Spam from Decipher Inc pretending to be Linode?
Sat, 30 May 2015 01:20:27 -0700 (PDT)
X-Received: by 10.66.231.42 with SMTP id td10mr21794308pac.98.1432974027370;
Sat, 30 May 2015 01:20:27 -0700 (PDT)
Return-Path: <
Received: from apollo.decipherinc.com (apollo.decipherinc.com. [204.13.11.49])
by mx.google.com with ESMTP id uv9si8715042pac.126.2015.05.30.01.20.26
for
Sat, 30 May 2015 01:20:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of
dkim=pass header.i=@decipherinc.com;
dmarc=pass (p=NONE dis=NONE) header.from=decipherinc.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=decipherinc.com; s=main2012;
h=Content-Type:MIME-Version:To:Subject:Message-Id:Date:From; bh=daNEoGjAfZTjBxbklGQGRrqgMbmeseqJVSwK82tl2oU=;
b=a9sMKgEdXcxANgN5AvC/27NHH64g/jx6aPLUdu7NpyzuQfPlBN2Awkruf+MJIU7XBK9vWXMUB51ETCOVxZR4i9kA7cDqv4YYBDFcWe1s0ZDLoDuf30zCooSi5EJuaTTqAc8O3mAftzccjuI9x2chmFTMDJBZyKcqCn8T9LofLCI=;
From: "Decipher Inc" <
Date: Fri, 29 May 2015 13:09:37 -0700
X-Complaints-To:
Message-Id: <
Subject: =?utf-8?q?Pleaseprovidefeedback?=
To: xxxxxxxxxxxxxxx
Precedence: bulk
As a customer of Linode, we'd like you to participate in a short survey. The survey should take no longer than 4 minutes to complete.
To begin the survey, click here.
If you are not able to access the link above, please copy and paste the link below in your web browser.
Data collected in the survey will be kept private and anonymous.
Decipher Research Team
3 Replies
They just say:
> As a customer of Linode, we'd like you to participate in a short survey. The survey should take no longer than 4 minutes to complete.
Are you a customer of Linode? If you are posting here, most likely. So they are accurate to that point.
And they identify themselves as:
> Decipher Research Team
I wouldn't respond to email like that. If Linode were doing a survey, I would expect email to be coming from them and have something on their website to confirm it.
Sorry for any confusion. This email did not come from Linode. It looks like these people scraped WHOIS records and sent out mass spam.
@Dweeber:
Are you a customer of Linode? If you are posting here, most likely. So they are accurate to that point.
Sure, but there is no question that they were attempting to deceive recipients into thinking they were doing this on Linode's behalf.
> I wouldn't respond to email like that. If Linode were doing a survey, I would expect email to be coming from them and have something on their website to confirm it.
Indeed, these look like targeted fishing emails - but some are sure to be caught off guard.
The problem is that the claim "If Linode were doing a survey, I would expect email to be coming from them" doesn't really hold true. It's not uncommon for an organisation to outsource marketing to 3rd parties which technically could have been the case here.
It obviously was not though since they scrapped my email address from whois (it the only place that email address is used) so was obviously not on behalf of Linode. Some might not be lucky enough to have these cues if they use their everyday email for their domains (which could be considered foolish anyway, but still).