Author Topic: SCAM ALERT: Webfusion suspension of domain for abuse and spam email  (Read 1695 times)

0 Members and 1 Guest are viewing this topic.

Offline Anne

  • Administrator
  • Registered
  • *
  • Posts: 165
  • Gender: Female
    • skype:yobunny_enterprises
    • Yobunny
Today in the email we had an alert for a client's domain, claiming it had been suspended for abuse violations, and asking us to download and review the complaints via a link in the email. As are savvy enough to know this is not a legit email, we did no such thing, but we are recording the incident here in case it helps others become aware of this sort of scam! The recipient name and domain name have been edited out of the original received for obvious reasons.

Dear <name removed for privacy>,
The Domain Name <domain removed>.COM have been suspended for violation of the WEBFUSION LIMITED Abuse Policy.
Multiple warnings were sent by WEBFUSION LIMITED Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Please contact us for additional information regarding this notification.
Spam and Abuse Department

The headers of the scam email gives confirmation that this is nothing whatsoever to do with Webfusion! It originates apparently from someone in the Phillipines, and was sent via hostgator and onto our mail server.

Return-path: <>
Envelope-to: <removed for privacy>
Delivery-date: Fri, 06 Nov 2015 13:02:09 +0000
Received: from ([]:42300)       
        (envelope-from <>)
        id 1ZugeZ-002765-Qs
        for <removed for privacy>; Fri, 06 Nov 2015 13:02:09 +0000
Received: from [] (port=25819 helo=jukapav)
        by with esmtpa (Exim 4.85)
        (envelope-from <>)
        id 1ZudV5-000457-P6
        for <removed for privacy>; Fri, 06 Nov 2015 03:40:04 -0600
To: <removed for privacy>
Subject: Domain Name <removed for privacy> have been suspended
Date: Fri, 6 Nov 2015 08:39:42 -0700
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-BWhitelist: no
X-Source-IP: <---- In the Phillipines
X-Exim-ID: 1ZudV5-000457-P6
X-Source-Sender: (jukapav) []:25819

The link in the email goes to a domain ending in .ca and a check brings the information that the site hosts malware in the form of Win32/Injector, so not a good idea to visit the link!

If you do happen to get one of these emails just bin it. Don't click the link, don't respond. It's not genuine!
Anne, Board Admin


SMF spam blocked by CleanTalk