A customer of mine got a phone call from one Pedro Santos of Comodo saying that an SSL cert was coming due, and offering to help renew it. My customer (who didn't realize that this was spam) innocently asked for more information in an email.
I happened to be on the phone with the customer later, who mentioned it, and forwarded me email: Comodo is spamming and attempting to sell via misrepresentation.
From: pedro santos [mailto:email@example.com] Sent: Wednesday, March 27, 2013 2:12 PM To: (customer) Subject: SSL Certificate Solutions By Comodo Hi (customer). It was nice speaking with you today! The SSL Certificate on the (hostname) is coming up for expiration shortly.(36 days) Currently you are with Thawte on a 1 year DV paying $150 for the year With Comodo, I can offer you the SAME DV for 1 year for $79.85 or 5 years for $259.75 Comodo is the largest privately held certificate authority in the world!! Here is a list of some of our customers: http://en.wikipedia.org/wiki/Extended_Validation_Certificate https://secure.wish.org https://www.davidsbridal.com http://drillcomp.com/ https://itunesconnect.apple.com/WebObjects/iTunesConnect.woa www.utahcentral.com www.fila.com www.westernunion.com Find out a bit more about our company: www.comodo.com www.enterprisessl.com Click on the link below to take a look at our big named customers. http://www.enterprisessl.com/ssl-certificate-corporate/ssl-certificate-customers.html -- Pedro Santos Account Executive COMODO Direct: 201-620-6731 E-Mail: firstname.lastname@example.org www.comodo.com
I'm not a fan of cold calling, but that's how the world works and I'm generally going to politely turn them away, but in this case we have some special sauce:
- The particular domain had no public links that we know of, it's for internal use, so we're reasonably confident that Comodo is generating leads via automatic scanning for open 443/tcp and sucking down the cert details. This just seems scummy.
Pedro claims that we're spending $150/year for our cert, but it's simply not true: we spend around $30/year from a Thawte reseller. Thawte's website does list DV (domain validated) SSL certs for $150/year, but my suspicion is that's just a retail price that nobody pays, them instead relying on resellers to sell at a quarter of the price.
I find it very, very hard to believe that a salesman in the SSL cert business doesn't know this, and was happy to lie in the hopes of getting a sale.
I replied to the guy, disabused him of the $150/year notion, suggesting that he never call us again.
This kind of trolling for SSL business is redolent of registrars who send out invoice-like USMail to domain-name owners hoping to snag the unsuspecting into paying much more for services than they are now.
The example to the right is from DNS Service earlier this year (to the same customer, it turns out)s, who seems to be notorious for this, and I've had to send notes to my customers telling them to throw these things away and not ever countenance this kind of spam.
Now Comodo is doing the same thing. Shame on you. Congratulations, Pedro, now you're famous.
Looks like I'll be sending yet another warning email to my customers. Sigh.