May 2017 in Spamtraps: ESPs

ESP mail seen in spamtraps, May 2017

ESP mail seen in spamtraps, May 2017

Read more…

Take #2: B2B Prospecting Spam from IBM

Almost a month after I reported that a salesperson at IBM was sending B2B spam to a scraped or purchased list, the same individual spammed one of those email addresses again. As with this sender’s previous spam, the email was sent from IBM’s corporate mailservers, and specifically from a Lotus Notes system apparently used by their business development team.

Read more…

Suomen Markkinointirekisteri Oy on Office 365

Aki Lindell seems to have obtained services from Microsoft.
Read more…

Ferratum Oyj, Payday Loans for Businesses and Affiliate Spam

Ferratum Oyj, a Finnish payday loan operator (www, biz reg, responsible people) recently had the smart idea to advertise their business loan services through affiliate spam. This blog entry attempts to document what ensued.

Read more…

Snowshoe-like email verification and lead generation services

Many email verification and lead generation services act a lot like snowshoe spammers. They bounce around from host to host, hoping to avoid detection and suspicion caused by their unusual SMTP traffic.

Read more…

Clickback MAIL hitting dead/invalid emails

Clickback MAIL has been hitting spam trap with email addresses which have been dead for a very long time (i.e. years) or never valid in any decade. Probably because Clickback doesn’t require pesky things like “Opt-In” or “Confirmed” subscribers but do allow purchased lists and “cold” contacts to be mailed. Seriously this is bad behavior, I wonder why no one has just blacklisted all of Clickback IPs/domains yet?

Read more…

Spammers abusing U of MN OIT email servers

Some spammers have been abusing the University of Minnesota OIT email servers for months, up to dozens of attempts per day. Abuse@ and postmaster@ were notified with overwhelming evidence months ago but the spam continues to trickle through.

Read more…

Very persistent Finnish B2B spammer: Seolocation Oy (d/b/a Afton Videot)

Seolocation Oy (biz reg, responsible people) are really persistent B2B spammers.

They’re also listed by Suomispam.

$ host -t txt afton.fi.dbl.suomispam.net
afton.fi.dbl.suomispam.net descriptive text "20170411 "
$ host -t txt aftonvideopalvelu.fi.dbl.suomispam.net
aftonvideopalvelu.fi.dbl.suomispam.net descriptive text "20170320 "

Read more…

B2B Spam from Oracle

Below is another example of B2B spam sent by a large, legitimate company, this time by Oracle. This spam was sent to a pristine spamtrap that follows the format of normal email addresses at the company in question, but does not actually belong to the person that received the spam. Unlike the IBM B2B prospecting spam I reported a few days ago, Oracle sent this spam from its ESP, the Oracle Marketing Cloud.

NOTE [5/19/2017]: An Oracle representative notified me that the IP address that sent the spam is NOT part of the Oracle Marketing Cloud, although that IP belongs to Oracle.

Read more…

B2B Prospecting Spam from IBM

This week two fellow antispam activists, one of whom has been active in the field for over 20 years, reported receiving spam from the same IBM employee about the IBM Watson platform. One of the spams was sent to the business email address of the recipient. The other was sent to a pristine spamtrap that follows the formats usually used for email addresses at the company, but has never actually been used by the intended recipient. The spams were not sent through the IBM Watson Marketing Cloud (formerly SilverPop), but from its corporate mailservers.

Read more…

Go back to top