Yesterday, I learned that GoDaddy released personally identifiable information about me to a spammer troll. You see, it all started way back in August of 2012 when I got a dodgy-looking email from someone I didn’t recognize that said only “Transcendental Argument for the existence of God (17:36)” and a link to a website that I did not click on for fear it would download all sorts of creepy crawlies on my computer. The email went to me and a bunch of other people I do not know whose names also start with “J.”
In other words, it was quintessential spam.
I noticed that the email address it came from as well as the link went to a GoDaddy registered domain. I figured I should report it, so I forwarded the email along with headers to GoDaddy’s abuse department. I then immediately forgot about it because I can only worry about a piece of spam for so long.
Yesterday, over two years after the original spam incident, I began to get emails from friends of mine forwarding a piece of creepy-looking spam they received that contained my name. All emails said the following:
if you go to:
<website redacted>
4/14/14
you can read a 1-page word.doc
featuring Jamie Bernstein of Skepchick.
neither her name, nor your organization’s name
appear anywhere in the story … only Jamie’s picture
Clicking the link brought me to the same late-90s-geocities-reminiscent Skeptic website that almost three years ago I thought was going to give my computer a bunch of sketchy viruses. There at the top of the page was a photo of me with the following:
Clicking the photo downloads a Word document, the title of which contains my full first and last name.
The document then says that in 2012, he sent an email to “hundreds of atheists” with a link to his website and that I had reported him for violating GoDaddy’s policies against spam. He was supposed to pay a $200 fine or risk the suspension of his domain. Instead, he argued with GoDaddy’s customer service until they agreed to waive the fine as long as he promised never to send spam again.
He ended the document with the following:
When I was threatened on my talk show by neo-Nazis (“I’m going to kill you and your family”), I didn’t “run to mommy” and try to get them in trouble—I handled it myself, like a grown-up. Compare my response to physical threats to the complainer’s response to merely watching a video about science/religion.
This person needs to grow up. But more importantly, this person needs to make some serious adjustments to their moral code.
(an anger management class wouldn’t be such a bad idea either)
In other words, he sent out a spam email that clearly violated the rules of his server. Then, he turned around and retaliated against the person who reported him.
Except there is a missing step here. You see, he would never have been able to retaliate had he not known who had reported him. The email in question went to a lot of people and there was no way for him to have known that I was the one who reported the email if GoDaddy had not released personally identifiable information about me to my spammer.
Now, I have an angry spammer who blames me for receiving a $200 fine and is retaliating by posting my name and photo on his website with gendered insults and then (ironically) sending out spam emails with the link to friends of mine that he has tracked down and who knows who else.
GoDaddy has put my personal privacy and safety at risk. And in case you think this could have been a mistake, GoDaddy’s policy for dealing with abuse complaints contains the following:
We review all complaints for validity and will take appropriate action, and as part of our investigation, it may also be necessary for us to corroborate your complaint with our customer.
Apparently “corroborate your complaint with our customer” means that GoDaddy provide their customer personally identifiable information that will allow him to stalk you on the Internet and harass you for having the gall to report him.
If you think I can now report to GoDaddy that someone on their servers is using their website for harassment, think again. Here’s what GoDaddy has under their sections of reporting harassment.
So, thank you GoDaddy. I helped you out by reporting someone who was using your servers in an illegal fashion. You responded by telling him that I was the one who reported him. Now he is harassing me, posting my photo and name online with sexist insults, and tracking down my friends in order to send them spam linking to his post about me. And according to your own policy, I can’t even report the harassment because it’s “not your place” to deal with customers who are using your services to harass and abuse.
GoDaddy gave my personally identifiable information to a spammer troll, violating my personal privacy and safety and resulting in me joining the the ever-growing group of women that is subject to online abuse.
Note: I am not linking to the spammer’s website because I don’t want to give him more attention. If you’re really curious, I’m sure you can find it yourself using some creative googling.
UPDATE: GoDaddy responded to my post with the following statement:
We understand a situation like this is very frustrating. While this may not resolve the issues of the past, we hope some context will help explain how we manage spam complaints and address allegations of defamatory content.
We have a “zero tolerance” spam policy and investigate all accusations of potential spamming on our network. We notify the complainant that it may be necessary for us to corroborate their claim with the person accused of spamming. A critical point in corroborating a spam complaint is confirming whether there was an “opt-in” email consent from the person who says they are being spammed. This is why we ask for an email address from the person filing the complaint. Without it, unfortunately there’s no way to determine if the accused spammer had “opt-in” consent. When proof of “opt-in” isn’t provided, we consider the activity a violation and take appropriate actions to prevent further spamming.
As for the website created after the spamming complaint was handled, we do not make determinations about whether content is defamatory. As citizens of the Internet, we recommend you contact law enforcement to register a complaint about any website material you deem defamatory. We do not remove content without a court order.
Again, we understand this doesn’t erase the issues you’ve experienced, we just wanted to provide some perspective on our policies and the issues we have to balance as an Internet provider. If you would like to discuss this in more depth, please shoot me an email and I’d be happy to speak with you directly.
Pam Bunn
Abuse@GoDaddy.com
Domain Services
GoDaddy
This article was originally featured on Shepchick and reposted with permission. Jamie Bernstein is a data scientist, blogger, and photographer living in Chicago. She blogs about science, skepticism and feminism at Skepchick and about photography at Catching Photons (catchingphotonschicago.com).
Illustration by Jason Reed