Which Sebastian Foss is a spammer?

Obviously pissed by my post Fraud from the desk of Sebastian Foss, Sebastian Foss sent this email to Smart-IT-Consulting.com:

Remove your insults from your blog about my products and sites... as you may know promote-biz.net is not registered to my name or my company.. just look it up in some whois service. This is some spammer who took my software and is now selling it on his spammer websites. Im only selling my programs under their original .com domains and you did not receive any email from me since im only using doube-optin lists.

You may not know it - but insulting persons and spreading lies is under penalty.

Sebastian Foss
Sebastian Foss e-trinity Marketing Inc.
sebastian@etrinity-mail.com

Well, that's my personal blog, and I've a professional opinion about the software Sebastian Foss sells, more on that later. It's public knowledge that spammers do register domains under several entities to obfuscate their activities. I'm not a fed, and I'm not willing to track down each and every multiple respectively virtual personality of a spammer, so I admit that there's at least a slight possibility that the Sebastian Foss spamming my inbox from promote-biz.net is not the Sebastian Foss who wrote and sells the software promoted by the email spammer Sebastian Foss. Since I still receive email spam from the desk of Sebastian Foss at promote-biz.net, I think there's no doubt that this Sebastian Foss is a spammer. Well, Sebastian Foss himself calls him a spammer, and so do I. Confused? So am I. I'll update my other post to reflect that.

Now that we've covered the legal stuff, lets look at the software from the desk of Sebastian Foss.

• Blog Blaster claims to submit "ads" to 2,000,000 sites. Translation: Blog Blaster automatically submits promotional comments to 2 million blogs. The common description of this kind of "advertising" is comment spam.
  Sebastian Foss tells us that "Blog Blaster will automatically create thousands of links to your website - which will rank your website in a top 10 position!". The common description of this link building technique is link spam.
  The sales pitch signed by Sebastian Foss explains "I used it [Blog Blaster] to promote my other website called ezinebroadcast.com and Blog Blaster produced thousands of links to ezinebroadcast.com - resulting in a #1 position in Google for the term "ezine advertising service". So I understand that Sebastian Foss admits that he is a comment spammer and a link spammer.
  I'd like to see the written permissions of 2,000,000 bloggers allowing Sebastian Foss and his customers to spam their blogs: "Advertising using Blog Blaster is 100% SPAM FREE advertising! You will never be accused of spamming. Your ads are submitted to blogs whose owners have agreed to receive your ads." Laughable, and obviously a lie. Did Sebastian Foss remember that "spreading lies is under penalty"? Take care, Sebastian Foss!


• Feed Blaster with a very similar sales pitch aims to create the term feed spam. Also, it seems that FeedBlaster™ is a registered trademark of DigitalGrit Inc. And I don't think that Microsoft, Sun and IBM are happy to spot their logos on Sebastian Foss' site e-trinity Internetmarketing GmbH


• The Money License System aka Google Cash Machine seems to slip through a legal loophole. May be it's not explicit illegal to sell software build to to trick Google Adwords respectively AdSense or ClickBank, but using it will result in account terminations and AFAIK legal actions too.


• Instant Booster claims to spam search engines, and it does, according to many reports. The common term applied to those techniques is web spam.

All these domains (and there are countless more sites selling similar scams from the desk of Sebastian Foss) are registered by Sebastian Foss respectively his companies e-trinity Internetmarketing GmbH or e-trinity Marketing Inc.

He's in the business of newsgroup spam, search engine spam, comment spam ... probably there's no target left out. Searching for Sebastian Foss scam and similar search terms leads to tons of rip-off reports.

He's even too lazy to rephrase his sales pitches, click a few of the links provided above, then search for quoted phrases you saw on every sales pitch to get the big picture. All that may be legal in Germany, I couldn't care less, but it's not legit. Creating and selling software for the sole purpose of spamming makes the software vendor a spammer. And he's proud of it. He openly admits that he uses his software to spam blogs, search engines, newsgroups and whatever. He may make use of affiliates and virtual entities who send out the email spam, perhaps he got screwed by a chinese copycat selling his software via email spam, but is that relevant when the product itself is spammy?

What do you think, is every instance of Sebastian Foss a spammer? Feel free to vote in the comments.


Update 08/01/2007 Here is the next email from the desk of Sebastian Foss:

Hi,
thanks for the changes on your blog entry - however like i mentioned if you look up the domains which were advertised in the spam mails you will notice that they are not registered to me or my company. You can also see that visiting the sites you will see some guy took my products and is selling them for a lower price on his own websites where he is also copying all of my graphic files. The german police told me that they are receiving spam from your forms and that it goes directly to their trash... however please remove your entries about me from your blog - There is no sense in me selling my own products for a lower price on some cheap, stolen websites - if that would make sense then why do i have my own .com domains for my products ? I just want to make clear that im not sending out any spam mails - please get back to me.

Thanks,
Sebastian

Sebastian Foss
e-trinity Internetmarketing GmbH
sebastian@etrinity-mail.com

It deserves just a short reply:

It makes perfect sense to have an offshore clone in China selling the same outdated and pretty much questionable stuff a little cheaper. This clone can do that because first there's next to no costs like taxes and so on, and second he does it per spamming my inbox on a daily base, hence probably he sells a lot of the 'borrowed' stuff. Whether or not the multiple Sebastian Fosses are the same natural person is not my problem. I claim nothing but leave it up to you dear reader's speculation, common sense, and probability calculation.

Stumble It!

Post it to del.icio.us

Fraud from the desk of Sebastian Foss

Frequently I receive emails from very angry people complaining about various "SEO tools" and "Money Making Software" delivered from the desk of Sebastian Foss (AdBlaster, Instant Booster, eZine blaster, Blog Blaster, Feed Blaster, Newsgroup Blaster, eBay Cash Machine, Doorway Page Generator, Google Cash Machine, and countless more scams), which got their sites banned or which just didn't work as promised, asking for a refund and demanding compensation. I'm sick of replying to all these emails to set the records straight, so here is the guy's address:

e-trinity Internetmarketing Ltd.
Sebastian Foss
Böhler Str.14
Lindlar, 51789, North Rhine-Westphalia
Germany [map]
Phone: +49 2266 478 230
Fax: +49 2266 478 197
email: sebastian@etrinity-mail.com

I suffer from his fraudulent and spammy activities too. I find his URLs in my referrer stats, I receive his email spam from the desk of Sebastian Foss, and people get mad on me because they assume I'm him just because I blog about SEO and Internet marketing.

Here is the last email spam I got from Sebastian Foss¹⁾ at promote-biz.net:Can you afford to lose 300,000 potential customers per year ? How would You like to divert 1000s of fresh, new visitors daily to Your web site or affiliate web site from Google, Yahoo, MSN and others At $0 cost to you...? Never seen before! Brand new for 2007! If you don't try this incredible software, you are just plain off your rocker. ...iNSTANT BOOSTER diverts 1000s of fresh, new visitors daily to Your web site or affiliate web site from Google, Yahoo, MSN and others at $0 cost to you! ...No matter what you are selling or offering -INTSANT BOOSTER will pull in hordes of potential customers to your website - instantly! ...Automatically Get 1000's of other High Ranking web sites eagerly linking to your web site no questions asked. ...your web site will quickly achieve Ultra High Link Popularity on the Major Search Engines ...you'll get 1000's of Highly Targeted visitors to your web site or affiliate web site overnight For full details please read the attached .html fileAnd here's the attached HTML file:<html> <head> <title>Loading page...</title> <meta http-equiv="refresh" content="2;URL=http://www.promote-biz.net/mg/instantbooster/"> <script><br />url='http://www.promote-biz.net/mg/instantbooster/'; if(document.images) { top.location.replace(url); } else { top.location.href=http://www.promote-biz.net/mg/instantbooster/; } </script><br /></head> <body>Loading <a href=http://www.promote-biz.net/mg/instantbooster/>page</a>... </body> </html>A smart investigator can should be capable to assign this URL on promote-biz.net to e-trinity Internetmarketing Ltd., Sebastian Foss' company in Lindlar, Germany.

If you're sick of spam and scams from the desk of Sebastian Foss too, then turn him in. Last time I looked, sending out email spam is a crime in Germany. In case the spam report form below (courtesy of the german cops) doesn't work, here you go: Police Lindlar, Germany.
SPAM REPORT (yellow background = mandatory)

Your coordinates:

Surname:
Birth name:
First name:
Date of birth:
Place of birth:
Sex: femalemale
Street address:
Zip code:
City:
Phone#:
Mobile phone#:
eMail:

What to report?

Type or source of fraud:
Web site, forum, blog...
Usenet group
Chat room
Mail list
Spam email (UCE)
Other

Provide internet address (URL), IP address, channel, email-ID (email header), and other information useful to track down the issue:

Copy+paste the complete email headerDate:
Time:

Details (mandatory!)

Sebastian Foss sent me this email spam: [copy + paste the text of the email and mention attachments]

Witnesses (if any, provide names and addresses)

Perpetrator and site of crime:

Unknown:
International
Germany
Perp name:
Perp address:

Here's a tiny sample of domains related to or operated by Sebastian Foss, according to Rip Off Report "[one of] the biggest scam artist[s] on the Internet":
10-thousand-dollars.biz 101-website-traffic.com 2click.com auction-machine.com automatedriches.com automatic-mailer.com blog-blast.com blog-blaster.com cashcreation.com clickedcash.com dollarbuddy.biz etrinity.com feed-blast.com free-traffic-handbook.com hit-booster.com hitworkz.com income-builder.com income-machine.com incomeuniversity.com instant-booster.com megapromoter.com megawealthpackage.com minuteprofits.com money-license.com moneybank.com plugin-income.com press-blast.com promote-biz.net promotionpalace.com sebastianfoss.com seo-secret.com submit-it-easy.com ...

It doesn't hurt to link to this post with "Sebastian Foss" in the anchor text ;)

Update: I received a threat from Sebastian Foss, so I've edited this post (look for original text followed by changes). I'm not 100% certain which instance of "Sebastian Foss" sends out the email spam, but all known instances of Sebastian Foss are obviously spammers. More Information on the spammer Sebastian Foss and his clones respectively multiple/virtual personalities.

Stumble It!

Post it to del.icio.us

No search, more fun: Netscape spamming Google

Google dislikes crawlable SERPs. But Google still indexes huge chunks of SERPs, and to make it worse, these disliked URLs sometimes rank above other useless webspam from Amazon, Ebay, and cohorts on the very first search result page.

For example Netscape is still flooding Google's search index with crap as per the quality guidelines, which clearly state:

Use robots.txt to prevent crawling of search results pages [...] that don't add much value for users coming from search engines.

Netscape.com lacks a robots.txt, but how many patterns does it need to identify these pages as SERPs? Next search.netscape.com has a robots.txt, but it lacks a Disallow: / directive, respectively Disallow's of all their scripts generating search results.

Is it that simple to get gazillions of useless autogenerated pages ranking at Google? Indeed. Following the Netscape precedent every assclown out there can buy a SE-script, can crawl the Web for a bunch of niche keywords, and will earn free Google traffic just because he has "forgotten" to upload a proper robots.txt file and Google isn't capable of detecting SERPs. I mean when they don't run a few tests with Netscape-SERPs, where's the point of an unenforced no-crawlable-SERPs policy?

I just found another interesting snippet in Google's quality guidelines:

If a site doesn't meet our quality guidelines, it may be blocked from the index.

I certainly will not miss 1,360,000 URLs from a spamming site ;)

Stumble It!

Post it to del.icio.us

When your referrer stats turn into a porn TGP

When you wonder why your top referrers are porn galleries, make-you-rich-in-a-second scams and other pages which don't carry your link but try to sell you something, read further.

Referrer spamming is done by bots requesting pages from your site, leaving a bogus HTTP_REFERER. These spam bots come from various IPs, change their user agents on the fly, and use other sneaky techniques to slip thru spam protection. Some of them are somewhat clever by adjusting the number of bogus requests to your site by your Alexa stats to ensure their "visits" do appear on limited realtime referrer lists and other stats by referrer. Some of them even suck the whole pages from your server, and a few even follow redirects.

So what can you do? Not much. You can't really get rid of these log entries, because the logs are written before your spam protection handles those requests. But you can reduce the waste of bandwidth and server resources. If you redirect these requests, your server sends only a header, but not the contents. Here is a way to accomplish that:

First of all, extract the bogus referrers from your logs or stats pages, and save them in a plain text file:http://www.promote-biz.net/mg/main/google/ http://ww2.fuckherthroat.wildpass.com/track/MTAxNzEyOjM6Mw/ http://galleries.collegefuckfest.com/00100077-02-02/combo/34/index.php http://galleries.allinternal.com/dora/03/m2/567483/2/9/n/rfsm.html http://www.mature-lessons.com/wm1361/index.html http://galleries.asstraffic.com/alyssa/03/m2/567483/1/9/n/rfsm.html
Change this to a list of domains, truncating subdomains like "www" or "galleries", and add .htaccess code:

SetEnvIf Referer \.collegefuckfest\.com GoFuckYourself=1
SetEnvIf Referer \.asstraffic\.com GoFuckYourself=1
SetEnvIf Referer \.allinternal\.com GoFuckYourself=1
SetEnvIf Referer \.mature-lessons\.com GoFuckYourself=1
SetEnvIf Referer \.wildpass\.com GoFuckYourself=1
SetEnvIf Referer \.promote-biz\.net GoFuckYourself=1

This code will create an environment variable "GoFuckYourself" with the value "1". Following statements can now work with these marked requests:

RewriteCond %{ENV:GoFuckYourself} 1 [NC]
RewriteRule /* %{HTTP_REFERER} [R=301,L]

This redirects the request to its referrer, so if the bogus bot follows redirects, it will request a page from the spammer's domain. Of course you can redirect to a static URL too:
RewriteRule /* http://www.example.com/gofuckyourself [R=301,L]

You could also use the environment variable in deny statements
order allow,deny
allow from all
deny from env=GoFuckYourself
but that will serve a complete page, and may produce an infinite loop. Deny as well as the similar RewriteRule .* - [F] enforce a 403-Forbidden. Then if you've an ErrorDocument 403 /getthefuckouttahere.html directive, the request of the error page runs into the 403 itself - this process calls itself over and over until it gets terminated after 20 or so loops.

Stumble It!

Post it to del.icio.us

German spammers banning all domains out there

If you receive an email in german language from Google's Search Quality team (donotreply@gmail.com) telling your site was banned by Google for 30 days please don't worry. That's faked. Legit (similar phrased) emails must come from a google.com email address. If the hoax-email comes with an attachment, don't save or open the attached file (zipped google_webmastertools.exe)!

Here is the email:
Entfernung Ihrer Webseite [domain] aus dem Google IndexSehr geehrter Seiteninhaber oder Webmaster der Domain www.smart-it-consulting.com, bei der Indexierung Ihrer Webseiten mussten wir feststellen, dass auf Ihrer Seite Techniken angewendet werden, die gegen unsere Richtlinien verstossen. Sie finden diese Richtlinien unter folgender Webadresse: http://www.google.de/webmasters/guidelines.html Um die Qualitaet unserer Suchmaschine sicherzustellen, haben wir bestimmte Webseiten zeitlich befristet aus unseren Suchergebnissen entfernt. Zurzeit sind Seiten von www.smart-it-consulting.com fuer eine Entfernung ueber einen Zeitraum von wenigstens 30 Tagen vorgesehen. Wir haben auf Ihren Seiten insbesondere die Verwendung folgender Techniken festgestellt: *Seiten wie z. B. smart-it-consulting.com, die zu Seiten wie z. B. http://www.smart-it-consulting.com/index.htm mit Hilfe eines Redirects weiterleiten, der nicht mit unseren Richtlinien konform ist. Gerne wollen wir Ihre Seiten in unserem Index behalten. Wenn Sie wollen,, dass Ihre Seiten wieder von uns akzeptiert werden, korrigieren oder entfernen Sie bitte alle Seiten, die gegen unsere Richtlinien verstossen. Wenn dies erfolgt ist, besuchen Sie bitte die folgende Webadresse, um weitere Informationen zu erhalten und einen Antrag auf Wiederaufnahme in unseren Suchindex zu stellen: https://www.google.com/webmasters/sitemaps/reinclusion?hl=de Anbei erhalten Sie ein Google Webmastertool um Ihre Seite erneut zu indexieren. Google Search Quality Team
The email looks pretty authentic, its style and wording are somewhat Google-ish. I speak German, hence I'm sure that gazillions of innocent Webmasters and site owners buy it and panic. Unfortunately most filters let the zipped attachment (google_webmastertools.exe) pass thru. I didn't open it myself and I bet it's not a bright idea to try it.

Google told me that Stefanie from the real Search Quality team over in Dublin will soon post a warning on the german blog.

Here is an original penalty warning in german language:
Entfernung Ihrer Webseite aus dem Google IndexSehr geehrter Seiteninhaber oder Webmaster der Domain [URL removed], während der Indexierung Ihrer Webseiten mussten wir feststellen, dass auf Ihrer Seite Techniken angewendet werden, die gegen unsere Richtlinien für Webmaster verstoßen. Sie können diese Richtlinien unter folgender Webadresse finden: http://www.google.de/webmasters/guidelines.html Um die Qualität unserer Suchmaschine sicherzustellen, haben wir bestimmte Webseiten zeitlich befristet aus unseren Suchergebnissen entfernt. Zurzeit sind Seiten von [removed] für eine Entfernung über einen Zeitraum von wenigstens 30 Tagen vorgesehen. Wir haben auf Ihren Seiten insbesondere die Verwendung folgender Techniken festgestellt: * verborgener Text auf [removed], z. B. auf [removed] Gerne würden wir Ihre Seiten in unserem Index behalten. Wenn Sie wünschen, dass Ihre Seiten wieder von uns berücksichtigt werden, korrigieren oder entfernen Sie bitte alle Seiten, die gegen unsere Richtlinien für Webmaster verstoßen. Wenn dies erfolgt ist, besuchen Sie bitte die folgende Webadresse, um weitere Informationen zu erhalten und einen Antrag auf Wiederaufnahme in unseren Suchindex zu stellen: https://www.google.com/webmasters/sitemaps/reinclusion?hl=de Mit freundlichen Grüßen Google Search Quality Team [NO attachment, sent from donotreply@google.com]These emails are sent from donotreply@google.com without attachments.

Update 05/10/2007: Here is Google's official statement (in german language) and the english version by Vanessa. The attached .exe is a joke, it executes cmd.exe c\:clear complete harddisc (Hoax.BAT.Small.a).

Update 05/11/2007: Because these emails are easy to mistake for authentic ones from the Search Quality team, Google temporarily discontinued sending them as they work on ways to provide more secure communication mechanisms. This update reads as if Google has stopped to send out penalty notification emails in all languages: "... as we've temporarily stopped sending emails about guidelines violations, you can safely assume that any email you receive isn't from us. Note that we do provide information about some violations in webmaster tools.".

Update 06/19/2007: German forums and blogs report another flood of these faked emails, and this post got tons of visits from searches for quotes from the email quoted above. Calm down, don't panic: Google still doesn't send out penalty notifications via email (in Deutsch). So please ignore the spam and refer to the diagnostics tab in your Webmaster Central account when you assume a penalty.

Update 07/18/2007: Google released the message center where site owners can poll for penalty notifications. They are still working on a safe solution for emails. Probably '-950/-30/-n penalties' won't get announced any time soon.

Stumble It!

Post it to del.icio.us