August 18, 2004

Spammer, Leave Me Be!

In a way, I'm kind of fortunate. I work for my home town as a developer and webmaster. I write programs to help our employees help citizens, I write webpages to make it easy to get information, and I get to go home at 5pm every night. So far, not exactly a bad thing. I don't get paid as much as I did back at Microsoft, but I get to have a life outside of work, so it balances out.

One of the great features that we added was a comment page so that citizens could leave feedback about how we are doing. We get tons of feedback on a large variety of topics, ranging from the web site to the ban on pets in our city parks.

As a security measure, we track the IP address, reverse DNS lookup, time and date of each piece of feedback. We also use Server.HtmlEncode() when displaying the feedback on our Intranet site and when forwarding the feedback to prevent malicious code from being introduced to our custom-written CMS.

Anyway, on Sunday, we got our first piece of comment spam. (The new site has been up since mid-December, so going eight months without comment spam can be considered a good thing.) They were advertising various drugs for allergies and impotence.

First thing I did was notice that the CMS was reporting:
(From :

Now, I'm in Utah, not in this wasn't a local guy.

Then, I checked the server logs. They showed that the user didn't browse to the page. It was either keyed in directly (unlikely), purchased (more likely) or Googled (most likely).

So, when I went into work on Monday, I sent off a complaint to about the spam. I included a copy of the spam and a copy of my server logs.

Then, I decided to get a little sadistic. I checked all of the domains in the spam, and noticed a trend. All were registered through, and all were registered to the same individual: Damie Mait, 2175 N.W 157 St, Miami, FL 33167.

The fact that the DSL line was coming from the Miami area, as was the domain registration, well, it was too much for me to write off as coincidence. GoDaddy's terms of service specifically forbid the use of comment spam, so I wrote another E-mail to with all of the information included.

Since Monday was my 30th birthday, I felt that acting to rid the world of a spammer would be a good thing. It would have been if BellSouth and GoDaddy had acted. Tuesday evening, the spammer struck again...with the same message, the same IP address and the same fake Hotmail address.

So, I complained again this morning. I'll keep blogging as I find out more, but here is the DNS entry for the company in question.

Registrant: Damie Mait

2175 N.W 157 St
Miami, Florida 33167
United States
Registered through: (
Domain Name: ********.COM (Not giving free advertising here)
Created on: 13-Jan-04
Expires on: 13-Jan-05
Last Updated on: 13-Jan-04
Administrative Contact:
Mait, Damie
2175 N.W 157 St
Miami, Florida 33167
United States
Technical Contact:
Mait, Damie
2175 N.W 157 St
Miami, Florida 33167
United States
Domain servers in listed order:


Anonymous said...

Do you need to allow links in your users comments? That is what the spammers are really going for, the association of their words to their links so that google and kin will pick it up.

Not all community sites need links to be allowed in comments. Take that away and the spammer has no use to spam your site.

Just a thought :)

(Paul Watson from Code Project)

Michael Russell said...

Our comment page posts to an internal site, but only allows plain-text entry. However, legitimate feedback we have received has contained URL's.