I just received an email. It was sent an email list that I signed up for, in person, last week, at a wine tasting in my neighborhood here in Chicago. It was very much a desired email. I can't wait to go back to that wine store (once I'm over this cold) and stock up. I don't know much about wine, but I'm having fun learning, and this email got me excited.
Geek that I am, I took a look at the headers. I looked up the source IP address in WHOIS and found that it is registered to "ORCS Web, Inc.," a random web host. That's odd. It's not clearly registered to an ESP. Then I looked at the return path and click redirect domains. They both use a semi-generic "mail" domain. When I look that up in WHOIS, I find that it's registered to "Domains by Proxy, Inc." Meaning that the owner of the domain desires to hide their true business name.
Is this transparency? Is this ESP standing up and making it clear and obvious that they're the responsible party for this piece of mail?
The thing is, this isn't spam. I signed up for this. But the lack of transparency here is confusing, and I don't see a good reason for it. If you're a legitimate company, why isn't your domain actually registered to you? Why are you sitting in somebody else's IP space?
I know who the ESP in question is, cause it's obviously discernible for somebody like me, by looking at other bits of the data. But that's not the point; I'm a power user. Obfuscation isn't something I fall for easily. Even though I can see past it, you're still making me wonder why you would do it to begin with.
Is it meant to fool less savvy recipients, less savvy email administrators? Why would a legitimate list owner, or a legitimate email service provider, work that way?
Heck, let me ask a simpler question: What legitimate company doing business on the internet would want to hide behind Domains-by-Proxy? What kind of businesses do you think of, when you think of ones that might not want to be easily traceable? What domain owner, what proprietor of an online store, what professional business, would want to hide their business information?
Ransomware email protected by DMARC
18 hours ago