Promoting Transparency

I just received an email. It was sent an email list that I signed up for, in person, last week, at a wine tasting in my neighborhood here in Chicago. It was very much a desired email. I can't wait to go back to that wine store (once I'm over this cold) and stock up. I don't know much about wine, but I'm having fun learning, and this email got me excited.

Geek that I am, I took a look at the headers. I looked up the source IP address in WHOIS and found that it is registered to "ORCS Web, Inc.," a random web host. That's odd. It's not clearly registered to an ESP. Then I looked at the return path and click redirect domains. They both use a semi-generic "mail" domain. When I look that up in WHOIS, I find that it's registered to "Domains by Proxy, Inc." Meaning that the owner of the domain desires to hide their true business name.

Is this transparency? Is this ESP standing up and making it clear and obvious that they're the responsible party for this piece of mail?

The thing is, this isn't spam. I signed up for this. But the lack of transparency here is confusing, and I don't see a good reason for it. If you're a legitimate company, why isn't your domain actually registered to you? Why are you sitting in somebody else's IP space?

I know who the ESP in question is, cause it's obviously discernible for somebody like me, by looking at other bits of the data. But that's not the point; I'm a power user. Obfuscation isn't something I fall for easily. Even though I can see past it, you're still making me wonder why you would do it to begin with.

Is it meant to fool less savvy recipients, less savvy email administrators? Why would a legitimate list owner, or a legitimate email service provider, work that way?

Heck, let me ask a simpler question: What legitimate company doing business on the internet would want to hide behind Domains-by-Proxy? What kind of businesses do you think of, when you think of ones that might not want to be easily traceable? What domain owner, what proprietor of an online store, what professional business, would want to hide their business information?

I wonder.

6 comments:

James said...

Actually, I can see this.

If a company is considering going into a new area, they may want to set up a subsidiary with obscured links to the parent company in the hope that their competitors-to-be take a while to cotton on.

(For example, the parent company might have a considerable amount of purchasing power, and believe that they can use this to undercut the current market leaders and establish market share. For this to work, it helps if the existing companies in the sector don't know that they need to slash their costs until half their customers have gone elsewhere.)

So they might acquire a domain through someone like Domains-by-Proxy before the legal subsidiary is set up, so they know they can get the domains before they do the paperwork, and so the parent company's name never appears in conjunction with the subsidiary.

Al Iverson said...

Companies do this all the time capably, using alternate office addresses or a PO Box. This wasn't something that only came about when DbP became available.

The problem is, what about all the ones that I run into, where it's either bad actors, questionable actors, or supposedly good guys trying to obscure who they are? What about in those instances?

Edward Lansink said...

I know of companies that get this privacy protection to prevent domain hunters from spamming them with requests to buy domains.

Some of these companies build up large portfolios of domains and will receive plenty of such spam.

Al Iverson said...

I have 30+ domains myself. I have this thing called a "spam filter." It's pretty amazing. (Actually, mine works pretty good, in that emails from my registrar get through, and pretty much nothing else does.)

This doesn't protect you from spam at all. There's still an email address associated with the registration. Maybe DbP runs some sort of spam filtering for you, but that's no different than life-before-DbP.

Edward Lansink said...

Al - What I meant was, unless you use DbP, it's easy for domain hunters to pick up your domain's associated email address and spam you with purchase requests. "Spam" in a broader sense, that is, not the typical stock options or pharmaceutical offers.

I believe that's one of the main motivations why some companies choose to use DbP.

Al Iverson said...

Yeah, I get that. What I meant was that DbP doesn't prevent that. Your whois entry still has an email address that still goes to you. The only difference there is DbP is running a spam filter for you, I assume.