In the past 3 days a single end user has received 3 SMS messages from a US Short Code 77088 that is registered AFAICT to Amazon Alerts. The end user has forwarded the content to us. I have replaced the '://' with '___' and the URL path also with '___' to prevent people from clicking on the link and hiding important info if it is legit. But I don't think it is legit, because it is a whole bucket of weird. 7babf08dit-t77088/TYPE=PLMN2.E?http___d2.2c1.cz:80/7bab___ditX3/38 7b4a0e58Yy-t77088/TYPE=PLMN2.Ehttp___d2.2c1.cz:80/7b4a___8YyX3/92 7b0c2c36sr-t77088/TYPE=PLMN2.E:http___d2.2c1.cz:80/7b0___36srX3/730 The SMPP server is noting that the encoding is "8-BIT" which is an odd encoding that I haven't seen before. This domain in the SMS IS hosted by AWS DNS (Route 53), and the domain is registered to someone in Massachusetts, US. Yes, the end user can send STOP to 77088, but at least one of the messages did seem to come from Amazon. Is it possible that some service is allowing someone who is NOT the owner of 77088 to send SMS messages pretending to be 77088? Did someone get into Amazon's account or 3rd party account? It is very strange to see this coming from a Short Code. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------