This scam is so old I forgot about it. Goes back to at least 2010.

Basically, the scammer says they run a domain name registrar and noticed someone trying to buy .cn, .net.cn, .org.cn, and other variations of a domain name you already own.

At first, they imply that they want confirmation from you to block the sale of similar domain names. In reality, they want you to block the sale by buying the domains from them yourself.

Don’t fall for it. Very few can afford to by every top level domain variation of their domain name. Learn more about this scam here and here.

This is the version of the scam I received in 2022 July:

Subject: exampledomain From: [email protected] (It’s very urgent, therefore we kindly ask you to forward this email to your CEO. If you believe this has been sent to you in error, please ignore it. Thanks) Dear CEO, This is a formal email. We are the Domain Registration Service company in Shanghai, China. Here I have something to confirm with you. On July 7, 2022, we received an application from Hongmei Ltd requested “exampledomain” as their internet keyword and China (CN) domain names (exampledomain.cn, exampledomain.com.cn, exampledomain.net.cn, exampledomain.org.cn). But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor in China? Best Regards Robert Liu | Service & Operations Manager China Registry (Head Office) Tel: +86-2161918696 Fax: +86-2161918697 Mob: +86-13816428671 6012, Xingdi Building, No. 1698 Yishan Road, Shanghai 201103, China This email contains privileged and confidential information intended for the addressee only. If you are not the intended recipient, please destroy this email and inform the sender immediately. We appreciate you respecting the confidentiality of this information by not disclosing or using the information in this email.

If you want to setup mail filtering rules to block this particular scammer, here’s some email header information:

As you can see, this particular scammer is using valid SPF, DKIM, and DMARC records.