dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10374
share rss forum feed


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 recommendation

[Scam] DROA (Domain Registry of America)

I'm not sure how many of you are familiar with this company/organisation -- any of you who own a domain name and publish legitimate WHOIS records probably do -- but for those who aren't, let me explain.

DROA was created some-odd years ago, and began violating the rules of the WHOIS registry: you are not, in any way shape or form, going to use the information in it for shady purposes. The WHOIS disclaimer that's displayed every time you submit a lookup is as follows:

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated
except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile;
or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.


What the DROA does is scrape WHOIS records, and look for domains which are about to expire (within 1-2 months). They then proceed to send you postal mail with a letter formulated in such a way that it makes the reader think they need to put in their VISA # and other information to "make sure their domain doesn't expire!". They do not contact you in any other way (or so I thought -- read on), other than through snail mail.

A picture of one of the automated DROA scams
And another

What this ends up actually doing, assuming someone falls victim to it, is submit a domain transfer request with their current domain registrar in attempt to switch the domain over to the DROA (who themselves use many third-party registrars to do their registrations for them). Basically, it's a shady way to get people to switch their domains over to them, while simultaneously paper-spamming them to death.

The problem is two-fold: ICANN (the guys who "overlook all the domain stuff on the Internet", for lack-of better phrasing) voted in a new rule that states all domain owners _MUST_ have legitimate contact methods shown in their WHOIS records. That is, the owner of the domain must put a legitimate address and telephone number in their WHOIS records. I used to do this, and was totally cool with it, until I started getting snail mail from the DROA for every domain I own (about 10-15 domains).

The DROA has quite a history of being scammers, including court rulings (in the US and in Europe) stating they must cease what they do. They haven't ceased, which forces domain owners to violate ICANNs policies -- thus putting false information in their domain names. Sticky situation, isn't it?

Here's some legal history:

Court Bars Canadian Company from Misleading Consumers in Marketing of Internet Domain Name Services
COMPETITION BUREAU OF CANADA LAYS CHARGES AGAINST INTERNET REGISTRY OF CANADA
Register.com v. Domain Registry of Canada

And peoples' stories about this shady company:

DROA wants my domains
DROA gets religion
EasyDNS's statement about the DROA
ITVibe gets one of DROA's scams (look at user comments + dates)

As far as I know, the DROA is still doing this today. I received another one of their letters for a domain I registered (and forgot to falsify the records) many months back. This story is about that domain.

For all of my domains, I set the contact name as the proper individual or company... but the address I set to that of the DROA. I've done this for years, in hopes that the DROA will automatically process the record and attempt to send a domain scam *to themselves* via postal mail:

 Administrative Contact:
{hostmaster domain record address}
2316 Delaware Avenue, Suite 266
Buffalo, NY 14216-2687
US
+1.8664340212

It looks like it finally worked.

Today, I received an Email from someone calling himself "Peter Kuryliw". "Peter" had the following to say:

To: {an email address on the domain's website}
From: Peter Kuryliw <peter@kuryliw.com>
Date: Thu, 21 Sep 2006 14:45:28 -0400
Cc: {hostmaster domain record address}
Subject: address
X-Mailer: Microsoft Office Outlook 11

Hello

When a WHOIS is done on your domain name {domain} the address listed is

http://registerfly.com/whois/

2316 Delaware Avenue, Suite 266
Buffalo, NY 14216-2687
US

that is my address.

cud you please advise how my address is attached to you domain name?

who did your registration?

you are not the first and I would like to try and get to the bottom of this

thank you .

There is only one Email address on that domain's website, and it isn't formatted in a way that a harvesting application would find it (there's not a single at symbol anywhere, nor any "nospam" phrasing, etc. etc...). So, someone found this address and put it into their mail client manually. So far, we've only gotten *one* mail for one of our many domains, so the person singled out this domain for some reason -- probably because it's the most recent one they tried to scam. ;-)

Mail headers of that mail show it did indeed originate from the DROA:

Received: from rsi-pop.droa.com (rsi-pop.droa.com [209.167.25.64])
by {ourmailserver} (Postfix) with ESMTP id X
for <{hostmasteraddress}>; Thu, 21 Sep 2006 11:45:39 -0700 (PDT)
Received: from rsic01934fbd02 [10.10.25.188] by rsi-pop.droa.com with ESMTP
(SMTPD32-8.05) id X; Thu, 21 Sep 2006 14:42:57 -0400

So... all of that said -- who wants to take a shot at tracking this jackass down? I know this forum has some guys who're incredibly good at tracking scammers down, so here's your chance to track one down who's existed for years, had FTC rulings against him, yet still continues to do his dirty deeds.

--
Making life hard for others since 1977.


jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK
kudos:2
Reviews:
·AT&T Southwest

I got a faxed "subscription renewal" form from them, or a quite similar outfit, yesterday. I dumped it so cannot check the firm name but it was very close to the DROA. I've also gotten a couple of snail mails from them, which of course went into the shredder...


MGD
Premium,MVM
join:2002-07-31
kudos:9

1 edit
reply to koitsu

said by koitsu:

....
Today, I received an Email from someone calling himself "Peter Kuryliw". .........

Mail headers of that mail show it did indeed originate from the DROA:..................

So... all of that said -- who wants to take a shot at tracking this jackass down?
Yes "Kuryliw" is indeed another of the career criminals associated with DROA, which operates from Markham, Ontario, and is led by Daniel Klemann.

Peter Kuryliw is also no stranger to Canadian authorities:

quote:
Director of Yellowbusiness.ca pleads guilty to deceiving Canadian businesses:

OTTAWA, May 28, 2002 – Peter Kuryliw, the sole Director of 1473253 Ontario Incorporated, operating as Yellowbusiness.ca, pleaded guilty today to targeting over 40,000 business and non-profit organizations with a deceptive mailout for an Internet directory. The guilty plea results from an investigation by the Competition Bureau into Mr. Kuryliw and several other parties under the misleading representations provisions of the Competition Act. The investigation into the other parties is ongoing.

The mailout, dated May 25, 2001, asked recipients to send a payment to a postal box in the Toronto area for an Internet business directory that listed the details of their organizations. Bureau investigators found the mailings were made to appear as invoices from an existing service provider, such as Bell Canada or the Yellow Pages, requiring recipients to pay $85.55 when in fact they weren't customers.

The investigation in this case included the seizure by the Bureau and by Canada Post of mail containing an estimated $700,000 in payments for the fraudulently deceptive mail pieces.

"These invoices duped companies into believing they were customers of a service they never purchased when in fact the mailout was simply a business solicitation," said Raymond Pierce, Deputy Commissioner, Fair Business Practices Branch. "Deceptive practices of this nature will be vigorously pursued by the Bureau."

Mr. Kuryliw and 1473253 Ontario Incorporated were both charged in May 2001 with one count of making a false or misleading representation. Today, Mr. Kuryliw pleaded guilty in the Ontario Court of Justice – Toronto District and was fined $30,000. He was given 90 days to pay the fine and to dissolve 1473253 Ontario Incorporated.

Kuryliw can be tied to the DROA scammer Daniel Klemann by way of his Yellowbusiness.ca partner "James Tetaka"

quote:
Competition Bureau investigation results in sentencing for phoney invoice scam

OTTAWA, May 21, 2004 - A Toronto-area man was sentenced to a $60,000 fine and a prohibition order today for his role in the Yellowbusiness.ca phoney invoice scam. Mr. James Tetaka was sentenced as a result of a Competition Bureau investigation under the false or misleading representations provisions of the Competition Act into 1473253 Ontario Incorporated, operating as Yellowbusiness.ca. Peter Kuryliw, also of the Toronto area, was previously fined $30,000 for his role in the scam which targeted over 40,000 Canadian businesses and non-profit organizations with a deceptive mailout for an Internet directory.

The mailout, dated May 25, 2001, asked recipients to send a payment to a postal box in the Toronto area for an Internet business directory that listed the details of their organizations. Bureau investigators found the mailings were made to appear as invoices from an existing service provider, such as Bell Canada or the Yellow Pages, requiring recipients to pay $85.55 when in fact they weren't customers.

As part of the investigation, the Bureau and Canada Post seized mail containing an estimated $700,000 in payments for the fraudulently deceptive mail pieces.

The Bureau's investigation revealed that the 40,000 businesses and non-profit organizations targeted in this scam were previously victimized for similar mail-outs in the year 2000. Victor Serfaty and the Benlolo brothers, Alan, Elliot and Simon, were recently convicted in Toronto after a five-week jury trial in April 2004, for their roles in the earlier scam for the Internet directories, Yellow Business Pages.com and Yellow Business Directory.com. Sentencing in this matter is scheduled for July 2004.

"These invoices duped companies into believing they were customers of a service they never purchased," said Raymond Pierce, Deputy Commissioner, Competition Bureau. "The investigations and sentences in these matters show that the Bureau will vigorously pursue perpetrators of deceptive mail scams that target consumers and businesses in Canada."

The Bureau appreciates the assistance it received during the investigation from Canada Post and the Toronto and Peel Regional Police services.

Consumers who suspect they have been a victim of deceptive marketing practices are encouraged to contact the Bureau's Information Centre at 1-800-348-5358, or PhoneBusters' National Call Centre at 1-888-495-8501.
James Tetaka and DROA's ringleader Daniel Klemann were charged together by Canadian authorities in 2002

quote:
Date: 2002-10-28
Event: Charges
Court: Ontario Court of Justice
Court File #: 11426
Accused - Company: Internet Registry of Canada
Accused - Individuals: James Tetaka and Daniel Klemann
Provision(s): 52 (1) of the Competition Act - False or misleading representations
Products or services: Internet domain name registrations

Summary: On October 28, 2002, charges were laid against the Internet Registry of Canada and its principals for allegedly making false or misleading representations in promoting domain name registration services.

The Competition Bureau alleges the company marketed its services by sending mail solicitations that appeared to be invoices sent of behalf of the Government of Canada or an officially sanctioned agency registering domain names in Canada, to individuals and organisations whose domain names were about to expire.

The mailings allegedly gave the impression that domain name holders were existing customers of, and had to re-register their domain names with, the Internet Registry of Canada. Neither of these elements were true.

Charged along with the company were James Tetaka and Daniel Klemann. Mr. Tetaka was recently charged with respect to another matter, Yellowbusiness.ca., which was also charged under the Competition Act with respect to allegedly deceptive mail solicitations.

"These charges reflect the Bureau's ongoing efforts to ensure that Canadian consumers are protected from deceptive marketing practices," said Raymond Pierce, Deputy Commissioner, Fair Business Practices Branch. "We will continue to thoroughly investigate such cases, particularly where the individuals responsible move from one deceptive practice to another."

The result of Klemann's portion of the case case was:
quote:
Internet Registry of Canada
In June 2004, Daniel Klemann was fined $40 000 and made subject to a five-year prohibition order for making misleading representations through his company, Internet Registry of Canada (IROC). More than 73 000 businesses and non-profit organizations received deceptive mail informing them that their Internet domain name registration was about to expire and offering several renewal options. The letter was designed to mislead recipients into believing they were existing IROC customers and gave the impression that IROC was the Government of Canada agency in charge of Internet domain name registration.
Why this whole group are not in jail is beyond me. It also appears that Klemann may be violating his 2003 stipulated agreement with the FTC: »www.ftc.gov/os/2003/12/031219sti···nreg.pdf

DROA appears to be operating under multiple names and seems to have spread out to the EU.

Why is ENOM still "partnering" with these criminals ???

IMO these individuals are criminals and clearly have a long history of scamming consumers, first in Canada, then the US, and now they have spread to the EU.

Thank you for bringing it to our attention.

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9
reply to koitsu

An April 2006 posting on webhostingtalk.com gives a list of their current names:

www.droa.com
www.droc.ca
www.namejuice.com
www.registrationservicesinc.com

and the addresses and contacts: »www.webhostingtalk.com/showthrea···d=501684

MGD



E_V
Premium
join:2000-09-29
Vancouver, BC
kudos:5
reply to koitsu

Well documented here also:

* The letter I received has a UK address: 56 Gloucester Rd, Suite 526, SW7 4UB London. This happens to be the same address as Mail Boxes Etc, so it’s probably just a mail box.
* The letter was shipped from “Jamaica, NY”, which seems to be the USPS post office in John F Kennedy Airport. The address on the DRoA site says “2316 Delaware Avenue #266 - Buffalo, New York”, which apparently is again a “Mail Boxes Etc” location.
* A legal document of the Federal Trade Commission (Dec 2003) places them in Ontario, Canada. I found a “PO Box 4577, Markham, Ontario, L3R 5M7 address on their Canadian site. Again no ‘real’ address.
* A search in Canada’s WHOIS comes up with: droc.ca was registered in Aug 2001 by a Mr Pearl Bitton. A search in Canada’s 411 phone directory gives us one Mr. P. Bitton in Thornhill, Ontario - about 15km away from Markham. I can’t be sure it’s him, of course.
* The FTC final judgment of Dec 2003 mentions a Daniel Klemann, President of DRoA. Mr Klemann must be seing a lot of court rooms, because he was already convicted in Canada in June 2002. So this man has been told twice by a judge that he should stop his practices, but still continues. What a hero. There is a D. Klemann living in Markham and in Toronto.
* His partner in crime, James Tetaka, equally popular in courtrooms, was convicted for similar facts in May of 2004 and described as a Toronto-area man.
* The company under which they operated is “1473253 Ontario Inc”, which is run by Peter Kuryliw, also from Toronto.
* So they first ran a scam as Yellowbusiness.ca, then as Internet Registry of Canada (IRC), and now they are basically active all over the world. Global scumbags.
»blog.forret.com/tag/droa/

Mail drop in Buffalo/NY
BBB Report 9/22/2006
»search.buffalo.bbb.org/nis/newse···17000531

Very disappointing:
»www.ftc.gov/os/2003/12/031219sti···nreg.pdf

Perhaps by cranking up the heat court rulings will be a little less lenient in the near future.