This scam is so old I forgot about it. Goes back to at least 2010.
Basically, the scammer says they run a domain name registrar and noticed someone trying to buy .cn, .net.cn, .org.cn, and other variations of a domain name you already own.
At first, they imply that they want confirmation from you to block the sale of similar domain names. In reality, they want you to block the sale by buying the domains from them yourself.
Don’t fall for it. Very few can afford to by every top level domain variation of their domain name. Learn more about this scam here and here.
This is the version of the scam I received in 2022 July:
If you want to setup mail filtering rules to block this particular scammer, here’s some email header information:
- domain of chinanethost.org designates 205.185.118.41 as permitted sender
- client-ip=205.185.118.41
- [email protected]
- helo=mx.chinanethost.org;
- [email protected];
- header.from=chinanethost.org;
- dkim=pass [email protected];
- spf=pass (domain of chinanethost.org designates 205.185.118.41 as permitted sender)
- [email protected];
- dmarc=pass header.from=robert@chinanethost.org (p=none dis=none)
- Received: from mx.chinanethost.org (mx.chinanethost.org [205.185.118.41])
- Return-Path: robert@chinanethost.org
- DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=chinanethost; d=chinanethost.org; h=Date:From:To:Subject:Mime-Version:Message-ID:Content-Type; [email protected];
As you can see, this particular scammer is using valid SPF, DKIM, and DMARC records.