UpCloud – competition is fierce and business prospects dire

Earlier today, the Finnish cloud hosting company UpCloud Ltd (www, biz reg, responsible people) decided they’d start looking for new customers by spamming.

Read more…

Q4/2018+1 in Spamtraps: ESPs

October 2018 to January 2019

Another case of “didn’t get a round tuit for some time”

ESP spam seen in spamtraps, October 2018 to January 2019

Another couple of months have passed by so quickly and I only just found I had even completed the October report but forgotten to release it…

The percentages of ESP spam in the traps were, respectively, 3.0%, 3.4%, 3.0% and 2.8% during this period.

Ediware disappeared back into the void it had come from after the Oct 24 disaster. All other operations on the list are household names.

Salesforce keep increasing their lead over the competition.

I am pleased to see that SendGrid made Advisor Perspectives disappear after the very beginning of November. Nobody could guess what explains the simultaneous rise in Zeta Interactive’s spam output, from relative obscurity (#28 in October) to #11 in November and the Top Ten in December-January.

Looking forward to seeing you all in San Francisco in a few weeks!


October 2018 in Spamtraps: ESPs

Blast from the recent past

(This is what happens when you forget to click Publish)

ESP spam seen in spamtraps, October 2018

The percentage of ESP spam was 3.0%, down from 3.2% in September. The total amount of mail in this trap collection was up 16% from September.

There’s a new player on the list again. Ediware is a French email service provider that has been around since 2001. This is the first time ever they have made this list in any capacity, and it’s straight to the top 10. During October 24 from 5 pm to 8 pm CEST they had a malware/botnet/whatever infestation spamming “fix your wifi”, “desktop microscope”, “heating gadget” etc. To their credit, they got on top of it quite quickly, in four hours the problem was completely curbed, but while it was going on, the volume was huge. Any other stuff from them amounted to 0.4% of the total – no wonder we don’t usually see them.

Salesforce is so much ahead of SendGrid this month I would have expected to see something unusual from them. But no, it’s the same old players, none of whom are sending anything out of the ordinary.

SendGrid really need to get rid of Advisor Perspectives. Like, really. And so do MailChimp, for that matter.

Bubbling under this month: Mapp Digital (2.1%), Adobe Campaign (2.0%).

RATINGPARTICIPANTPERCENTAGENOTESMOST PROMINENT CUSTOMER
0All others34.7%
1Salesforce Marketing Cloud14.2%ExactTargetKohls (4.5%)
2SendGrid11.8%Advisor Perspectives (11%)
3MailChimp8.9%Boston Globe (0.8%)
4Oracle Marketing Cloud5.7%Nordstrom (6.9%)
(Nordstrom and Nordstrom Rack are also Salesforce’s #7 most spamming customer with 1.6% of SMC total)
5Amazon SES5.0%Netflix (3.8%)
6CheetahMail4.2%Eddie Bauer (5.8%)
7Mailgun4.0%The Italian affiliate spammers (at least 35%)
8Ediware3.9%Botnet flood on October 24 (>99%)
9IBM Marketing Cloud3.1%renewlife.com (nearly 30%)
10Constant Contact2.5%123dj.com (2.4%)

Another three-month look at Spamtraps: ESPs – July, August, September 2018

July to September 2018 in Spamtraps: ESPs

July to September 2018 in Spamtraps: ESPs

We had an unexpected participant in Hobsons, who traditionally send effectively nothing to us, only just about enough for us to have recognized that they even exist. It appears their network space is shared between the ESP and some other branch of their operations. The servers of the non-ESP operations were misconfigured on April 10 shortly before 8 pm UTC and started spewing out backscatter (bounces of spam to the forged sender addresses). This went on until 9/11 @ 11 am UTC, peaking in July.

With Yesmail, the money mule spammers (subjects: “New offer”, “New vacancies in our company”, “Interesting work”, “Staff Wanted”, “Good day!”, “Hello!”, “Interesting offer”, “Welcome to our company”) started appearing in April, peaked in July, and were effectively out by September. The numbers of this type of spam on any other ESP platform are never measured in more than the single digits.

Worst senders:

  1. SendGrid: Advisor Perspectives, by a margin of more than 2x to the next contestant, month after month (with a slight nod in the general direction of Airbnb in July)
  2. SMC/ExactTarget: Kohls (only barely), with Marcus Millichap popping up in September
  3. MailChimp: Advisor Perspectives (WTH?)
  4. Oracle: Nordstrom (only barely)
  5. Mailgun: The Italian affiliate spammers (see previous blogs)
  6. Yesmail: After the money mule trash, mktgdillards.com
  7. Amazon SES: jobalert123.com
  8. CheetahMail: shopbonton.com, loft.com, emailtuesdaymorning.com (all almost below the noise floor)
  9. Constant Contact: 123dj.com (only barely)
  10. IBM: tjx.com, renewlife.com
  11. Mapp: conservativeintel.com
  12. Epsilon: DICK’S Sporting Goods, Inc.

On The Forensic Capabilities of LeadForensics

The study of forensics refers to scientific tests or techniques used in connection with the detection of crime. It is an odd choice of name for what I think is a data seller, especially one whose targeting seems poor enough to be spamming me. They claim to want to help me generate more leads for my website, but my website doesn’t sell anything. I do not really need any leads.

They are sending from IP address 46.236.37.232, which appears to be an email platform called Message Focus or Adestra.

From what I can tell, the only forensic capability this entity has shown me is that they seem to buy B2B spam leads, which is very disappointing.

Siltaraha Oy / Finlandia Finance Oy

In May 2016, a Finnish B2B financing company (or “payday loans for businesses”, if you like) called Siltaraha Oy (www, biz reg, people responsible) started advertising its activities in B2B spam to purchased lists.
Read more…

New Finnish B2B spammer: Digimarketingmanager.com / Mailmarketingmanager.net

Here’s the culprit

Domains have been registered a week ago. The LI profile indicates the operation has started in July 2018. The people whose network the spam was sent from already know. Not just abuse@, the actual people.

If you’re reading this, Mr. A, take my advice: stop now.

Rule #4: The natural course of a spamming business is to go bankrupt.

June 2018 in Spamtraps: ESPs

ESP spam seen in spamtraps, June 2018

ESP spam seen in spamtraps, June 2018

Read more…

A three-month look at Spamtraps: ESPs

Good morning, Munich…

Go back to top