Advanced Automation: Advertising “MailChimp Email Summit” to a Spamtrap!

Advanced Automation, Inc., a professional services organization for the insurance industry, is sending bulk email to an email address that was closed in 2008. This email address has not received email from Advanced Automation via any channel since being re-enabled after timeout as a spamtrap. The ESP is MailChimp, and the spammed email message advertises something it calls the “Mailchimp Email Summit”, which suggests that MailChimp is a customer or partner of Advanced Automation as well as their ESP.

The apparent relationship between Mailchimp and Advanced Automation caught my eye in what was otherwise a garden variety business spam. Mailchimp is a reputable ESP which is known to terminate spammers quickly. In this case, I suspect that Advanced Automation provided the list, not Mailchimp, but I would expect Mailchimp to know better than to send email to a third-party list. Did their customer/partner do this without their knowledge?

The sending IP is listed in two less-used but in my experience frequently reliable blacklists: Mailspike (which rates it as “possibly legitimate”) and TRBL. Of the two blacklistings, I take the TRBL blacklisting seriously. TRBL is a spamtrap-driven blacklist that lists individual IPs only, and quickly removes them when it quits seeing spam from an IP. If this IP is listed, that is because a TRBL spamtrap received spam from it within the last few days. Mailspike is at least as reliable as TRBL, but this particular listing is only a “Level 2” listing, which is for sources that send a non-trivial amount of legitimate non-spam email as well as some spam. Shared sending IPs for small ESPs, even well-run ones like Mailchimp, almost always fit that definition, as do customer outbound SMTP servers at many ISPs.

Sending IP:

Spam Sample:

Actual Headers:

Received: from ( [])
        by <xxx> (Postfix) with ESMTP id <xxx>
        for <xxx>; Mon, 16 Apr 2012 11:xx:xx -0500 (CDT)
DKIM-Signature: <xxx>
DomainKey-Signature: <xxx>
Received: from ( by (PowerMTA(TM) v3.5r16) id <xxx> 
        for <xxx>; Mon, 16 Apr 2012 12:xx:xx -0400 
        (envelope-from <bounce-mc.<xxx>>)
Subject: =?utf-8?Q?Learn=20To=20Attract=20And=20Retain=20Customers?=
From: =?utf-8?Q?Advanced=20Automation?= <>
Reply-To: =?utf-8?Q?Advanced=20Automation?= <>
To: <xxx>
Date: Mon, 16 Apr 2012 12:xx:xx -0400
Message-ID: <<xxx>>
X-Mailer: MailChimp Mailer - **<xxx>**
X-Campaign: mailchimp<xxx>
X-campaignid: mailchimp<xxx>
x-im: <xxx>
X-Report-Abuse: Please report abuse for this campaign here:<xxx>
x-accounttype: pd
List-Unsubscribe: <mailto:unsubscribe-<xxx>>, 
Sender: "Advanced Automation" <>

Readable Email:

From: Advanced Automation <>
To: <spamtrap>
Subject: Learn To Attract And Retain Customers
Reply-to: Advanced Automation <>

Something look funkified in this email? [1]View it on the web.

The Bananaco
assurance magazine

The MailChimp Email Summit provides email senders and receivers from around the world a unique opportunity to come together and discuss that thing we emailed you about.

[2]Update Subscription Preferences or [3]Unsubscribe

Copyright © 2012 Advanced Automation, Inc. All rights reserved.
You are receiving this email because you are affiliated with Advanced Automation or one of it’s subsidiaries.

Advanced Automation, Inc.
3526 Lakeview Pkwy
Suite B #182
Rowlett, TX 75088


Tuesday, September 27

[4]Register Now
[5]Follow us on Twitter
[6]Friend us on Facebook
[7]Forward this to a Friend

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top