Manuscript prepared 2026-05-29. All network observations in Section 2 are reproducible as of that date.
Abstract
Unsolicited calls for papers are the operational signature of predatory publishing. This paper dissects one such message: a solicitation received on 2026-05-29 that presents itself as coming from the Open Access Journal of Data Science and Artificial Intelligence (OAJDA), ISSN 2996-671X, a title published by Medwin Publishers and advertised with a self-styled impact factor of "2.019". Using only the message's own headers and publicly queryable infrastructure records (RDAP domain registration, DNS TXT/SPF policy, and IP geolocation by autonomous system), I show that the message did not originate from the publisher's production infrastructure; that the visible sender domain was registered approximately five weeks before transmission, in the same automated batch as the bounce domain; that the message failed DMARC because Sender Policy Framework (SPF) authorization aligned only to a hidden envelope domain and not to the domain shown to the recipient; that the transmitting hosts are located in Germany and the Netherlands rather than the claimed United States; and that the message was assembled by a generic PHP bulk mailer carrying per-recipient tracking. The evidence is internally consistent and collectively indicates a disposable-domain mass-mail operation rather than editorial correspondence. The advertised impact factor is not a Clarivate Journal Citation Reports metric and has no traceable origin. I conclude with a falsifiable test of the central thesis.
Keywords: predatory publishing; email authentication; DMARC; SPF; header forensics; impact factor; scholarly communication; OSINT
1. Introduction
Predatory publishers invert the economics of scholarly communication. Rather than selecting work through peer review and recovering costs from readers or institutions, they collect article-processing charges from authors and exert minimal editorial control [1, 2]. The model depends on volume, and volume depends on solicitation. The unsolicited "call for papers", sent to addresses harvested at scale and often unrelated to the recipient's field, is therefore not incidental to the model. It is the model's distribution channel.
The journal named in the present case, OAJDA, is a real serial. Its ISSN (2996-671X) is a confirmed record in the ISSN Portal under the United States national centre, and it carries a registered DOI prefix (10.23880) through its publisher, Medwin Publishers [3]. Registration of a serial identifier, however, certifies nothing about editorial quality; any periodical may obtain one. Medwin Publishers appears on Beall's List of potential predatory publishers, its titles are absent from Clarivate Web of Science, Scopus, and MEDLINE, and it nonetheless displays a numeric "IF" of unexplained provenance for each title [1, 4]. A legitimate Journal Impact Factor is computed and published by Clarivate; it is never self-asserted on a publisher's own page, and it is never decorated with a qualifying asterisk, as this one was ("*2.019").
This paper does not relitigate the journal's listing status, which is already a matter of public record. It examines a narrower and more concrete object: the transport and authentication metadata of a single solicitation message. Those headers are dispositive in a way the catalog listing is not. They establish where the message actually came from, which is not where it claims to come from.
2. Materials and Methods
2.1 Source material
The artifact under examination is the complete header block of one email delivered to the address mjh@itys.net on 2026-05-29 at 15:35 CEST. The message bore the subject "Share Your Work with OAJDA" and a From header of "Andrea Leslie <contact@oajdajournal.com>". The sender name is treated throughout as an unverified persona attached to the campaign, not as an identified individual.
2.2 Procedure
Three classes of public record were queried against the identifiers found in the headers:
- Domain provenance via Registration Data Access Protocol (RDAP), to establish creation dates of every domain appearing in the transport path.
- Published mail policy via DNS TXT records, to retrieve the SPF and DMARC policies of the sender and envelope domains and to test authorization of the transmitting IP.
- Network origin via IP-to-autonomous-system and geolocation lookup, to establish the physical and administrative origin of the transmitting hosts.
No privileged access was used. Every record cited below can be reproduced by any reader with a DNS resolver and an RDAP client.
3. Results
3.1 The visible sender is not the publisher
The publisher's production domain is medwinpublishers.com, created 2016-02-12 and resolving to 50.6.229.102 (AS31898, Oracle Corporation, Ashburn, Virginia, US). None of the domains in the examined message belongs to that domain or shares its infrastructure. The message instead used a cluster of unrelated domains:
| Role in message | Domain | Registered (UTC) |
|---|---|---|
| From / Reply-To | oajdajournal.com | 2026-04-25 19:03:51 |
| Envelope-from / bounce | datascienceaijournal.com | 2026-04-25 19:03:50 |
| Relay (HELO) | metaknow.info | 2026-04-19 14:48:07 |
| Origin host / unsubscribe | knowledgegridlab.com | 2026 (recent) |
Two observations follow directly. First, the domain shown to the recipient (oajdajournal.com) and the bounce domain (datascienceaijournal.com) were registered on the same day, one second apart. Sequential, same-second registration is the signature of a single automated provisioning step, not of independent editorial entities. Second, the visible From domain was approximately five weeks old at the time of sending. Established journals, including those a decade into operation as Medwin is, do not correspond from one-month-old domains registered in pairs.
3.2 Authentication passed only for a domain the recipient never sees
The receiving system recorded a DMARC failure with a spam disposition:
dmarc=fail (dis=spam p=quarantine; aspf=r; adkim=r) header.from=oajdajournal.comThe mechanism of that failure is visible in the published policies. The message was transmitted from 185.216.214.190. The SPF records of the two relevant domains were:
oajdajournal.com v=spf1 ip4:193.187.255.137 ip4:91.211.248.23 ip4:185.65.206.120 -all
datascienceaijournal.com v=spf1 ip4:185.216.214.190 ip4:185.32.126.18 ip4:91.211.248.23 -allThe transmitting IP (185.216.214.190) is authorized by datascienceaijournal.com, the invisible envelope domain, but is absent from the SPF record of oajdajournal.com, the visible From domain. Consequently SPF could pass for the envelope identity while failing to align with the header identity. Under relaxed alignment (aspf=r), the two organizational domains are not even relatives -- they are different registrations -- so alignment cannot succeed. No DKIM signature was present to provide an alternative aligned identity. The net effect is that the only cryptographically vouched identity in the message is one the reader is never shown, while the identity the reader is shown is unauthenticated. The recipient's server quarantined the message correctly.
A minor corroborating detail: both SPF records share 91.211.248.23, confirming common administrative control across the supposedly distinct domains.
3.3 Network origin contradicts the stated country
The OAJDA serial record lists a country of United States. The message did not transit United States infrastructure:
| IP | Autonomous system | Location |
|---|---|---|
| 185.216.214.190 | AS213251 Metaliance Datacenter | Grabenstetten, DE |
| 5.255.125.28 | AS60404 The Infrastructure Group B.V. | Dronten, NL |
| 50.6.229.102 (*) | AS31898 Oracle Corporation | Ashburn, VA, US |
(*) medwinpublishers.com production host, shown for contrast; not part of the message path.
The transmitting and origin hosts are low-cost virtual private servers in Germany and the Netherlands. They have no administrative relationship to the publisher's production host and no relationship to the claimed country of operation.
3.4 The message was assembled by a generic bulk mailer
Three artifacts identify the generating software and its purpose. The Message-ID was issued under a non-existent domain:
Message-ID: <676108f567efd556b5a10eee277a2eb1@swift.generated>The right-hand side "swift.generated" is the default placeholder of an unconfigured SwiftMailer (PHP) installation; the MIME boundary token "_=_swift_..._=_" corroborates the library. A correctly configured institutional mailer always emits its real sending domain in the Message-ID. Second, the bounce path and the unsubscribe link both carry the same per-recipient tracking token (bounce_6a194527c4263290019080), and the unsubscribe link points to yet a fourth domain (knowledgegridlab.com). Per-recipient tracking with campaign tokens is the apparatus of mass mailing, not of individual editorial correspondence. Third, the composition timestamp (Date: 2026-05-29 07:49:59 UTC) precedes the actual injection into the mail path (first Received hop: 2026-05-29 13:35:28 UTC) by roughly five hours and forty-six minutes, a separation consistent with a queued, drip-released campaign rather than a message sent by a person.
4. Discussion
Read individually, each finding admits an innocent explanation. Read together, they do not. A solicitation that (a) presents a domain distinct from the publisher's, (b) uses a From domain registered five weeks earlier in a one-second batch with its own bounce domain, (c) authenticates only under a hidden envelope identity, (d) originates from budget European hosting while claiming a United States home, and (e) is assembled by an unconfigured PHP bulk mailer with per-recipient tracking, is not plausibly an editor reaching out to a colleague. It is a mass campaign wearing a journal's name.
The disposable-domain pattern deserves emphasis because it is strategic. Routing solicitation through short-lived domains (oajdajournal.com, datascienceaijournal.com, metaknow.info, knowledgegridlab.com) insulates the publisher's primary domain (medwinpublishers.com) from the spam-reputation damage that aggressive solicitation incurs. When a campaign domain is blocklisted, it is discarded and replaced; the production domain, where authors are eventually asked to pay, retains a clean sending reputation. The five-week-old registration dates suggest exactly such a rotation cycle.
The advertised impact factor belongs to the same category of manufactured credibility. A Journal Impact Factor is a Clarivate product derived from Web of Science citation data. OAJDA's publisher is not indexed in Web of Science, so no such figure can exist for it. The "2.019" on the journal's materials is therefore not an impact factor in the only sense the term carries weight; it is a number formatted to resemble one. The qualifying asterisk is the tell.
Limitations. The headers establish that this message did not come from the publisher's production infrastructure. They do not, by themselves, resolve whether the publisher operates the campaign domains directly or whether a third-party lead-generation contractor solicits on the journal's behalf or in its name. Both readings are consistent with the evidence, and both lead to the same operational conclusion for a prospective author: the solicitation is not trustworthy editorial contact, and the venue is not a credible place to deposit original work. Attribution of intent beyond the infrastructure record is outside the scope of header forensics.
5. Conclusion
A single email's headers, checked against public registration and policy records, are sufficient to characterize the OAJDA solicitation as a disposable-domain bulk campaign that misrepresents its origin and fails standard sender authentication. The journal's advertised impact factor has no basis in any recognized citation index. Authors who receive such messages can perform the same checks in minutes: confirm the From domain matches the publisher's production domain; read the Received chain bottom to top to find the true origin; verify the impact factor directly at Clarivate rather than on the publisher's page; and confirm indexing in DOAJ, Scopus, or Web of Science before submitting.
A falsifiable test of this paper's central thesis is available and inexpensive. Submit this manuscript, unaltered, to OAJDA. The thesis predicts acceptance, with an article-processing charge and without substantive peer review. A rejection on methodological grounds, or a review that engages the evidence, would weaken the thesis and would be reported as such.
Data Availability
All records cited are public and were retrieved 2026-05-29: RDAP domain events for the four campaign domains and the publisher domain; DNS TXT (SPF) records for oajdajournal.com and datascienceaijournal.com; DNS TXT (DMARC) records for both; and IP-to-ASN geolocation for 185.216.214.190, 5.255.125.28, and 50.6.229.102. The full header block of the examined message is held by the author and available on request.
References
[1] Beall's List -- of Potential Predatory Journals and Publishers. https://beallslist.net/ (accessed 2026-05-29).
[2] Predatory publishing. Wikipedia. https://en.wikipedia.org/wiki/Predatory_publishing (accessed 2026-05-29).
[3] ISSN Portal. Record for ISSN 2996-671X, Open access journal of data science and artificial intelligence. https://portal.issn.org/resource/ISSN/2996-671X (accessed 2026-05-29).
[4] Medwin Publishers (encyclopedia entry noting absence from Web of Science, Scopus, and MEDLINE, and inclusion on Beall's List). Accessed 2026-05-29.
[5] Bohannon J. Who's Afraid of Peer Review? Science. 2013; 342(6154):60-65. doi:10.1126/science.342.6154.60.
[6] Kitchin S, et al. RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. IETF; 2014.
[7] Kucherawy M, Zwicky E (eds). RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC). IETF; 2015.