Some spammers have been abusing the University of Minnesota OIT email servers for months, up to dozens of attempts per day. Abuse@ and postmaster@ were notified with overwhelming evidence months ago but the spam continues to trickle through.
This week two of my favorite blogs, Mickey Chandler’s Spamtacular and Brian Krebs’ KrebsOnSecurity, have posted unusually informative and thoughtful articles about two spam-related DDoS attacks. One occured three years ago; the other within the past week.
For those who prefer to read comments and kudos AFTER reading the original articles, here are direct links:
Capital One, a large US-based bank and credit card issuer, stands out for sending by far the largest number of transactional emails containing personally identifying information (PII) to my spamtrap collection. :/ Capital One uses a number of ESPs, but its transactional emails are usually sent from Bigfoot Interactive, owned by Epsilon Interactive.
“Interesting” affiliate spam from EmailVision, hitting over a hundred spamtraps that I have access to. Promoting Euroloan Consumer Finance plc, a Finnish payday lender. I am getting the impression that Jubiis might be a Danish affiliate(?) spammer, but their website says they’re on Malta, and their Domain by Proxy registration illegally leaves them untraceable. The spam text is in Finnish save for the “description” of how you came to be on their list and how to be removed, which are in Danish, which is of course equal to Gibberish for 99.9% of the world population (save for the 5.59 million Danes, that is).
The NetPosti service of the Finnish Post is one of the most offensive parties to illegally handle outdated and erroneous personal data. They’ve finally woken up. Sorta.
Chase Bank simply doesn’t get it, or doesn’t care. Months after I reported that Chase was spamming email addresses that did not belong to live customers with marketing and transactional email messages, it is now sending transactional emails containing a customer name and information about account activity to yet another spamtrap. This email was sent directly from Chase’s own IPs.
Here is a repost of a blog entry by CAUCE President John Levine in which he explores the murky world of stolen mailing lists, and how companies rarely acknowledge such breaches.
Somewhere out there, there’s a web page that contains a “sign me up for the mailing list” link.
Somewhere out there, there’s a person with a grudge. Maybe a disgruntled spammer.
The two meet.