ZISPA powerless to stop spammers using .co.zw domains

Garikai Dzoma Avatar

The Zimbabwean government and its coterie of supporters always like to paint social media as the big bad wolf. Probably because it has been so instrumental in giving the masses a voice against some of their corrupt practices and shined a light on their scandals. They are so distracted that it seems they forgot to counter something so basic. Spam.

BestResponse.co.zw one of Zimbabwe’s leading spammers

One of the victims

Normally I would really avoid naming and shaming a group of people with their hustle, but BestResponse’s hustle involves shameless and deliberate spamming. I have about 5 email addresses that I use and I never signed up to be on their email list yet, all my addresses are somehow on it.

I am not the only one on it either, BestResponse boasts that they have over 100 000 contacts and if my experience and that of countless others is anything to go by, none of the people on that email list had any choice. That is not even the worst part.

Normal email and newsletter lists come with a required unsubscribe button or link somewhere. That is just standard practice if you don’t want to end up on blacklists and your emails ending up in the SPAM folder. Those who run this email list do not allow you to unsubscribe at all. The only way I could stop them in Gmail was to simply block the offending domains.

Unfortunately for me, I do have domains that are not hosted on Gmail but on systems where the email filtering tools are lacking in functionality. For these domains the best you can do is have the emails sent straight to the SPAM folder, unfortunately for me, my host provider gives me a summary of all the emails sent to the folder just in case they mistakenly filtered out something important. So every day I get a summary of all the Spam that BestResponse has sent.

It gets worse

BestResponse uses several domains in their dastardly deeds as domains are their weakest link. I quickly went after their international domains. Everytime they send out their SPAM blasts, I quickly took screenshots, figured out the registrar and send an email to their abuse@registar.tld email. That seemed to work but BestResponse would hop on another new domain.

My intention was to make their lives miserable as they were making mine. I figured, if they kept hopping domains they would eventually remove me from their list. I figured wrong because eventually, they circled back to their .co.zw domain.

This would be easy I thought, I would just fire an email to admin@zispa.org.zw and inform them of the issue. They would figure out what to do including deregistering the domain once I easily proved the domain was registered for the sole purposes of spamming and sending emails to harvested email addresses.

The folks at ZISPA send back a sympathetic response

I am very sympathetic to your complaint, especially as I also manage a separate email service that receives spam of this kind from bestresponse.co.zw and other local domains.

At the moment there is no legal or other agreed basis to delete such domains, much as I would like to. However, there is going to be a DNS policy forum in mid-April at which POTRAZ will be in attendance. This will be one of the many policy issues that I hope to raise there.

One solution will be to update the registry’s Terms and Conditions to make it explicit that we do not allow such behaviour and that wilful offenders will have their domains deleted. That is what I would like to do. However, the offenders will of course then just register a .com domain and carry on as before, unfortunately. Maybe legislative intervention is required. I will also raise that.

Part of the response from ZISPA

That was staggering, SPAM is an old problem that has been mostly solved in other countries. It’s ironic that if BestResponse tries to register a .com domain I would have more recourse than I have if they do their shenanigans using a local domain.

How can we hope to combat fake news when we cannot even solve this simple problem that is as almost as old as email itself?. Our government that is happy to craft repressive Statutory Instruments that serve the interest of those in charge in a heartbeat, surely they can put an end to this nonsense with a stroke of a pen, but again no one has ever accused our government of doing something so selfless. Not in recent years anyway.

Big brand enablers

Like all commercial enterprise, BestResponse’s nefarious activities wouldn’t be possible without money flowing in from some of Zimbabwe’s top brands. Each day I am shocked by just how many leading Zimbabwean brands are willing to partner with them. You have leading security companies, hardware sellers, farm equipment sellers, paint manufacturers and sellers, solar companies and even driving schools.

I have tried to get in touch with the involved companies via WhatsApp and email using some of the details listed in the ads but have gotten zero responses. It’s either my messages are not reaching them or maybe I am just being ignored because the people in charge of these shameful campaigns figure I will go away and they can continue their hustle.

Will someone deliver us from the spammers?

The spamming issue using local domains has been going on for years too. In December of 2015, I received an email from one of my acquaintances at one of Zimbabwe’s Internet Access Providers. They also do a lot of website and email hosting for various companies and individuals in Zimbabwe and used to run the largest free local email service.

We’ve noticed alot of spam originating from local companies who mass mail adverts on behalf of their customers. usually a mail campaign costs around $20 per advert and gets sent to their subscriber list of “53000”.

example of this are axa dot co dot zw, bestresponse dot biz and a few others.

as a mail service provider, we are forced to block mass emails on a per-domain basis to protect our end users. because these mass mailing companies do not understand the bad ethics behind this business, they harvest email addresses in any way possible, then automatically add it to their list without the end-users consent.

What he had to say

For some reason I never covered the issue, shame on me. But months later he reached out again to see whatever progress I had made and with an update of his own.

we have recently come across some mass mailing spammers… and would like to address spamming via a topic on techzim as soon as possible.the perps are the moment mainly are:
info at zw-onlinemarket dot com,

 info at dailyadverts dot info

info at bestresponse dot biz

info at ads dot bestresponse dot biz,
marketing dot bestresponse dot info
Just today alone we’ve gotten about 1200 emails from these guys combined.
Please let me know if you can assist with getting something done, or if possible, allow me to post as a guest author.
thanks,

His update

What this shows is that these domains have been at it for years. What they do is not even a secret at all. They find your email however they can and once they have it in their claws, they are not letting it go. The only way to wriggle out is to block them but even then they will probably find a way to bypass that block again and again.

The only soft spot that I can see so far are the businesses they advertise with. If they stopped providing money to these bandits of the cyberspace it’s hard to see how they will continue to fund their activities. Will businesses deliver us from this evil then?

You should also read

What is a Domain Name System (DNS)?

7 comments

  1. Rachel

    Is this why when I tried to legitimately set up a zw domain for my business emails it was automatically labelled as spam?

  2. Garikai Dzoma

    It cannot be the issue. You need to set up DMARC, SPF and DKIM if you don’t want your emails to end in SPAM. Also avoid sending emails using your own IP which is probably Dynamic instead use Bulk email services such as Elastic Mail, Alibaba and Amazon.
    You can also check why your domain is black listed using various tools online.

    1. Anonymous

      Thank you 🤗

  3. Imi vanhu musadaro

    You can report them to POTRAZ and you may be required to also make a police report. But, once you choose that route, remember that the wheels of justice can take long to turn.

    Fight back! Register with their contact emails and numbers on dodgy sites. 🤣

    1. Garikai Dzoma

      Kkkkkk.

  4. Confused

    “I do have domains that are not hosted on Gmail but on systems where the email filtering tools are lacking in functionality.”

    I fail to technically understand this statement. Elaborate please.

  5. Mrs Dzavo

    I wld like such services, how do I get connected?

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.