Take #2: B2B Prospecting Spam from IBM

Almost a month after I reported that a salesperson at IBM was sending B2B spam to a scraped or purchased list, the same individual spammed one of those email addresses again. As with this sender’s previous spam, the email was sent from IBM’s corporate mailservers, and specifically from a Lotus Notes system apparently used by their business development team.

The previous spams were reported in their entirely and with no redactions to Jeff Dellapina, the IBM employee in charge of compliance for the IBM Watson Marketing Cloud. Although th email was not sent from that service, Jeff expressed interest in tracking down the problem. He was apparently unable to get the spam stopped.

This situation constitutes blatant spam to a purchased or appended list. There is no other way that the marketer who sent the email could have obtained the email address that she emailed otherwise because that email address is a pristine spamtrap. Specifically, it is a “guessed at” email address — the intended recipient is obvious, and the format of the email address matches the that of most email addresses at the targeted company, but it does not actually belong to the targeted individual. It has never been a “live” email address at all.

The email contains unsubscribe instructions and an unsubscribe email address at the bottom. Since the recipient of this email never consented to receive it, however, he (in my opinion, quite rightly) did not attempt to unsubscribe. If the sender would not listen to the person in charge of compliance for their own bulk email service, I doubt they would listen to a user complaint either.

My conclusion: the IBM Watson business development team is free to spam at will.

The outbound mailservers used by this team appear to be hosted on a small IP range: 129.33.205.201 through 129.33.205.209. I recommend blocking those IPs in your antispam configuration.

Sending IP: 129.33.205.207

Actual Headers:

Received: from e17.ny.us.ibm.com (e17.ny.us.ibm.com [129.33.205.207])
	by <xxx> with ESMTP id <xxx>-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <xxx>; Wed, 07 Jun 2017 10:##:## -0400
Received: from localhost
	by e17.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! 
Violators will be prosecuted
	for <xxx> from <flandin@us.ibm.com>;
	Wed, 7 Jun 2017 10:##:## -0400
Received: from b01cxnp22034.gho.pok.ibm.com (9.57.198.24)
	by e17.ny.us.ibm.com (146.89.104.204) with IBM ESMTP SMTP Gateway: 
Authorized Use Only! Violators will be prosecuted;
	Wed, 7 Jun 2017 10:##:## -0400
Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com 
[9.57.199.110])
	by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 
<xxx>
	for <xxx>; Wed, 7 Jun 2017 14:##:## GMT
Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 6D486AE054
	for <me>; Wed,  7 Jun 2017 10:19:39 -0400 (EDT)
Received: from d50lp33.co.us.ibm.com (unknown [9.17.249.38])
	by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTPS id 303FCAE052
	for <xxx>; Wed,  7 Jun 2017 10:##:## -0400 (EDT)
Received: from localhost
	by d50lp33.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use 
Only! Violators will be prosecuted
	for <xxx> from <flandin@us.ibm.com>;
	Wed, 7 Jun 2017 08:##:## -0600
Received: from smtp.notes.na.collabserv.com (192.155.248.72)
	by d50lp33.co.us.ibm.com (192.168.2.144) with IBM ESMTP SMTP Gateway: 
Authorized Use Only! Violators will be prosecuted;
	(version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128/128)
	Wed, 7 Jun 2017 08:##:## -0600
Received: from localhost
	by smtp.notes.na.collabserv.com with smtp.notes.na.collabserv.com ESMTP
	for <xxx> from <flandin@us.ibm.com>;
	Wed, 7 Jun 2017 14:##:## -0000
Received: from us1a3-smtp05.a3.dal06.isc4sb.com (10.146.71.159)
	by smtp.notes.na.collabserv.com (10.106.227.158) with 
smtp.notes.na.collabserv.com ESMTP;
	Wed, 7 Jun 2017 14:##:## -0000
Received: from us1a3-mail50.a3.dal06.isc4sb.com ([10.146.77.105])
           by us1a3-smtp05.a3.dal06.isc4sb.com
           with ESMTP id 2<xxx>
           Wed, 7 Jun 2017 14:##:## +0000
To: "Fatima Landin-Monti" <flandin@us.ibm.com>
Subject: Introduction to IBM's Watson Data Platform
From: "Fatima Landin-Monti" <flandin@us.ibm.com>
Date: Wed, 7 Jun 2017 10:##:## -0400
MIME-Version: 1.0
X-KeepSent: <xxx>;
  type=4; flags=0; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1EXT SHF766 December 14, 2016
X-LLNOutbound: False
X-Disclaimed: <xxx>
X-TNEFEvaluated: 1
Content-Type: multipart/related; boundary="=_related <xxx>="
x-cbid: <xxx>
X-IBM-SpamModules-Scores: <xxx>
X-IBM-SpamModules-Versions: <xxx>
X-IBM-AV-DETECTION: SAVI=unsuspicious REMOTE=unsuspicious XFE=unused
X-IBM-AV-VERSION: <xxx>
x-cbparentid: <xxx>
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
X-TM-AS-GCONF: 00
X-IBM-SpamModules-Scores: <xxx>
X-IBM-SpamModules-Versions: <xxx>

Readable Email:

From: Fatima Landin-Monti <<xxx>@us.ibm.com>
To: <removed>
Subject: Introduction to IBM’s Watson Data Platform

Hi,

I’m an IBM Watson Data Platform Specialist and Advisor.

<removed>

f you’d like IBM to refrain from sending you similar emails in the future, you can withdraw your consent at nytime by contacting us at
NETSUPP@us.ibm.com

Leave a Reply

Go back to top