Scammer Database

I have reached the end of my rope with Google Apps

Posted in database, scammer by Chief on August 13, 2009

I submitted the complaint below to:,,, and ICANN at



Thank you in advance for reading my complaint.

I have been corresponding with Google Apps Abuse Team for over 2 months regarding abusive domains and sites. The thread below is available for your perusal of the detail. In a nutshell, after the public informs Google Apps of a scammer’s criminal conduct or fraudulent activity on a Google Apps site (domain), the domain continues to be active. Specifically, the DNS MX records are not cleared — indicating that email can continue to flow to and from the criminal’s domain.

The above is in contrast to the procedure in place by all other registrars and web hosts I have encountered in 18 months of scammer site killing activity.  I would invite you to view the last 2 months of my activity at the site: (a safe click)

Please review the DNS MX records of Google Apps – based sites, and compare that to the DNS MX records of any other registrar/host in that database and you will find that Google/Godaddy is operating outside of the language detailed in the ICANN agreement.  What steps are necessary to align Google/Godaddy with the mainstream web registrar / web hosting community?

Specifically, see my notes on the domain detailed at .  Nearly two months have passed since I began reporting abuse. The URL is still active and the DNS MX records are intact and unchanged.

I do not submit this email flippantly. It seems conventional communication has not resulted in any change in Google’s behavior toward criminals contracting to use its services. This letter has been also been submitted to ICANN. I would appreciate a follow-up email regarding the status of this complaint.

Yours truly,

———- discussion thread with Google Apps Abuse Team ———-
From:  me <?????>
Date: Tue, Aug 11, 2009 at 9:00 AM
Subject: Re: [#467383835] best practices for killing scammer sites
To: The Google Apps Team <>


This is a second follow up email requesting the status of the activities regarding the deading of scammers’ domains. Are we on track with the resources and tasks to complete this change by the date of Sept. 21? I am a professional project planner and realize that this type of thing does not happen overnight. I want to make sure the request is still on the radar screen and that resources are assigned to the tasks and that the leadtime for those tasks is being evaluated to complete the project on time.


On Wed, Aug 5, 2009 at 1:35 PM, I <?????> wrote:
> Michael,
> I am following up on your email of July 21 to inquire of the status of the effort to re-implement
> the unfriendly response to criminal users of your services. Are the tasks necessary to achieve
> the object being completed on time so that by September 21 this issue will be resolved?
> Thank you for you time and efforts.
> Fred
> On Tue, Jul 21, 2009 at 12:20 PM, The Google Apps Team <> wrote:
>> Hello ,
>> Thanks for your message.
>> We have been undergoing some changes both within the abuse team and in our
>> abuse processes. I’m very sorry that it appears that the service level
>> you’ve been receiving has fallen. I assure you that we continue to receive
>> and process the reports you send us as quickly as we can get to them, and
>> we’re back to a roughly 24 hour turn-around time now that our new team
>> members are up to speed.
>> I’d like to briefly address the issue you’ve noticed where abusive domains
>> still appear to be active. We take down domains for a variety of reasons,
>> not just abuse. In the non-abuse cases, we’ve found that the user
>> experience of everything “just disappearing” when the domain is suspended
>> is not very friendly.
>> To counteract this, we’ve slightly changed the way we take down accounts.
>> Instead of completely removing all content, the login interface now
>> remains. If a user of the domain tries to log in, they will receive error
>> messaging explaining the problem. Furthermore, the domain administrator
>> can log into the control panel, but still cannot send messages. This
>> allows the non-abusive domains to rectify the problem so that we can
>> reinstate the domain.
>> This is a great change for our non-abusive users, but it leaves something
>> to be desired for the abuse-case. As such, we plan to create distinct ways
>> to remove domains–one for abuse, and one for all other issues. Suspending
>> a domain for abuse will revert to the old behavior you used to see (ie
>> everything is removed). It may take our technical up to two months to
>> complete the engineering work involved to re-implement this behavior, and
>> we appreciate your continued patience and support. Accounts that are
>> currently suspended for abuse will retroactively be changed so that the
>> old behavior will be in place.
>> I hope this explains the changes you’ve seen over the last few weeks.
>> We’re working hard to improve the user experience, but we’re still wholly
>> committed to fighting abuse on our products as well. We sincerely
>> appreciate the help you provide in targeting these malicious users.
>> Sincerely,
>> Michael
>> The Google Apps Team
>> ——
>> Get timely updates on new features in Google Apps by subscribing to our
>> feed at or email alerts at
>> Share best practices & optimization tips and engage with other Google Apps
>> administrators now at
>> Download the Printable Reference Guide at
>> ——
>> Original Message Follows:
>> ————————
>> From: me <??????>
>> Subject: best practices for killing scammer sites
>> Date: Fri, 10 Jul 2009 15:20:10 -0500
>> > Sir/Madame:
>> >
>> > In the parlance, I am a scam site buster. I bait scammers and gain their
>> > confidence in order to obtain the names of their fraudulent domains and
>> > websites. Within minutes of discovering such fraud, I report the
>> criminal
>> > use of the domains to registrars and web hosts.
>> >
>> > I ask you to refer to a documentation link:
>> >
>> > safe click)
>> >
>> > This blog is where I documented every scammer site I found in the past 2
>> > months and how well the registrar and host abated the ill effects of
>> > scammers’s web sites. The post in question documents a site I found on
>> > 9July2009 and reported it to Yahoo (the host and registrar). On
>> 10July2009,
>> > the site/domain were disabled. Attempt to browse to the site
>> > . You will see that it is not
>> reachable.
>> > Do a whois on and you will see that the
>> domain
>> > is no longer registered, and the site does not exist. Poof!
>> >
>> > What you see above is an actual example of how a professional abuse team
>> > works to protect the public from scammers. Every host with whom I come
>> in
>> > contact follows this convention — except Google. Try the two steps
>> above
>> > with the domain — a Godaddy/Google domain/site.
>> >
>> > The domains below are active, and the DNS records are clearly visible. I
>> > have reported the abuses numerous times to both Google and Godaddy and
>> no
>> > action has been taken.
>> >
>> >    1.
>> >    2.
>> >    3.
>> >    4.
>> >    5.
>> >
>> > I have been and will continue to be very persistent. I am not asking
>> Google
>> > and Godaddy to perform extraordinary steps nor miracles; I simply ask
>> that
>> > you protect the public per your agreement with ICANN.
>> >
>> > Please respond with the countermeasures you will be taking to kill the
>> sites
>> > above and how your processes will be improved to facilitate quicker
>> response
>> > to this type abuse.
>> >
>> > Regards,
>> >
>> >

Tagged with: , ,

Comments Off on I have reached the end of my rope with Google Apps