Restaurant Vanha Kalasatama: Harvesting personal information from websites to spam, and publishing the list
Cima Oy, d/b/a Restaurant Vanha Kalasatama (www, biz reg) has been spamming since October 22. I mentioned it to their service provider on Oct 23, but I don’t think I got a response, not even an automatic one. There was more spam on Oct 26, and on Nov 1, nothing special about that, but today, Nov 22, they struck gold by including their entire address list visibly in the Cc: field. So I feel compelled to award them a Spammer Award of some kind.
Based on the list contents, it seems obvious that the list has been built by harvesting from the web pages of companies. It is just too much coincidence that the names of large groups of natural persons should appear in exactly the same composition and order as on those web pages. At least some of the pages in question contain ” (at) ” instead of “@”, so the intention of the web page authors was clearly not to have them used as address sources for unsolicited commercial emailing.
Sigmatic’s response to today’s complaint? They forwarded it to the spammer in toto without even redacting my name and address.
Spamming IP: Sigmatic’s mail servers mailgw1-2.sigmatic.fi [80.69.161.53] and mailgw1-4.sigmatic.fi [80.69.161.55], at least.
Spam headers:
From kati@cima.fi Thu Nov 22 14:mm:ss 2012 Return-Path: <kati@cima.fi> Received: from mailgw1-4.sigmatic.fi (mailgw1-4.sigmatic.fi [80.69.161.55]) by x (Postfix) with ESMTP id x for <x>; Thu, 22 Nov 2012 14:mm:ss +0200 (EET) Received: (qmail 21276 invoked from network); 22 Nov 2012 12:mm:ss -0000 Received: by simscan 1.4.0 ppid: 20407, pid: 21239, t: 5.2423s scanners:none Received: from unknown (HELO VanhaKalasatama) (kati@cima.fi@194.89.39.207) by mail1.sigmatic.fi with ESMTPA; 22 Nov 2012 12:mm:ss -0000 X-Backend-Scan: 1 From: =?utf-8?Q?Kati_V=C3=A4lim=C3=A4ki?= <kati@cima.fi> To: <kontakti@vanhakalasatama.fi> Cc: [a list of approximately 700 addresses, many of them belonging to natural persons, omitted] Subject: Joululounas Vanhassa Kalasatamassa 19.-21.12. Date: Thu, 22 Nov 2012 14:mm:ss +0200 Message-ID: <x$x$x$@fi> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_x_x.x" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac3IqQak4BiAn71ARnGfrIa4ZhYOkQ== Content-Language: fi
Human-readable spam contents: Meaningless. The plaintext part didn’t contain an address source indication, which is required. Apparently, the HTML did:
Lähde: Vanhan Kalasataman ja Cima Oy:n asiakasrekisterit ja yleiset yritysrekisterit
So much BS. The description of their personal data file says this:
Henkilötietorekisterin ylläpidossa noudatetaan Tietosuojavaltuutetun ohjeita ja tietosuojalainsäädäntöä. Henkilötietolain 24§:n mukaiset tiedot rekisterinpitäjästä, tietojen käsittelyn tarkoituksesta, tietojen luovutuksesta sekä rekisteröidyn oikeuksista ovat saatavilla numerosta 050 586 6442 ja sähköpostitse
Translation:
Data Protection Ombudsman’s instructions and data protection legislation are observed in the maintenance of our personal data file. The information about the controller, purpose of data processing, destination of disclosed data and rights of data subjects are available from the telephone number 050 586 6442 and by email
They know that spammers will harvest addresses from web pages, so they protected kontakti@vanhakalasatama.fi on that web page by presenting it as an image only. How hypocritical is that? And the “description” does not meet the requirements of Section 10 of the Personal Data Act, which requires that the controller shall keep the description of the file available to anyone.