News

NameCheap.com - Spam-Friendly Provider, hosting GetMyBusinessFundedNow[dot]com

UPDATE 2018-06-28: see the follow-up post here.

Another day, another large hosting provider knowingly providing service & support to spammers, by turning a blind eye to spam complaints. The latest provider to demonstrate that behaviour? NameCheap.com.

Since earlier this year, a site that we manage has received repeated, persistent spam EMails hawking small-business loans, via links using a number of different, but similar domain names. Rather than sending the links in regular EMails, these spammers were instead using the website's contact form - a common trick used by some types of spammers, to evade spam filters (typically it's much more difficult to block contact form spam, because the actual EMails come from your own server) - which also makes it harder to report the spammers, since you can't do so using automated/turnkey services like SpamCop. But these spammers managed to get my attention thanks to their persistence (at one point, we were receiving daily contact form spam from them), so I started attempting to track down where the spam-vertised sites were hosted. Which brings us to the main topic of this article: NameCheap.com, the company providing hosting service to the spam support site advertised in the most recent example.

Read on for the details of NameCheap's response (or rather the utter lack thereof) when we attempted to report the issue to them.

We took the standard steps to determine where the spam support site was hosted: first looking up the IP address of the server hosting it, 192.64.119.159 - and then looking up that IP address in a geolocation service that also also lists the owner of the IP address: in this case, the owner is listed as "Namecheap Inc." Being familiar with NameCheap & knowing them as a fairly large, reputable (by and large) provider, we decided to report the issue to them & looked up the contact information for their abuse department. We then sent copy of the full spam message to their primary abuse reporting address, abuse@namecheap.com, including the offending links to the spam support site hosted on their servers. That was on November 1st... after 5 days with no response whatsoever, we sent a follow-up through their support ticket system. That was 4 days ago, on November 6th - and the response since then? The best way to illustrate that is with a screenshot of the replies/history for that support ticket:

That's right, after 9 days, the only messages under that ticket are the ones from us - with no response whatsoever from NameCheap staff. The ticket is listed as not even having been assigned to one of their staff - which, if you're familiar with Kayako Fusion (the support ticket software they appear to be using), means there's a very good chance that the ticket hasn't even been looked-at yet. And suffice it to say, nothing has been done about the offending spam-support site: GetMyBusinessFundedNow[dot]com is still online, and still hosted on NameCheap's servers. At this point, it looks like NameCheap belongs in the steadily-growing list of large providers who are spammer-friendly in practice, if not in official policy: such as OVH, BlueHost, Google/GMail, and Microsoft/Hotmail. They're a great choice for spamming & hosting spam-support sites, but they should be avoided for anything else - for the same reasons that it's a bad idea for a legitimate business to setup shop in a neighbourhood that's full of crack houses.

UPDATE 2018-06-28: see the follow-up post here.






Comments

Perry on December 11 2017

Did they follow up with you on this? I have also come across problem with NameCheap spam. All they do is threaten you with a lawsuit if you report spam.

Nunya on February 13 2018

I guess they’re not very scared of threats from a nobody.

StephenB on February 19 2018

@Nunya - I guess this post hit a nerve, eh? I’m curious: do you have any actual reason to be an apologist for Nameacheap, or is there just nothing better to do when you live in McKinney, Texas?

len on June 24 2018

NameCheap is a great service for spammers; the company is willing to turn a blind eye while these creeps carry out their illegal campaigns using NameCheap’s servers. Since January, I have reported 31 sites connected to NameCheap (I can provide the full list if you would like). These sites bombard people with hundreds of email messages per day, use spoofed email addresses, contain bogus opt-out links that go nowhere, and violate dozens of laws and industry best practices, yet NameCheap does nothing about them as long as they pay their bills. No wonder they can charge so little for their services; the spammers must pay them enough to more than make up for it.

StephenB on June 25 2018

@LEN - sadly, that’s been my experience as well. I have a few posts in the works, following-up on this one - the absurdly-slow response time to abuse complaints was bad enough, but it turned out to be just the tip of the iceberg. When they finally DID respond, they repeatedly claimed that the sites weren’t hosted with them - turns out that the spammers were using full-page frames/iframes to embed spam content from other websites. And Namecheap is perfectly happy to accept that as a defense/hide behind that as an excuse to continue providing service to spammers: even though the spam URLs are hosted on their servers, they claim it’s not their responsibility because the actual spam-support content is hosted elsewhere & just embedded via frames/iframes.

Even just getting to that point is an uphill battle, thanks to the stunning incompetence of Namecheap’s support/abuse-handling staff. First, they’ll likely misunderstand the most basic aspects of the complaint & insist that issue isn’t their responsibility because the EMail didn’t come from their servers - even if you clearly indicate that you’re reporting a spam-support website instead and not the EMail itself. Then they’ll insist that the site isn’t hosted with them, despite the fact that the domain is pointing at their nameservers & resolves to an IP address that they control. And most of the time, they’ll further misunderstand the problem by claiming that they can’t suspend the domain registration - despite that not being the issue in question, and not being necessary to actually address the issue.

Apparently, the ability to understand the difference between EMails, websites, and domain names is completely optional for working in Namecheap’s support department. And that’s being generous, assuming that they’re not being deliberately-obtuse for the purpose of being obstructionist.

Even when I’ve reported spam-support sites that were entirely hosted on their servers (rather than hosted elsewhere & embedded via frames), their response fell well below the standards of most other large providers I dealt with: their spammer customer disabled the individual URL that was advertised in the spam EMail, while leaving the rest of the obviously-spammy site unchanged - and Namecheap considered that sufficient to resolve the issue. This meant that their customer was free to continue spamming links to other URLs on the same site - and it took Namecheap weeks to do even THAT much, so their spammer customer had probably long-since switched to spamming a different URL since then.

To top it all off, there’s Namecheap’s CEO - Richard Kirkendall… He was quoted in a recent KrebsOnSecurity.com article about new TLDs that are apparently very popular with spammers & scammers (which, unsurprisingly, Namecheap is one of the biggest providers of). He came off as an angrily-defensive child, accusing Krebs of making an “irresponsible assumption” - THEN he jumped into the article’s comments, accusing people who criticized Namecheap of “wild accusations,” and literally referring to anti-spam advocates as “nazis”.

https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/
https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/#comments

Seems like a REAL classy guy!

Linux and Windows web hosting plans start at just $7.95/mo.