Sponsored by..

Showing posts with label BizSummits. Show all posts
Showing posts with label BizSummits. Show all posts

Tuesday, 27 October 2015

BizSummits aka ExecSummits LLC whacks former employee with lawsuit

I've written about BizSummits aka ExecSummits LLC many times before, exposing their habit of sending spam (which I haven't seen any of lately to be fair) and other questionable business practices. By accident I discovered that in September, ExecSummits file a lawsuit [Techdirt] against former employee Michael Healy.

Techdirt does a reasonable job at bringing together various bits and pieces to explain what is occurring and the background to the story. Worth a read IMO.

PACER fees being what they are, I've uploaded the documents for 1:15-cv-03199-MHC here [zip] if you want to have look.

Tuesday, 22 September 2015

(More) Domains and businesses associated with Michael Price of BizSummits

Following on from this post, here are some business and domains closely associated with Michael Price of BizSummits, presented without comment for research purposes only.


COO Summit
cooleaders.org

Hiring Spring
hiringspring.com

Exit Partners LLC
exitpartners.net

Exact Leads
exactleads.com

VisitorLeads
visitorleads.com

ListK
listk.com

LoudJob
loudjob.com

Franchisee Funnel
franchiseefunnel.com

Supply Chain Summit
supplychainsummit.org

Hospital Growth Summit
hospitalgrowthsummit.org

CFO Summit
cfosummit.org

Safety Management Summit
safetysummit.org

Project Management Summit
projectmanagementsummit.org

CMO Summit
cmosummit.org

PR Summit
prsummit.org

Corp Summits
corpsummits.com

Quality Management Summit
qualitysummit.org

Corporate Counsel Summit
corporatecounselsummit.org

Executive Summits
execsummits.com

BizSummits
bizsummits.org

Marketing LeadFunnel
marketingleadfunnel.net

Meeting Setters
meetingsetters.com

CEO Ventures
ceoventures.com

HR LeadFunnel
hr-leadfunnel.com

Survey Executives
surveyexecutives.com

iListK
ilistk.com

IT LeadFunnel
itleadfunnel.com

Finance LeadFunnel
financeleadfunnel.com

GoPresent
gopresent.com

AffluentNames.com
affluentnames.com

Documents.me / Nouvou, Inc.
documents.me

AngelPool
angelpool.org

Critical Fit
criticalfit.com

HR Summit
hrsummit.org

Corp Venturing
corpventuring.com

PlugMeIn
plugmein.com

Retargetable
retargetable.com

LeadFunnel
leadfunnel.com

Pathfinder Careers
pathfindercareer.com

The Sales Management Association
salesmgtassoc.org

Executive Angels
executiveangels.net

CareerLeaper
careerleaper.com

Packed Events
packedevents.com

TeamEx
teamex.com

iCirc
icirc.net

HR Management Association
hrmanagementassociation.org

Product Conception Group
productconception.com

Friday, 5 June 2015

Some domains belonging to Michael Price of BizSummits

Here are some domains belonging to Michael Price of BizSummits. Just saying.

hiringspring.net
logistics-summit.com
supplychainsummit.net
acr-clnt1.com
opendetail.com
itsecurityshow.com
lawpathfinder.net
esquirecareers.net
checkdetailz.com
bayareatechsummit.com
hospital-growthsummit.org
theproductdevsummit.net
powerbizdev.com
prexecutives.org
goldcoastsummit.com
hartfordsummit.org
tampatechsummit.com
jacksonvillesummit.com
miamisummit.org
atlantatechsummit.com
knoxvillesummit.org
nashvillesummit.org
sandiegotechsummit.com
orangecountysummit.com
lasummit.org
portlandtechsummit.com
seattletechsummit.com
denversummit.org
phoenixsummit.org
nytechsummit.org
providencesummit.org
bostonsummit.org
worcestersummit.org
portland-summit.com
cfobestpracticesroundtable.com
orlandosummit.com
cfo-summit.com
the-trainingsummit.net
thefinance-list.com
procurementsummits.org
procurementleadership.org
biz-summits.com
customerservicesociety.org
risk-summit.net
backupsite.biz
alturls.net
serveurls.net
servesites.net
arja.org

Saturday, 14 February 2015

Spammer: Brad Smith / Unicore Health / unicorehealth.net / unicorehealth.com

This slimed its way into my mailbox:

From:    Brad Smith [sales@unicorehealth.net]
To:    Morgan Stanley [mstanley@redacted]
Date:    11 February 2015 at 15:24
Subject:    Morgan, HR related question

Hi Morgan, could you let me know a time we could talk in the next few days? For HR managers we measure and video the essential functions and physical requirements of each key job so that clients like Coca-Cola and Publix can reduce their hiring risk and job injury risk. I thought you would like to quickly view the process, some interesting examples, and how to use them in your role. Just let me know a time that works in your schedule and I will confirm back, talk then!


Regards,
Brad Smith
VP, Product Management
Unicore Health
sales@unicorehealth.net
www.unicorehealth.net

This message is confidential and intended only for the original recipient. If you have received this message in error, please delete it or mail us back with re move in the sub ject. If any follow-up is needed I show your contact information as Morgan Stanley, mstanley@redacted   and our address if needed is 3200 Downwood Circle, Ste 410, Atlanta, GA, 30327. Thank you.
Morgan Stanley? They must mean this Morgan Stanley. How did they confuse me with Morgan Stanley? Because I mention them on my website here. Now, I only know of one company that sends spam like this.. but more about them later.

Let's check the veracity of the message.. first, the mail headers.

Received: from [63.134.229.186] (port=1355 helo=mail.unicorehealth.net)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <sales@unicorehealth.net>)
    id 1YLZ9H-0001CT-C2
    for mstanley@redacted; Wed, 11 Feb 2015 15:24:20 +0000
Received: from 31617334.unicorehealth.net
        by mail.unicorehealth.net (Right Sender 3.3) with ASMTP id YRJ55117
        for <mstanley@redacted>; Wed, 11 Feb 2015 10:24:17 -0500
Message-ID: <20150211102412.2e7c8b6c6f@6e5d>
From: "Brad Smith" <sales@unicorehealth.net>
To: "Morgan Stanley" <mstanley@redacted>
Subject: Morgan, HR related question
Date: Wed, 11 Feb 2015 10:24:12 -0500
X-Priority: 3
X-Mailer: SMTP-Mailer 3.4
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of sales@unicorehealth.net designates 63.134.229.186 as permitted sender) client-ip=63.134.229.186 envelope-from=sales@unicorehealth.net helo=mail.unicorehealth.net
X-BlackCat-Spam-Score: -10
X-Mythic-Debug: Threshold =  On =
X-Spam-Status: No, score=-1.1
We can see that the SPF record for unicorehealth.net matches it to 63.134.229.186. The domain unicorehealth.net is also hosted on the same IP, so we can be reasonably assured that this is not a forgery. Let's look at the WHOIS details for that domain..

Registrant Name: Brad Smith
Registrant Organization: Unicore Health
Registrant Street: 3200 Downwood Circle
Registrant Street: Suite 410
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30327
Registrant Country: United States
Registrant Phone: +1.6785226363
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: bsmith@unicorehealth.com


This links unicorehealth.net with unicorehealth.com. Indeed, we can find "Bradley Smith" on the unicorehealth.com web site.


I emailed Mr Smith back twice and asked him how he came across the email address. He didn't bother to reply.

Previously I mentioned that I have seen this type of spam before from one particular company, BizSummits, run by Michael Price. In particular, they look for potential names on a website and then spam them, a technique that is highly inaccurate but does seem to be relatively successful nonetheless.

Now, Unicore Health is not BizSummits. But they both use a virtual office address in Altanta, about ten miles apart. So perhaps there is some personal connection between the two businesses or the people behind them.

One of Mr Price's other businesses is called PlugMeIn  (plugmein.com), which claims to reveal the email addresses of key people on certain websites. If this uses the same approach as the BizSummits spam, then it might well be just as inaccurate. And perhaps Unicore Health is using PlugMeIn technology to find email addresses.

But since Brad Smith didn't bother to reply to me, I can't tell if this spam was the result of faulty software, a bad email address list or just plain stupidity. Personally, I won't be buying anything from them soon.

UPDATE - January 2017

For various reasons, I ended revisiting this post and discovered that unicorehealth.net now displays a site "Hartford HR Summit" which is definitely a BizSummits / Michael Price site.


Wednesday, 21 January 2015

"Hartford Tech Summit" aka BizSummits: What's wrong with this picture? (hartfordsummit.com / hartfordsummit.org)

Last year I called out serial spammers BizSummits for their use of stolen photographs that they were attempting to pass off as activities at one of those summits.

A comment on one of the posts indicates that BizSummits are suffering from a degree of butthurt because of this.

Hi Conrad, we just received an autonotice about the comment from Claire Le and were again hoping you would consider archiving/mothballing it because readers see the misleading title which is why the commenter incorrectly surmised BizSummits is a fake after reading it. I think you know it is not, we are glad to immediately make you a member of one of the groups if wished so you can login and watch/listen to hundreds of past meetings (impossible if it were really a fake), and we are also glad to cover your airfare from the UK if you wish to attend any of the in-person events (next on the schedule is the HartfordSummit.com in a few weeks and then a series in Chicago in April including a CIO roundtable you might have interest in attending). Thank you for your consideration. 
 HartfordSummit.com? That's a new one on me. Let's head over to that website.


If you read my previous post on these folks, you might guess where this is going.

Now, bearing in mind the cringing embarrassment they must have felt when I pointed out that all the photos on their sites were of something else entirely, you would expect that they'd use a genuine photograph of one of their summits. I mean, everyone has a digital camera, right? It would be hard to avoid taking a photograph of one of these summits. And they have so many of them.

Let's have a closer look at that photo (http://loadurl.org/hartfordsummit/images/whatsnew.jpg)

It certainly looks like a seminar or summit. But let's see what a Google Reverse Image Search says..


It guesses that this is a picture of "business seminars" and reveals that the same photo is in use on many different sites. And in fact, you just need to do a Google image search for "Seminars" and it turns up in a prominent position.


So now we need some detective work, the original image doesn't appear to be online but I can find a slightly higher resolution one.


There's an interesting sign on the wall..


"The Ivy Review" it says. That matches pretty closely with a photo from ivycenters.com which has a very similar photograph.



This photograph was taken in the Santa Clara Convention centre. That's about 3000 miles from Hartford, but that's not really the point. The point is that this appears to be the photograph of a completely different convention from a completely different organisation. It is certainly a commonly used picture for "seminars" that people paste in when they haven't actually got a picture.

In fact, I have never seen a verifiable photo of any BizSummits event. Perhaps I am looking in the wrong place. Perhaps someone needs to buy BizSummits a digital camera. Draw your own conclusions.

As for a free trip to Connecticut to see BizSummits in action. Yeah, I think I'll pass on that offer.

Tuesday, 8 April 2014

Michael Price and BizSummits get ROKSO listed, scurry under the spotlight

Recently I wrote about a spam run being sent by Michael Price and/or BizSummits and examined the high level of fake material on their "Summits" websites.

In the past few days, BizSummits and Michael Price have the very dubious distinction of being listed in the Spamhaus ROKSO list of what they consider to be the worst spammers worldwide.

A ROKSO listing is bad news because it means that reputable web hosts will not do business with them.

So what happened next?

Well, basically most of the domains listed here have suddenly changed registrar and IP address, and the WHOIS details have been changed to something that looks rather fake (in my opinion). For example, the domain BizSummits.org has the WHOIS details changed from:

Registrant ID:CR38175629
Registrant Name:DNS Administrator
Registrant Organization:BizSummits
Registrant Street: 1200 Abernathy Rd, 17th Floor
Registrant City:Atlanta
Registrant State/Province:Georgia
Registrant Postal Code:30328
Registrant Country:US
Registrant Phone:+1.8006003389
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:dnsadmin@bizsummits.org


to

Registrant ID:NS-b48b7b229f5dc
Registrant Name:Michael Loeloff
Registrant Organization:
Registrant Street: 8380 Lagos De Campo Blvd
Registrant City:Tamarac
Registrant State/Province:FL
Registrant Postal Code:33321
Registrant Country:US
Registrant Phone:+1.2025688305
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:dnsadmin@bizsummits.org


..which is an anonymous-looking apartment in Florida. Most of the other domains have been geographically scattered to different addresses and names. Strangely none of the registrants seem to have a web footprint. In my personal opinion, these addresses are deliberately fake, and they have been changed by someone working for BizSummits.

It isn't just the WHOIS details that changed, the registrar in the case of BizSummits.org has changed from GoDaddy to NameSilo for unknown reasons. And also the IP address has changed from 184.168.221.27 (GoDaddy) to 198.199.112.47 (Digital Ocean). To me that looks like GoDaddy booted them off their network, although there could be other explanations I suppose.

Conversely, most of the domains used in the spam run listed here appear to have been deleted, either by the registrar or by the owner. It doesn't really matter as far as evidence is concerned because services such as DomainTools maintain historical WHOIS records.

Overall, there seems to be a great deal of scurrying around as the spotlight has been shone on their activities.

I'm curious as to whether or not Michael Price or BizSummits think that the spam run sent from their servers was legitimate and legal, and as to whether or not they believe that the use of the images from other companies is justified.

It does appear that someone using Michael Price's photograph and name tried to post a comment, and then thought better of it. Hmmm.


Sunday, 30 March 2014

It's a fake! BizSummits, CFO Summit, CIO Summit, CMO Summit rip off photos from other sites.

I've been tracking the spammy activity of BizSummits on and off for a while, most recently with a very annoying spam run that has been plaguing website operators with fake notifications.

I'd never really looked that deeply into the BizSummits operation though, but even though it promotes itself through spam I had assumed that there was a real business at the end of it.

But when I started to look into their websites, it quickly became apparent that a great deal of the material was faked.

Most of the sites use the same material, so let's start with forwd.net/cfosummit/about.html which is an "About Us" page.

It features a photo of a group of people.. you'd assume that it was one of the "Summits" that BizSummits promotes. After all, if you have all these people meeting up all the time then surely it would be easy to snap a photo.

Let's look more closely.

It turns out that the picture is stolen from the blog of the US Ambassador to Iceland and it shows a group of Icelandic executives meeting with an organisation called the Young Presidents' Organization which is completely unrelated to BizSummits.

So let's look at the "Why Join" page at forwd.net/cfosummit/whyjoin.html which features a bunch of happy-looking individuals.

Let's look more closely..

This image is stolen from a company called Deceuninck nv. And it isn't just a generic stock photo, their website lists everyone in the photograph and identifies them as being employees.


Let's look at the "Members" page next at forwd.net/cfosummit/members.html

It shows a photograph of someone who is presumably speaking at one of these Summit events.

Errr... no. This is Professor Michael Porter speaking at the World Economic Forum. Professor Porter would be a highly influential and important person to have on board. But his name doesn't appear on the list of "Members & Speakers".

Let's look at the "Topics" page at forwd.net/cfosummit/topics.html


Who's in the photo?


That's a publicity photo of Niels Stolberg. Stolberg's company collapsed and is the focus of fraud investigations. Given the controversy surrounding Mr Stolberg, would it be appropriate to have a picture of him on your site? Odder still, Mr Stolberg seems to have no connection at all to BizSummits.

Now we turn our attention to the "What's New" page. Who are the people having a discussion? People at a BizSummits seminar?


Let's look more closely.

This image can be found on the page of the NG Utilities Summit in Australia (open the lightbox). If you look carefully, you can see the NG Utilities logo on the woman's badge on the right. Despite having "Summit" in the name, this is nothing at all to do with BizSummits. If BizSummits really held any meetings then a photo like this would be trivial to take.

The next page is "Questions" at forwd.net/cfosummit/questions.html. Well.. we have a few already.


Who's in the picture?

These are a couple of executives from WebTrends. As far as I can tell they have nothing to do with BizSummits, and the photo has just been stolen.

Incidentally this page contains what I consider to be a flat lie:

Why was I Invited to Join?

Either a member nominated you, or we specifically wanted your company involved and researched the best executive.
The evidence I have provided about this firm shows that they simply scraped your name from your company website and guessed your email address. Is that research? I don't think so.

The next picture to deconstruct is on the "My Login" page at forwd.net/cfosummit/login.html


You probably already guessed that the guy in the photo has nothing to do with BizSummits.

That's because this is Dr. Thomas R. Insel who again has nothing to do with BizSummits.

Finally, we come back to the home page.


Who is in the photo?


These are apparently the senior management of BHP taken in an AAP photo. What do they have to do with BizSummits? It seems nothing at all.

In fact, the only original piece of imagery I can find is this promotional video:


The video is meant to be an endorsement. But who is this woman? Who does she represent? What exactly is she endorsing? The video is professional looking but deliberately vague.

Incidentally, if you want to see what Michael Price, the CEO of BizSummits looks like, here he is:


This copied material doesn't just exist on a few websites, it exists on a LOT of cookie-cutter sites, all presumably marketed through the same spammy approach.

  • CFO Summit (www.cfosummit.org)
  • CIO Summit (www.ciosummit.org)
  • CMO Summit (www.cmosummit.net)
  • COO)Operations Summit (www.theoperationssummit.net)
  • Corporate Counsel Summit (www.thecorporatecounselsummit.org)
  • Corporate Development Summit (www.corpdevsummit.org)
  • Customer Service Summit (www.customerservicesummit.org)
  • Engineering Summit (www.theengineeringsummit.net)
  • Executive Summits (www.executivesummits.org)
  • Hospital Growth & Excellence Summit (www.hospitalgrowthsummit.org)
  • HR Summit (www.hrsummit.org)
  • Product Development Summit (www.productdevsummit.org)
  • Project Management Summit (www.projectmanagementsummit.org)
  • Public Relations Summit (www.thepublicrelationssummit.org)
  • Procurement Summit (www.procurementsummit.org)
  • Quality Management Summit (www.qualitymanagementsummit.org)
  • Risk Management Summit (www.riskmanagementsummit.org)
  • Safety Management Summit (www.safetymanagementsummit.org)
  • Sales Summit (www.salessummit.org)
  • Supply Chain Summit (www.supplychainsummit.org)
  • Training Summit (www.trainingsummit.org)
Ask yourself this question.. why is it that a company such as BizSummits, that is supposed to organise all of these meetings, cannot get around to taking any photographs of those meetings themselves? Surely it wouldn't be difficult to do? And yet almost every image is copied from somewhere else. What kind of company does that? Is it one that you feel comfortable doing business with?

Friday, 28 March 2014

BizSummits "Early closing due to poor weather" / "Early closing due to bad conditions" spam

Here are a pair of odd spam email messages:

Message 1
From:     Tim Williams Tim@myteamex.com
To:     Tony Blair [tony@victimdomain]
Date:     28 March 2014 14:09
Subject:     Early closing due to bad conditions.

Early closing due to bad conditions.


This will be the only notification to tony@victimdomain and just disregard if sent to the incorrect individual. Thank you.
Message 2
From:     Michael Miller Michael@leadbyinnovation.com
To:     Victor Echo [vecho@victimdomain]
Date:     28 March 2014 11:12
Subject:     Early closing due to poor weather.

Early closing due to poor weather.


This will be the only notification to vecho@victimdomain and just disregard if sent to the incorrect person. Thank you.
The email contains no link and no attachment. So what it is it?

A close look at to "To" field is interesting. Tony Blair? Well, he's an ex-Prime Minister of Britain, and he just happens to be mentioned on my website here. And Victor Echo? Well, that's not a person at all but is mentioned on this page about the NATO Phonetic Alphabet.

So, in each case a name has been harvested from my web site and an email address guessed (tony@ and vecho@) in order to send the spam.

I've seen this process of scraping my web site and guessing email addresses before by a business called CIO Summits which is part of a spammy business called BizSummits run by a gentleman called Michael Price. But perhaps this is a coincidence?

So let's look at the mail headers of the two messages:

Message 1

Received: from [64.21.19.104] (port=59519 helo=mail.myteamex.com)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <Tim@myteamex.com>)
    id 1WTXTM-00062J-14
    for tony@[redacted]; Fri, 28 Mar 2014 14:09:32 +0000
Received: from 76809236.myteamex.com
        by mail.myteamex.com (Merak 8.9.1) with ASMTP id ORL87326
        for <tony@[redacted]>; Fri, 28 Mar 2014 07:09:26 -0700
Message-ID: <20140328070921.6e9e4d6b5e@5d7e>
From: "Tim Williams" <Tim@myteamex.com>
To: "Tony Blair" <tony@[redacted]>
Subject: Early closing due to bad conditions.
Date: Fri, 28 Mar 2014 07:09:21 -0700
X-Priority: 3
X-Mailer: Host
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of Tim@myteamex.com designates 64.21.19.104 as permitted sender) client-ip=64.21.19.104 envelope-from=Tim@myteamex.com helo=mail.myteamex.com

Message 2

Received: from [64.21.70.64] (port=1970 helo=mail.leadbyinnovation.com)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <Michael@leadbyinnovation.com>)
    id 1WTUi8-0007x8-KZ
    for vecho@[redacted]; Fri, 28 Mar 2014 11:12:38 +0000
Received: from 37649152.leadbyinnovation.com
        by mail.leadbyinnovation.com (Merak 8.9.1) with ASMTP id OOO71531
        for <vecho@[redacted]>; Fri, 28 Mar 2014 04:12:31 -0700
Message-ID: <20140328041226.3f8f7d6c7b@9e8c>
From: "Michael Miller" <Michael@leadbyinnovation.com>
To: "Victor Echo" <vecho@[redacted]>
Subject: Early closing due to poor weather.
Date: Fri, 28 Mar 2014 04:12:26 -0700
X-Priority: 3
X-Mailer: SMTP Forwarder v.9
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of Michael@leadbyinnovation.com designates 64.21.70.64 as permitted sender) client-ip=64.21.70.64 envelope-from=Michael@leadbyinnovation.com helo=mail.leadbyinnovation.com
What these headers tell us is that the emails originated from 64.21.70.64 and 64.21.19.104 (Net Access Corporation, US), and that those servers are genuine mail relays for the domains leadbyinnovation.com and myteamex.com.. in other words the message is not spoofed and whoever owns these domains is responsible for the mail.


The WHOIS contain the following details:

leadbyinnovation.com
Registrant Name: DNS Administrator
Registrant Organization: LeadByInnovation
Registrant Street: 1200-Abernathy  Rd
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30328
Registrant Country: United States
Registrant Phone: +1.7705552343
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: dnsadmin@leadbyinnovation.com
Registry Admin ID: 
myteamex.com
Registrant Name: DNS Admin
Registrant Organization: MyTeamEx
Registrant Street: 17th Floor
Registrant Street: 1200  Abernathy
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30328
Registrant Country: United States
Registrant Phone: +1.4044983847
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: dnsadmin@myteamex.com

Perhaps is is just a coincidence that the WHOIS details for bizsummits.org are very similar:

Registrant ID:CR38175629
Registrant Name:DNS Administrator
Registrant Organization:BizSummits
Registrant Street: 1200 Abernathy Rd, 17th Floor
Registrant City:Atlanta
Registrant State/Province:Georgia
Registrant Postal Code:30328
Registrant Country:US
Registrant Phone:+1.8006003389
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:dnsadmin@bizsummits.org

1200 Abernathy Rd is a big office building in Atlanta, and the office address could well be a virtual office in any case. But isn't it a coincidence that all three companies are based in the same building?

Well.. no, it's not a coincidence because if you look at the historical WHOIS details for myteamex.com for just last month we see they are:

Registrant Name: Michael Price
Registrant Organization:
Registrant Street: 801 Kellerman Kreek
Registrant City: Marietta
Registrant State/Province: Georgia
Registrant Postal Code: 30068
Registrant Country: United States
Registrant Phone: +1.7709989999
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: MPrice@mobilesoft.com

Michael Price? Yes, that's the same Michael Price who runs BizSummits. So, it's not a coincidence at all, is it?

This particular spam run has also been discussed on the SpamCop forum which  indentifies the four following domains in connection with this spam run:
trainingleadership.org
zipscheduler.net
gotofacts.net
openames.com

Each one of these tells a different story.  trainingleadership.org has the same semi-anonymous registration details as the others, but just a few days ago (20th March 2014) the registrant was "Biz Summits".  gotofacts.net has also had the registrant details changed.. on 18th March that was registered to "Michael Price".

Finally,  openames.com is a bit odder. It too has had the registrant details change (it was "Michael Price" on 18th January 2014), but it is hosted on an IP address belonging to a children's hospital in Illinois (199.125.18.11: Illinois - Chicago - Children's Memorial Medical Center)

So what are these messages? I believe that BizSummits (or whatever Mr Price's current operation is called, perhaps mobilesoft.com / mobilebriefs.com) is probing mail servers to see what sort of format email addresses are so that further spam can be sent. Most mail systems will reject invalid messages, so basically this is a sort of enumeration exercise. Is this illegal? It's hard to say. But in my opinion it is certainly unethical.

Incidentally BizSummits has a rotten reputation at the BBB, and in my personal opinion offer business summits of very little worth, and that they prey upon the vanity of the people who receive the email (which is just a basically just spam). A quick a Google for bizsummits spam comes up with a large number of complaints, and I must recommend this particular blog entry if you want an overview of how BizSummits allegedly pitch their business.

The BBB lists the following domains as being part of BizSummits. I would recommend avoiding them:
cfosummit.org
ciosummit.org
thecmosummit.net
trainingsummit.org
csosummit.org
corpdevsummit.org
hrsummit.org
theoperationssummit.net
productdevsummit.org
thepublicrelationssummit.org
qualitymanagementsummit.org
risingexecutivesummit.org
riskmanagementsummit.org
thecorpdevsummit.org
associationgrowthsummit.net

UPDATE: more information about BizSummits and some of it's websites can be found here.

Update (2300 GMT 2014-03-28): another "Tony Blair" one..

From:     Stan Moore Stan@texasbusinesschamber.org
To:     Tony Blair tblair@[redacted]
Date:     28 March 2014 22:52
Subject:     Closed early due to poor weather.

Closed early due to poor weather.


This will be the only notification to tblair@[redacted] and just disregard if sent in error. Thank you.
The mail headers confirm that texasbusinesschamber.org was the sender, this time from 64.21.70.72 (Net Access Corporation again):

Received: from [64.21.70.72] (port=3018 helo=mail.texasbusinesschamber.org)
    by [redacted]with esmtp (Exim 4.80)
    (envelope-from <Stan@texasbusinesschamber.org>)
    id 1WTfdq-0002i5-AG
    for tblair@[redacted]; Fri, 28 Mar 2014 22:52:50 +0000
Received: from 37402341.texasbusinesschamber.org
        by mail.texasbusinesschamber.org (Merak 8.9.1) with ASMTP id OZC63549
        for <tblair@[redacted]>; Fri, 28 Mar 2014 15:52:49 -0700
Message-ID: <20140328155244.5b6c3d3e2c@2e5c>
From: "Stan Moore" <Stan@texasbusinesschamber.org>
To: "Tony Blair" <tblair@[redacted]>
Subject: Closed early due to poor weather.
Date: Fri, 28 Mar 2014 15:52:44 -0700
X-Priority: 3
X-Mailer: System-Forwarder
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of Stan@texasbusinesschamber.org designates 64.21.70.72 as permitted sender) client-ip=64.21.70.72 envelope-from=Stan@texasbusinesschamber.org helo=mail.texasbusinesschamber.org
texasbusinesschamber.org WHOIS today:

Registrant ID:CR156687418
Registrant Name:DNS Admin
Registrant Organization:Texas Business Chamber
Registrant Street: Floor 17
Registrant City:Atlanta
Registrant State/Province:Georgia
Registrant Postal Code:30327
Registrant Country:US
Registrant Phone:+1.7705863645
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:dnsadmin@texasbusinesschamber.org
texasbusinesschamber.org WHOIS on 22nd February (just over one month ago)

Registrant ID:CR156687418
Registrant Name:Michael Price
Registrant Organization:
Registrant Street: 801 Kellerman Kreek
Registrant City:Marietta
Registrant State/Province:Georgia
Registrant Postal Code:30068
Registrant Country:US
Registrant Phone:+1.7709989999
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:MPrice@mobilesoft.com

Update (0700 GMT 2014-03-29):  A slightly different one..

From:     Jim Moore Jim@ituckins.com
To:     Victor Echo
Date:     29 March 2014 03:17
Subject:     Closed early due to expected snow.

Closed early due to expected snow.

This will be the only notification to victor@[redacted] and just ignore if sent to the wrong person. Thank you.
This time the spammers are probing "Victor Echo" using the victor@ address. Mail headers are:

Received: from [209.200.118.35] (port=2643 helo=mail.ituckins.com)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <Jim@ituckins.com>)
    id 1WTjm8-0001jI-Ia
    for victor@[redacted]; Sat, 29 Mar 2014 03:17:45 +0000
Received: from 34460524.ituckins.com
        by mail.ituckins.com (Merak 8.9.1) with ASMTP id PGU70938
        for <victor@[redacted]>; Fri, 28 Mar 2014 20:17:38 -0700
Message-ID: <20140328201734.5b7d6b2f9d@2e2e>
From: "Jim Moore" <Jim@ituckins.com>
To: "Victor Echo" <victor@[redacted]>
Subject: Closed early due to expected snow.
Date: Fri, 28 Mar 2014 20:17:34 -0700
X-Priority: 3
X-Mailer: Package Forwarder 6.3
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of Jim@ituckins.com designates 209.200.118.35 as permitted sender) client-ip=209.200.118.35 envelope-from=Jim@ituckins.com helo=mail.ituckins.com
This domain has been excised of useful details in the WHOIS records, but it follows the same pattern and is undoubtedly Michael Price and BizSummits.

Registry Registrant ID:
Registrant Name: Dns Admin
Registrant Organization: eTuckins
Registrant Street: 1200 Abernathy Rd
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30068
Registrant Country: United States
Registrant Phone: +1.7705763847
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: dnsadmin@etuckins.com
Note that ituckins.com refers to etuckins.com in the WHOIS record, revealing yet another spam site in the chain.

Update (1800 GMT 2014-03-29): two more spams from the same domain..

From:     Stan Davis Stan@opendetails.com
To:     Oscar Yankee <oscar@[redacted]>
Date:     29 March 2014 12:39
Subject:     Early closing due to poor weather.

Early closing due to poor weather.

This will be the only notification to oscar@[redacted] and disregard if sent to the incorrect individual. Thank you.

-----

From:     Steve Williams Steve@opendetails.com
To:     Oscar Yankee <oyankee@[redacted]>
Date:     29 March 2014 11:54
Subject:     Closed early due to inclement weather.

Closed early due to inclement weather.

This will be the only notification to oyankee@[redacted] and please ignore if sent to the incorrect person. Thank you.
This time they are sent to "Oscar Yankee" (using a name scraped from this page) using both observed variants of oyankee@ and oscar@. The mail headers again verify that the message isn't spoofed, and opendetails.com is the actual sender.

Received: from [208.52.161.186] (port=59373 helo=mail.opendetails.com)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <Steve@opendetails.com>)
    id 1WTrqb-0001rc-3u
    for oyankee@[redacted]; Sat, 29 Mar 2014 11:54:53 +0000
Received: from 97584292.opendetails.com
        by mail.opendetails.com (Merak 8.9.1) with ASMTP id POG42002
        for <oyankee@[redacted]>; Sat, 29 Mar 2014 04:55:02 -0700
Message-ID: <20140329045456.3f2b7e1b4b@5c5f>
From: "Steve Williams" <Steve@opendetails.com>
To: "Oscar Yankee" <oyankee@[redacted]>
Subject: Closed early due to inclement weather.
Date: Sat, 29 Mar 2014 04:54:56 -0700
X-Priority: 3
X-Mailer: Perpetual Host v.1
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of Steve@opendetails.com designates 208.52.161.186 as permitted sender) client-ip=208.52.161.186 envelope-from=Steve@opendetails.com helo=mail.opendetails.com
The WHOIS details have been altered in an attempt to hide the sender, but it still shows Michael Price's email address. Oops.

Registrant Name: DNS Admin
Registrant Organization: OpenDetails.com
Registrant Street: Floor  17
Registrant Street: 12O0 Abernathy
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30329
Registrant Country: United States
Registrant Phone: +1.7705643366
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: mprice@mobilesoft.com
If we go back to the registration details in January 2014 then Michael Price's name and address are on them.

Registry Registrant ID:
Registrant Name: Michael Price
Registrant Organization:
Registrant Street: 801 Kellerman Kreek
Registrant City: Marietta
Registrant State/Province: Georgia
Registrant Postal Code: 30068
Registrant Country: United States
Registrant Phone: +1.7709989999
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: MPrice@mobilesoft.com
So again, there is very little doubt as to who is sending this rather large spam run.

Update (0200 GMT 2014-03-30): the spam shows no signs of letting up. Subjects include the following:

Closing early due to bad weather.
Closed tomorrow due to inclement weather.
Closed tomorrow due to poor weather.
Closing early due to bad conditions.


Names scraped from my website include "Juliet Tango", "Michael Moore" and "Mark Tape". This spam run has two new domains, texasbusinesschamber.com and opendetailz.com , the first of which has valid SPF records, the second does not.

Received: from [207.36.209.108] (port=4719 helo=mail.texasbusinesschamber.com)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <Tony@texasbusinesschamber.com>)
    id 1WU2JB-0005bA-EE
    for michael@[redacted]; Sat, 29 Mar 2014 23:05:02 +0000
Received: from 47912934.texasbusinesschamber.com
        by mail.texasbusinesschamber.com (Merak 8.9.1) with ASMTP id PAI19600
        for <michael@[redacted]>; Sat, 29 Mar 2014 16:05:00 -0700
Message-ID: <20140329160458.6b8c5e8f4d@7e5d>
From: "Tony Moore" <Tony@texasbusinesschamber.com>
To: "Michael Moore" <michael@[redacted]>
Subject: Closing early due to bad weather.
Date: Sat, 29 Mar 2014 16:04:58 -0700
X-Priority: 3
X-Mailer: EmailRemitter v.8
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of Tony@texasbusinesschamber.com designates 207.36.209.108 as permitted sender) client-ip=207.36.209.108 envelope-from=Tony@texasbusinesschamber.com helo=mail.texasbusinesschamber.com

Received: from [208.52.168.58] (port=58797 helo=mail.opendetailz.com)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <Brad@opendetailz.com>)
    id 1WU0hT-0004Z3-MB
    for juliet@[redacted]; Sat, 29 Mar 2014 21:22:03 +0000
Received: from 20646396.opendetailz.com
        by mail.opendetailz.com (Merak 8.9.1) with ASMTP id PYZ68711
        for <juliet@[redacted]>; Sat, 29 Mar 2014 14:22:11 -0700
Message-ID: <20140329142206.1f6f5b7b2e@2d3f>
From: "Brad Johnson" <Brad@opendetailz.com>
To: "Juliet Tango" <juliet@[redacted]>
Subject: Closing early due to bad conditions.
Date: Sat, 29 Mar 2014 14:22:06 -0700
X-Priority: 3
X-Mailer: MailServer 5.2
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: none ([redacted]: domain of Brad@opendetailz.com does not designate permitted sender hosts) client-ip=208.52.168.58 envelope-from=Brad@opendetailz.com helo=mail.opendetailz.com
The WHOIS records for texasbusinesschamber.com have been stripped of any identifying details:

Registry Registrant ID:
Registrant Name: DNS Admin
Registrant Organization: Texas Business Chamber
Registrant Street: Suite 1700
Registrant Street: 1200 -Abernathy
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30328
Registrant Country: United States
Registrant Phone: +1.7709989999
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: dnsadmin@texasbusinesschamber.com

But back in February, it was registered to Michael Price:

Registry Registrant ID:
Registrant Name: Michael Price
Registrant Organization:
Registrant Street: 801 Kellerman Kreek
Registrant City: Marietta
Registrant State/Province: Georgia
Registrant Postal Code: 30068
Registrant Country: United States
Registrant Phone: (770) 998-9999
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: MPrice@mobilesoft.com
Registry Admin ID: 
opendetailz.com doesn't pass the SPF check, but it is sufficiently close to the verified domain of opendetails.com seen previously that it is almost certainly genuine. The WHOIS details are:

Registry Registrant ID:
Registrant Name: DNS Admin
Registrant Organization: OpenDetailsz.com
Registrant Street: Floor-17
Registrant Street: 12OO Abernathy
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30327
Registrant Country: United States
Registrant Phone: +1.6783843388
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: dnsadmin@opendetailz.com
On the 18th March 2014 they were:

Registry Registrant ID:
Registrant Name: Michael Price
Registrant Organization:
Registrant Street: 801 Kellerman Kreek
Registrant City: Marietta
Registrant State/Province: Georgia
Registrant Postal Code: 30068
Registrant Country: United States
Registrant Phone: +1.7709989999
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: MPrice@mobilesoft.com
Registry Admin ID: 
Update (2300 GMT 2014-03-30): yet more evidence linking this spam run to BizSummit's Michael Price..
From:     Stan Miller Stan@gotofacts.net
To:     George Bush <george@[redacted]>
Date:     30 March 2014 18:29
Subject:     Will be closed due to bad conditions.

Will be closed due to bad conditions.

This will be the only notification to george@[redacted] and ignore if sent to the wrong email. Thank you.
----------------
From:     John Moore John@gotofacts.net
To:     George Bush <[redacted]>
Date:     30 March 2014 23:11
Subject:     Will be closed due to bad weather.

Will be closed due to bad weather.

This will be the only notification to gbush@[redacted] and disregard if sent to the wrong person. Thank you.

These messages are sent to George Bush (!). Again, the mail headers reveal that there is a valid SPF record, therefore gotofacts.net really did send the message:

Received: from [64.21.19.120] (port=64747 helo=mail.gotofacts.net)
    by [redacted] with esmtp (Exim 4.80)
    (envelope-from <Stan@gotofacts.net>)
    id 1WUJXi-0001yE-Iq
    for george@[redacted]; Sun, 30 Mar 2014 18:29:14 +0100
Received: from 78693058.gotofacts.net
        by mail.gotofacts.net (Merak 8.9.1) with ASMTP id QUH61409
        for <george@[redacted]>; Sun, 30 Mar 2014 10:29:09 -0700
Message-ID: <20140330102904.4d9e7f4e6f@7d6f>
From: "Stan Miller" <Stan@gotofacts.net>
To: "George Bush" <george@[redacted]>
Subject: Will be closed due to bad conditions.
Date: Sun, 30 Mar 2014 10:29:04 -0700
X-Priority: 3
X-Mailer: FlashTransmitter version 8.1
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass ([redacted]: domain of Stan@gotofacts.net designates 64.21.19.120 as permitted sender) client-ip=64.21.19.120 envelope-from=Stan@gotofacts.net helo=mail.gotofacts.net
The WHOIS records for gotofacts.net have been stripped of useful data:

Registry Registrant ID:
Registrant Name: DNS Admin
Registrant Organization: GoToFacts
Registrant Street: 1200 Abernathy
Registrant City: Atlanta
Registrant State/Province: Georgia
Registrant Postal Code: 30328
Registrant Country: United States
Registrant Phone: +1.7705863984
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: dnsadmin@gotofacts.net
But on March 18th it was registered to:

Registry Registrant ID:
Registrant Name: Michael Price
Registrant Organization:
Registrant Street: 801 Kellerman Kreek
Registrant City: Marietta
Registrant State/Province: Georgia
Registrant Postal Code: 30068
Registrant Country: United States
Registrant Phone: +1.7709989999
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: MPrice@mobilesoft.com
Registry Admin ID: 

Monday, 8 November 2010

theciosummits.org / CIO Summits spam

theciosummits.org / CIO Summits is the same outfit as BizSummits  who have a particular spamming technique that has been seen before.

The technique appears to be that they search a website for strings that look like names, and then they try and guess the email address for that person at that domain. Email addresses tend to follow a limited number of formats, so it probably gets a reasonable success rate, but even so.. the name is still scraped and the recipient emailed without opting in to anything.

From: Jason Williams <jwilliams@theciosummits.org>
To: James Studer [redacted]
Date: 8 November 2010 15:06
subject: James, just following-up.
   
Hi James, is now a better time to reach out to you in regards to the CIO
Summit? You received a request on behalf of our Board due to your key
role in the technology field and I'm curious to know if a decision has
been made.

The CIO Summit is an invitation-only group comprised of the very best
executives and visionaries in technology. We meet monthly by
teleconference to exchange what is working, what is not, strategies and
ideas. It is a confidential forum with dedicated groups of other
successful VPs and key executives whose only agenda is to help each other
outperform. Our site is at www.theciosummits.org

I am certain you will find the experience both enjoyable and useful in
your efforts. Please take a look and let me know of your decision. Thanks,
 James.

Sincerely,
Jason Williams
CIO Summits
Tel. (803) 712-3027
www.theciosummits.org


The information contained in this message is confidential and intended
only for James Studer. If you have received this message in error, please
delete it or mail us back if you no longer wish to receive further
invites. For my records, I show your contact information as: James Studer,
 Dynamoocom, [redacted]  800-688-6115 If needed, you can reach
us at 201 17th St, #1200, Atlanta, GA 30363. Thank you.

Who is James Studer exactly? It turns out that he was a contributor to the Orange Book, which I have a section about on my website.. and as with the BizSummits spam I've seen before, the pattern is exactly the same.

CIO Summit's pitch looks fairly deceptive. They have guessed an email address, apparently to make it look like we have a prior relationship. It's worth noting as well that the BBB give parent BizSummits a very poor "F" rating which definitely makes it look like one to avoid.

Monday, 11 May 2009

Michael Price / BizSummits.org unsolicited bulk email

I've had a few of these in the past, but this time my spidey sense was tingling.

Subject: Roger, Website discussion on April 21st.
From: "Pat Weller" pat@mktgalliance.org
Date: Mon, May 11, 2009 1:49 pm

Hi Roger, let me know if you might be interested in attending our
upcoming program, "Does Your Website Produce the Results You Want? How to
Drive Conversions by Writing Better Content" on Monday, April 27th. You
can view the complete details at www.mktgalliance.org/webconversations

Businesses of all sizes can benefit greatly from these ideas that have
proven to work based on experiences with hundreds of websites. Thomas
Young, Internet Marketing Consultant and CEO with Intuitive Websites,
will be making the presentation. He will review conversion strategies,
effective taglines, using captions on photos, how to avoid blocks of text,
bullet items in web copy, how to avoid brochure copy and marketing-speak,
calls to action and more. I hope you and your team will join us.

Best regards,

Pat Weller
Program Director
Marketing Alliance
600 North Park Centre
Seventeenth Floor
Mail back to decline further
Atlanta, GA 30328
www.mktgalliance.org/webconversations


Well, I'm not called "Roger" and I can't quite figure out where that came from. The email came from 66.232.113.10 which is the same IP as mktgalliance.org, so that really confirms it as genuine.

A look at the WHOIS details are interesting:

BizSummits
Michael Price (MPrice@BizSummits.org)
+1.8006003389
Fax:
1200 Abernathy Rd, 17th Floor
Atlanta, GA 30328
US

Alright, ten points for having (apparently) genuine contact details (it matches their BBB report), minus several million points for blasting out unsolicited emails to random addresses.

Is it spam? Well, it's certainly unsolicited commercial email and in this case it was sent to an email address that didn't actually exist. Annoyingly, it could well be CAN SPAM compliant. But it falls within the scope of the Boulder Pledge so best avoided.

Here are some other domains associated with BizSummits:
  • mybizteleseminars.net
  • customerservicesummit.net
  • theopsbenchmarkalliance.com
  • associationgrowthsummit.net
  • mktgalliance.org
DavesPlanet.net has more information here, the Other Librarian blog indicates that it has been going on for years here, and a Google Search shows just how widespread these unsolicited emails are. Do you really want to do business with a company like this?