Worthwhile to post about a spammer targeting nonprofits?
I volunteer with several small nonprofits. A few weeks ago, one of them got a spam message from a "volunteer" offering to create a free website for the organization and disclosing a connection to DonorComplete. There was no unsubscribe link. I hit Google, which eventually led me to a thread on TechSoup where I commented with what I had found to that date under the same user name: http://forums.techsoup.org/cs/community/f/24/t/43439.aspx This & other results showed that the "free" website is linked to historically very expensive hosting (historically , ~ $20-$40/mo, now showing about $10/mo) for a static website with very limited support or options.
My research continued intermittently, but there appears to be a network of over 100 domains (active, expired, dormant and/or returning server errors) connected to spam efforts over roughly the last 6 years, questionable marketing tactics dating back to ~ 1998, 4 overlapping corporations with one man as a central figure, several throwaway email addresses and a couple that seem to be dedicated & longer running, a handful of apparently dedicated servers and several shared servers with many connected domains hosted. The messages target nonprofit organizations and churches, with 4 textual variations posted via email, mailing lists, and comments. The first archived comments I found targeted FOSS project mailing lists. Based on the Internet Archive's Wayback Machine, many small nonprofits used their service years ago, but it looks like the spammers' services have been largely abandoned over the last few years - probably why the new campaign started ~ June.
I've filed complaints with two of the registrars, and at least one of the recently active domains appears to be in non-hosted status. Would there be any interest in my posting a thread with the details of what I've found so far (spreadsheets and mind maps in progress)? Would anyone be interested in helping me present the data in a more easily digestible format a la r/dataisbeautiful? Or can anyone recommend an easier way to report the registrant tied to the spam? I'm not trying to start a witch hunt, but these people seem to have flown under the radar for a long time, and I know many small nonprofits aren't tech savvy enough to recognize the warning signs these folks present.
I'm not sure that most of us are in a position to do much about this, but you might mention it to some of the larger fiscal sponsors like the Tides Foundation, as they're in a position to reach many more relevant people than we (likely) are.
Thanks for the response and the good suggestion. I'll try reaching out to the Tides Foundation tomorrow. Might reach out to the EFF for advice, too.
For what it's worth, your comment helped give me a direction with this. I was feeling frustrated, and kind of floundering for what to do. So, seriously, thank you.
Glad to help. I hope you can reach the people who need to know about this.