Perhaps that's why I don't have a nice red (or blue) Ferrari, unlike Mike and Alan, the guys who operate the top-level registry for the .ws (Samoa) domain. Mike and Alan have been featured in a number of articles in various magazines in which their rags-to-riches story is toted as one of the surviving successes of the dot com boom and bust, and their proud faces feature prominently along with their cars on 1.ws - the "first .ws website on the planet" (or elsewhere for that matter).

Unfortunately times must have become a little hard on poor Mike and Alan, leading them to employ desperate measures in order to keep up the payments on those fast cars. J'accuse!

I've been receiving a LOT of SPAM in the last few days relating to registering .ws domains. At first I ignored it - I tend to get the same spam several times because of all the domain names pointing at me, so I'm used to it. However they just wouldn't stop, so I decided I should complain to someone. I looked up the spamvertiser's web site, NetLeads.ws, and found that they were an affiliate of Website.ws which sells the .ws domains, and is operated by our friends Mike and Alan. So I read the affiliate agreement on Website.ws, highlighted the bits that NetLeads.ws were in contravention of, and forwarded all the details to Website.ws asking them to close the affiliate account and withhold all their commissions. Still waiting for a response.

This seemed sensible enough, and when I had a look at the NetLeads home page, which was basically just advertising more SPAM to wannabe spammers, I decided to look a bit more carefully. The domain was registered to a J "Michael" Smith. Another John Smith, but with a touch of "Mike". I contemplated referring this to the registrar on the basis that it had been registered to a false name (most registries seem to have that rule these days and it can result in suspension of the domain name), but for reasons which will become clear I came to a realisation that this was rather pointless. Ironically the .ws registry doesn't give you any more information than the name of the registrant, presumably to prevent spammers from fishing for email addresses and so forth.

When I had a closer look at the contact form on the NetLeads web site I realised it was sending all its content to a CGI script. After I had a look at this I found that directory browsing was enabled for the server - and this basically meant that I could browse around the cgi-bin looking at all the files in it. There were quite a lot of email addresses and bits and pieces floating around, but there was also a directory called "bak" - for "backup", presumably. When I looked in there, I found a copy of the script that the contact form had been sending its variables to, except that it had been renamed with a .bak extension - which basically meant it wouldn't execute, but instead simply download its contents to my browser.

And in there, lo and behold, were the user name, password, host name and database name of the spammer's database. These, incidentally, tied back to a company called ncsdi.net, which the registry reveals is conveniently located just a few doors down from the GDI offices which feature prominently on the my.ws and website.ws web sites.

So we all had a good laugh and logged into the database to have a look. We found 2.5 million email addresses in one table, all associated with a domain and registry which they were most likely scraped from, and 1.5 million addresses in another. Somewhat disturbingly however, in the table that logged all the submitted forms, were the number of "test" entries that had been made by what looked like employees of My.ws / Website.ws, mainly using the names "Alan" and "Mike" and various of their email addresses under the 1.ws, website.ws, ws.ws and of course netleads.ws domains. Also, a lot of these entries seemed to have been logged from the IP address 68.111.128.138.

The purpose of the email address in this database table, judging by the looks of the script, is that you get sent an email when you submit the form. So presumably Mike and Alan had at least received a lot of email pertaining to this rogue affiliate of theirs, and judging by the timestamps in the database, at frequent intervals over the last few months. Presumably they would have done something about it by now, but not wanting to jump to conclusions, I emailed This e-mail address is being protected from spam bots, you need JavaScript enabled to view it in order to try to solicit a reply to see where it came from and whether it tied back to that IP address... nothing as of yet.

We also found a whole bunch of credit card numbers in the database, which is really poor form. Credit card details should never be stored online as a general rule, and if they are then they should be heavily encrypted. Having overcome the urge to delete the database I set down to writing this piece instead.

The real issue here is that Mike and Alan have a whole plethora of statements across their various web sites which ostensibly take a very firm anti-spam position. In contrast, it seems pretty obvious to me that they've used NetLeads as an affiliate of their own program in order to outsource and anonymise their spam requirement. That places them in breach of their own terms of service! Well I'm not afraid to point my finger and yell "hypocritical two-faced liars!"

If the people at the top aren't doing anything to stem the flow of spam, then there can be little hope left for the medium of email. If it were my registry, my policy would allow for the suspension of these domain names. The more such practices are implemented, the more spammers will be forced into realms such as .ws - and that, quite frankly, will make it very simple for the rest of us, because everyone will know that .ws simply isn't worth dealing with.