Send FTD Valentine’s Day Flowers from $19.99 – SPAM

Just in time for Valentines day, FTD Flowers confiscates Cupid’s arrows and instead arms him with endless waves of email Spam.

Mailboxes everywhere are seeing messages like:

Subject:     Send FTD Valentine’s Day Flowers from $19.99
From:     “FTD Exclusive Offer” <info@dns0.ash-falken.de>

These messages typically use actual FTD Artwork, such as:

FTD Valentines Spam

Click for Larger Image

But rather than linking directly to FTD.com, they use hyper-links that first direct you to the spammer’s site, such as:

http://dns0.ash-falken.de/t/c/9277/gi7/jz128338.html

Which then redirects you to:

http://www.ftd.com/30100/catalog/category.epl?index_id=product_mailer&external=1

Similarly, this URL:

http://dns0.ash-falken.de/t/c/9307/opens7/jz26690.html

Redirects to:

http://www.ftd.com/30100/catalog/category.epl?index_id=product_mailer&external=1

Notice that the URLS are mostly similar, and especially the “/ 30100″/ so that is most likely the tracking mechanism allowing the spammer to be credited with any sales generated by the campaign.

This redirecting allows vast spam campaigns to be sent on behalf of FTD.com, but without the spams actually containing a link to their website. This helps FTD generate sales via spamming, but without email filters seeing their domain as doing the sending, or linked within the spam messages themselves.

On the other hand, the end of each URL is differentiated, in the above examples, using “jz128338.html” for one, but jz26690.html” for the other.

These are no doubt unique for each recipient, allowing the spammers to track which recipients have responded to the junk messages.

To make the campaigns even more effective, thousands of domains are used in the attack. In another example, the Subject remains the same, but the domain changes:

Subject:     Send FTD Valentine’s Day Flowers from $19.99
From:     “FTD Exclusive Offer” <jan@superassociation.com>

The hyper-links in this version, first take you to:

http://pac7.superassociation.com/687be7cfd89fc7aa344011bc9e883ef88e3751

Which then, of course, redirects to:

http://www.ftd.com/19476/catalog/category.epl?index_id=product_mailer&noparent_bread=1

Notice here that the spammer’s referral code is now “19476” though this could very well be just one of many different referral codes that pay the same spammer or group of spammers for any sales created.

There are thousands and thousands of these FTD spams coming from domains like:

  • ash-falken.de
  • superassociation.com
  • rugbynewscenter.info
  • peppernmo.com
  • goblingtr.com
  • itmowraw.info
  • bestdrject.com
  • informationcentersite.info
  • tomatoeras.com
  • informationtradehub.info

You can be certain that while most display a linked graphic that claims to unsubscribe you, there’s little doubt that doing so will just result in your receiving more spam from all the other endless domains controlled by these spammers.

FTD Spam Unsubscribe Graphic

Click for Larger Image

While FTD might be doing the spamming directly, they may also be doing so though a direct affiliate relationship or though some third party marketing firm they’ve hired to do their dirty work for them. The latter is most likely the case as that allows companies like FTD to deny they have a “direct relationship” with spammers, even while obviously and very directly benefiting from the spam itself.

While we’ve always noticed a lot of spam complaints from customers regarding aggressive marketing emails from such companies around the various flower-giving holidays, this campaign speaks volumes about what FTD.com thinks of customers, prospects and everyone else on the Internet.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags:

Comments are closed.