinHost service to transmit any unsolicited commercial or unsolicited bulk e-mail is expressly prohibited. Spam complaints will be sent to the e-mail address on file. Violations of this type will result in the immediate suspension of the offending website on the GrinHost server. Failure to respond to complaints within a 24 hour timeframe will result in the GrinHost abuse staff suspending the offending website or shared hosting account by whatever means necessary. Should the account become re-activated without the express written consent of GrinHost's Abuse Department, the offending website or shared hosting account will be immediately terminated, and may result in suspension / termination of the server should the site and/or client re-appear on the server. Anyone hosting websites or services on their server that support spammers or cause any of our IP space to be listed in any of the various Spam Databases will have their server immediately removed from our network. The server will not be reconnected until such time that you agree to remove any and all traces of the offending material immediately upon reconnection and agree to allow us access to the server to confirm that all material has been completely removed. Severe violations may result in immediate and permanent removal of the server from our network without notice to the customer. Any server guilty of a second violation will be immediately and permanently removed from our network without notice. Malicious intent to impede another person's use of electronic mail services or news will result in the immediate termination of the offending GrinHost account.

UPDATE 26 August 2003 - the "opt-out" address for all of the above domains is h23.free-ns.net. This resolves to IP 216.67.235.138, which is a server claiming to be GrinHost again... But, IP 216.67.235.138 belongs to Pegasus Web Technologies, a New Jersey hosting outfit... Hmmm... I wonder if their abuse address works?

Checking WHOIS, it looks like these domains have "less than accurate" addresses.

Goldmonkeys.biz, for example, is listed as being registered to:
Sarah Williams
Gold Monkeys
98 Grant St
Boston, MA 02149

My 2003 map of Boston doesn't list a Grant Street...

Salesjet's information lists:
Neil Falcon
Sales Jet, Inc
512 California St
San Francisco CA 94117

This is, at least, a plausible address, although the postal code is about 2.5 miles off the mark.

By the time they registered alexoffers.com, they'd found a registrar that would hide their information from prying spam hunters.

Additionally, we've found the following other domains that appear identical to these, but which have not spammed abusedemailaddress.com or spamtrapaddress.com (although they have hit other customers on our system):
greatbizservices.com
bestspecials.biz (domain now abandoned)
kellysoffers.com (domain exists but doesn't resolve)

UPDATE 15 September 2003 - Add greatbizservices.com to the list of proxy spammers with this same claim of using "Opt-in" lists...


41 days after registering abusedemailaddress.com, "bestspecials.biz" tried to spam the non-existant address SALES. Quoting from their web site:

Welcome to BestSpecials!
At BestSpecials, we are industry leaders in online direct marketing. We offer proven results. You can put your trust in our confirmed Opt-in lists. We have millions of subscribers that have opted-in to a multitude of categories. We offer the data you need, such as physical address, age, income, purchasing power, key executive contacts, and SIC codes.
Our Opt-in permission-based email is the better, faster, and more effective way to market your business. Opt-in means customers have given their consent and request to receive information about products and services from companies like yours. Not only does this qualify prospects, it makes them more receptive to your offer and it costs substantially less than traditional direct marketing.

Gee, this looks just like NeoVisionGroup, mentioned below! In fact, their web site is at exactly the same address (64.74.96.133), and all of the other characteristics of the spam attempts match, such as using open proxies to send their spam. Another loser outfit, in our opinion.

UPDATE 25 August 2003 - this domain appears to have been abandoned or otherwise shut down; it no longer resolves to an IP, and WHOIS returns no domain name server.


18 days after registering spamtrapaddress.com, "sales@neovisiongroup.com" tried to send email to our non-existant "sales" department. Interesting.... Quoting from the NeoVisionGroup website as it existed on 12 June 2003,

Welcome to NeoVisionGroup!
At NeoVisionGroup, we are industry leaders in online direct marketing. We offer proven results. You can put your trust in our confirmed Opt-in lists. We have millions of subscribers that have opted-in to a multitude of categories. We offer the data you need, such as physical address, age, income, purchasing power, key executive contacts, and SIC codes.
Our Opt-in permission-based email is the better, faster, and more effective way to market your business. Opt-in means customers have given their consent and request to receive information about products and services from companies like yours. Not only does this qualify prospects, it makes them more receptive to your offer and it costs substantially less than traditional direct marketing.

This would be commendable, if it were true. However, it does not jibe with their attempt to send mail to a non-existant address on Thursday, 12 Jun 2003, at 10:39:44 CDT. Hmmm... How can an address that does not exist be on a legitimate "confirmed Opt-in list"? It would appear that, in the dictionary used by NeoVisionGroup, the act of registering a domain qualifies as "opting in" to their lists...

The message in question was sent from an IP with no reverse DNS, 66.220.27.164 (subnet owned by "Powersurge Technologies Inc." and Hurricane Electric), while their web site is hosted at 64.74.96.133 (subnet owned by "Live Wire Media Group, Inc." and Internap Network Services). Hmmm... Live Wire Media Group... Internap Network Services... Where have I seen those names before? Could it be that these names appear in connection with a lot of unsolicited bulk email?

Interestingly, Live Wire Media Group's store site sells "Junkmail Guard for Outlook". I wonder if any of their sites or clients get special handling by the program?

Even more interesting, the 66.220.27.0/24 subnet seems to be a web hosting service, which includes at least one porn site... I wonder if they really want to be associated with spam?!?

UPDATE 24 June 2003: NeoVisionGroup spam attempts continue. Today, they tried sending mail to "sales@" two domains that only have sites hosted with us, and no mail server. Kind of hard for these "people" to have "opted in" to receive NeoVisionGroup mail if they never existed! Also, each attempt has come from an open proxy, somewhere in the world. This trait has been reliable, in fact, that spam attempts from NeoVisionGroup now find their way directly to our open proxy block lists...

UPDATE 25 August 2003 - this domain appears to have been abandoned or otherwise shut down; it no longer resolves to an IP, and WHOIS returns no domain name server.


The following links appeared in postal mail solicitations that were formatted to look like invoices, in an effort to convince people to pay for services they did not knowingly order, or on web sites mentioned by such solicitations:


Internet Corporate Listing Service website Multiple solicitations received 3/4 June 2003, in the form of a invoice (with "notice of solicitation" in non-obvious type), charging U.S.D. $37.50 to submit the solicited domain to "14 major search engines", create 8 keyword listings, and submit quarterly reports of ranking... about 10 minutes work for a person who knows how to use a browser.

Update 14 November 2003: ICLS is at it again. Here is one of their latest invoices, so you can see what they're doing. They've increased the size of the "THIS IS A SOLICITATION" message, but it is the same scam... 35 bucks to do 10 minutes work, if that. They've even assigned customer numbers to their solicitations!


The following companies/domains repeatedly hit our spam traps:


To view the stated policies of Bluerockdove.com, you'd think they were a reputable company:

Bluerockdove.comís takes pride in offering the best of breed technology solutions to the clients while strictly adhering to its policies towards unsolicited commercial email. As most of our clients are well renowned marketing and publishing firms that promote their products and services using our technology and network infrastructure, they understand our ZERO TOLERANCE policy and any repercussions that may follow for misusing our service. To further enforce these policies, we reserve the right to unsubscribe anyone who makes a request to be removed from our systems.

And yet, they have been trying on a daily basis to send mail from the 207.134.171.0/24 subnet, to addresses that have not existed on our system for longer than their company and domain have been on internet, despite bounces with permanent failure codes.

While they claim a ZERO TOLERANCE policy towards people "misusing" their service, we enforce a real ZERO TOLERANCE policy towards anyone who sends to spam traps, and have blocked the subnet and all domains originating from within that subnet. A quick check of most anti-spam groups shows that we're not the only ones, either!

Note: The appearance of any email addresses on this page or any other page on this site is intended solely for the convenience of persons wishing to contact us regarding topics and products discussed upon these pages. It does not constitute permission to use such addresses for the purpose of email solicitation by others. We vigorously protect our privacy. We have and will continue to take all legal steps necessary to ensure that persons abusing our email addresses with unsolicited commercial email regret having done so. We do not do business with any individual or company engaging in such practices. Our policy - we don't delete spam, we delete SPAMMERS!