Stock-Pumping Spam via an ESP :(

Stock-promotion web site, which reportedly has existed under many other names in the past, is sending bulk email to an email address that has never existed. The ESP is IContact.

Except for the fact that it was sent from a valid ESP account, this spam closely matches the characteristics of stock pumping spam, which is also called pump’n’dump spam. This type of spam is sent to advertise a stock with the aim of driving up the price, so that the stock pumper can then sell his own shares at a higher price. This type of activity is illegal in the United States, and I believe in a number of other countries.

I can’t be certain that this email is true pump’n’dump spam, but the spam itself and the characteristics of the domain both look very much like that is the case. Specifically, like most criminal pump’n’dump spam, there is no advertised URI, email address, or other contact information in the email. The spam sample below shows the complete text of the spam to illustrate this. When you think about it, this makes sense, because what a stock pumping spammer wants is for the spam victim to buy stock on the exchange where it is listed, not directly from him. So he does not need to provide contact information. There is no pretense of opt-in, also sensible because a spammer who is not afraid of the SEC isn’t going to worry about CAN-SPAM. There is an unsubscribe URL, but that was added by IContact as part of their template.

As I commented in my blog yesterday about security issues and email, criminal spammers are increasingly using legitimate mailservers to send their spam. Some sign up for accounts normally, never intended to obey the ESPs AUP/TOS, as this spammer appears to have done. Some compromise accounts belonging to existing customers. The ESPs have to be on the watch for both.

I am quite certain that this is not the sort of customer that IContact wants.

Sending IP:

Spam Sample:

Actual Headers:

Received: from ( []) 
         by <xxx> with ESMTP id <xxx>; Mon, 04 Jun 2012 22:xx:xx -0000 (UT)
DKIM-Signature: <xxx>
Mime-Version: 1.0
From: "AwesomePennyStocks" <>
To: <xxx>
Date: Mon, 04 Jun 2012 18:xx:xx -0400
Subject: GWBU is the hottest pick this summer!
Errors-To: bounces+<xxx>
List-Unsubscribe: <<xxx>>
X-List-Unsubscribe: <<xxx>>
X-Unsubscribe-Web: <<xxx>>
X-ICPINFO: <xxx>
X-Return-Path-Hint: bounces+<xxx>
Content-Type: multipart/alternative;
Message-ID: <<xxx>>

Readable Email:

From: AwesomePennyStocks <>
To: <spamtrap>
Subject: GWBU is the hottest pick this summer!

Today’s pick is: GWBU

Hey everyone,

We have enormous faith in GWBU and there is a reason for that, and that reason is; factual evidence!

GWBU NAILED The efficiency tests with beyond amazing results!

You may have noticed that often our winning stocks are extremely promising, however the reason the stock market is generally considered a risk is that often the success of a product or a brand is an assumption, rarely a fact. The reason GWBU is headed for the stars and expected to leave 2$ far in the past soon is because the revolutionary technology that they are mass marketing has been tested, proven and sold!

That’s right, due to the result of extremely positive tests conducted in Poland, we now know that the Fuel Efficiency and Emission Device (FEED) is responsible for a dramatic reduction in emissions as well as increased mileage in the range of 14%. This is absolutely a revolutionary step forward in the field of fuel efficient transportation. In today’s society, which is increasingly aware of environmental well being, these results have a direct causal relationship with the amazing rise GWBU began last week.

Now, let’s take a look at the numbers:

GWBU can’t keep up with the incoming demand.

When we learned that GWBU had signed long-term contracts to distribute FEED in Europe we had a feeling the stock would skyrocket; we were right! In about a week, GWBU more than doubled. Ready for more?…

At the end of last week, we learned that GWBU signed a contract for 600000 Euros which will increase by 10% a year over the next 5 years. Essentially what this means is that we know for a fact that GWBU will have strong income over the next 5 years, and that is just with one contract. Think about it, how often do we see such comforting guarantees in this industry, and what do you think the wisest of investors will do once they hear about this contract.

We expect nothing less than huge gains for GWBU, and if it follows the same market patterns as similar picks, it could soon reach a 10$ trading price, which sounds like an early retirement to those of you who got on board early on!

Happy Trading!
Your AwesomePennyStocks Editor.
This message was sent to <xxx> from:
Centro Azteca S.A | 10 Anson Road #16-16/6087, International Plaza | Singapore, Singapore 079903, Singapore


34 Responses to Stock-Pumping Spam via an ESP :(

  1. Thanks for the heads-up, Catherine. I’m in Berlin at the moment, but I’ll have our compliance team drop a hammer.

  2. Andrew, your people have not shut this nitwit down. He’s still spamming from iContact; my traps received another spam in the past couple of hours while I was fixing dinner. :/

  3. To “Spambouncer”

    We are the operators of the newsletter which you claim has hit one of your spam traps.

    Our website has been in operation for years, and we have maintained nothing but the best of relations with icontact which is why they have never shut us down.

    Our lists are fully optin as you probably already know from seeing our ads throughout the internet.

    We have nothing to gain from sending spam, or using purchased lists or anything of the sort, all our traffic is self-generated and legitimately purchased from companies like google.

    The only problem we see is that anyone could have gone to the website and entered your “spam trap” into our subscription form.

    You are right that icontact does not want this sort of customers who are spammers, and we are not. Don’t you find it odd that this is the first instance of an issue occuring in several years of operation? If we were actual spammers you would’ve experienced problems with our newsletter many years ago, and in a recurring fashion.

    Not only does this newsletter comply with all canspam regulations, but it also complies with all SEC, and federal regulations in the US.

    Please contact us to work on solving this problem.

    Thank you

    • I’m afraid I had never heard of your company before you started spamming my spamtrap. That doesn’t mean that your ads aren’t around the Internet, BTW — I use FireFox with AdAware when browsing so rarely see advertisements on web sites.

      This blog was posted several weeks ago. However, the spam to that spamtrap has continued in the interim. The spamtrap did not opt in to receive your email. That means that you’re spamming at least one email address. If your web site accepts just any email address that some random visitor puts into the subscription field, without confirming that email address, then that may be the source of your spam problem.

      In this case, however, I’m not interested in helping you regardless. Your business itself appears to me to be shady at best, and is probably illegal in many countries, whatever claims you make to the contrary. For many years I’ve seen spam whose intent is to pump up stock prices so as to sell out on a rising market; at times it has been among the most common criminal/botnet spam. Your emails are nearly identical to this type of spam except that they are sent from IContact. I suspect that those emails are intended to accomplish the same goals, although of course I have no proof. I consider it unethical and wrong to attempt to deceive people into buying a worthless product, so I really don’t care to spend time helping you fix a problem (spam) that I consider peripheral to a more fundamental issue.

      • Dear “SpamBouncer”,

        We understand that if you run adaware you will not see the ads, and that would explain why you have never heard of the company before.

        We also understand that the blog is a few weeks old, however it seems to portray a bigger problem that we have experienced recently with someone maliciously inputing random email addresses through the script. The reason why the site is not double opt in is that conversion rates drop dramatically once it is set that way. We trust that visitors will be honest enough not to try to harm the company.

        Addressing your issue about the “fundamentals” of the business itself, we’d like to reiterate that it is perfectly legal and compliant. You may have seen websites or actual spammers who run their “business” in the fashion you have described, however they are not legitimate, and create a horrible image for us.

        We work with large companies such as Goldman Sachs, and only profile legitimate small companies who are looking to succeed. Everyone deserves a chance. Moreover we do not attempt to deceive anyone into anything. Regarding your mentioning that our emails are nearly “identical” to that type of spam – we cannot control who can copy the format and replicate it in an attempt to make their content look legitimate.

        If we were spamming, icontact would never allow us to run on their network for almost half a decade now.

        You see spammers copying paypal and banking websites completely in order to try to phish users, but clearly it doesn’t mean that paypal is behind it. Please do not penalize us for other people’s wrong doing, and we kindly ask you to please reconsider assisting with this issue because as you can see we have absolutely no benefit in spamming random emails.

        Thank you.

        • IContact has very little means of vetting the legitimacy of their customers, nor would I expect them to. They remove customers when they get a certain number of valid spam complaints. A single complaint, even from a trusted reporter such as myself, is not enough. (Nor do I think that it should be.) That has nothing to do with whether your business is legitimate.

          I just looked over your web site. I see nothing there that changes my earlier opinion about the nature of what you are doing. Maybe it is legal; it does not appear to be right. If I see that the spam stops, I will report that, as I do in each case. I won’t spend more time trying to help, though.

  4. I’m just pretty curious though about how your email got on there. Could someone have randomly input it? Did you at some point in the past 5 years maybe sign up on one of our affiliate sites? I would think that you did sign up at some point, unless anyone can easily have access to your email address.

    • This was a spamtrap, not one of my email addresses. Even if it were a personal email address, however, it would be unlikely to the extreme that I would have signed up for anything. I simply don’t. I let my retirement fund handle investments; the whole subject bores me to tears. (No offense — my mother plays the stock market and has a wonderful time with it — but it is not for me.)

      If you work with affiliate programs, however, that could easily explain my spamtrap simply because so many of them despite their claims of opt-in are simply spammers selling lists.

  5. Hi Catherine,

    I have killed the account. I apologize for the length of time it has taken to correctly and permanently remediate the issue. I will be working with management to identify all the points at which our processes broke down, and to correct them.

    All the best,

    • Cool. I wondered what put the Tabasco in your customer’s grits, that he showed up here three weeks after I blogged about his spam. He must have seen the boom coming down, delayed but sure. πŸ™‚

      • Well, I hate to name names, but it rhymes with “Spamhaus”.

        • SBL listings are public record, Andrew. It’s quite alright with us if you name names, although we do appreciate the discretion on other issues.

          Speaking of which, there were some other issues than simple spam in this case. I can’t go into detail, but suffice it to say that this was most certainly a customer that no reasonable ESP or ISP would want on their network. :/

          • Howdy, Tom, Andrew, and Catherine, and thanks for your work on this. is but one of over 34 domain names (and almost as many email lists) used by Centro Azteca S.A. to promote penny stocks. I checked the SpamHaus DBL and only is currently listed in the DBL. I would be happy to provide anyone who cares with details on their websites and emails from them and anything else you might find interesting and useful.

            I am a penny stock trader and blogger who has grown sick of seeing that most stock promoters, even if they get caught violating the law, get small fines and they don’t get caught until they have been operating for years.

          • Tom, Michael Goode’s comment and his blog tell me that there’s more to than I knew. Apparently “Centro Azteca” of Singapore runs a bunch of similar web sites, although so far they haven’t been spamming my spamtraps via any of the ESPs that I monitor. I asked him, over on his blog, to post that information so that you and others who track these sorts of jokers can keep a weather eye out for them.

            Michael, it’s good to see you. Unfortunately you posted at what appears to be the final limit of reply threading available with this particular WordPress theme. πŸ™‚ So I can’t reply directly to your comment. Thanks for posting your own blog with the additional information about this particular entity, and letting us know about it. Tom seems to check the blog every week or so, so he might be a few days responding, but I’ll send him an email and let him know that he has a reply waiting here.

          • Michael_Goode

            I posted a list of all the domain names currently associated with in a Google Docs spreadsheet:


            All of those websites sent me promotional emails in their most recent pump and dump, of Great Wall Builders (GWBU). I opted in to all of the email lists, so they didn’t spam me, but as Tom said that there were other issues, maybe those other issues can get their other websites blacklisted too.

          • A most interesting speadsheet indeed. πŸ™‚ We would not in any event base an SBL or DBL listing decision on a single report, even from a trusted source. (If we did, Centro Azteca would have been listed considerably sooner. ) But this information will enable us to watch for them more effectively and across a larger number of spamtraps. It will also allow us to correlate spam reports about different domains and from different locations into a larger picture. All of that is good. I appreciate the effort you put into the report!

  6. ROFL! Hadn’t thought to check on that. Yes, that might indeed have an effect.


      You might be rofling, but the same day that andrew said “I have killed the account”, my account suffered a great loss. Where otherwise it had been in at least 25% gains every month since I OPTED IN that mailing list. Its funny to me, maybe not rofl kind of funny, but funny that you seemed to be thinking you were acting in the publics interest against such a monster. But you turned out to be the straw that broke the camels back. A loss from 1.73 to .35 is pretty significant

      • I have no idea who you are, but I *am* sure that was spamming. I’ve also got serious doubts that it was a legitimate operation in the first place. So please forgive me if I don’t take your post as proved fact. πŸ™‚


    Ok let the numbers speak for themselves.

    5/15/2012 2:03:31 PM

    Order Filled

    You have bought 154 share(s) of GREAT WALL BUILDERS LTD. @1.52

    6/25/2012 1:14:19 PM

    Order Filled

    You have |sold| 124 share(s) of GREAT WALL BUILDERS LTD. @0.32

    3/30/2012 9:13:04 AM

    Order Filled

    You have |bought| 183 share(s) of SUNPEAKS VENTURES INC. @0.95

    4/9/2012 1:41:37 PM

    Order Filled

    You have |sold| 183 share(s) of SUNPEAKS VENTURES INC. @1.38

    Emphasis on 06/25/2012. Now think of all the other people you destroyed. A mail list numbering in the hunderds of thousands would add up to some staggering numbers for losses. This is the last time i will check this thread because my point is made. And I know you know you are responsible in this case for alot of children losing big on their college money. Andrew and Catherine you should be ashamed of yourselves; more so Andrew, for the fact if he did excercise any responsibility with Icontact he should know how long the entity had been at work without any incidents. Truth is he knew you could ruin his company so the middle class guy trying to rise suffered the loss so Andrew could continue vacationing in Gemany. Love you guys and my best effort will go into making sure as many people know who really is responsible for this.

    6/25/2012 1:14:19 PM

    Order Filled

    You have sold 124 share(s) of GREAT WALL BUILDERS LTD. @0.32

    3/30/2012 9:13:04 AM

    Order Filled

    You have bought 183 share(s) of SUNPEAKS VENTURES INC. @0.95
    4/9/2012 1:41:37 PM

    Order Filled

    You have sold 183 share(s) of SUNPEAKS VENTURES INC. @1.38

    • Everything I saw about this spam indciated that it was a stock pumping scam. If it was (and I don’t know that), then anybody foolish enough to buy the stock based on the recommendation would loose money. That’s the way stock pumping scams work — the spammers buy a bunch of nearly worthless penny stock, send out spams with buy recommendations, and then sell their shares after the price goes up. Voila — they transferred your money into their pockets with no obvious trail for the police to follow.

      If not, then you bought stock based on spammed email notifications. That’s unbelievably reckless and naive. You are *so* lucky that you did not respond to a 419 scam instead; you might have lost more than money.


    I said I wouldnt check this thread because I made my point, but I did revisit it for the other promise I made- TO excercise great effort in letting as many people as possibe know whose fault this is. So after copying and pasting some bits I noticed I have something to respond to.
    -1) If I was naive and suseptible to somthing like a 419 scam I probably wouldn’t know what it is. Though some more naive than me know what it is because they themselves fell victim to it- would that be you by chance?

    2) I wouldn’t put money into something that hasn’t proven itself over time. And though I know that they have a opportunity to make money it has shown over time that it is on those that are being greedy; didn’t I mention in the beginning of this conversation something about 25%? Well the pattern has been that the gains are good for 25% and that more than that is taking a chance. Unless, of course, someone like you gets involved. That hasn’t been the problem for five years so I wouldn’t exactly attribute that to naivety.

    And can you really call someone that does enough homework to find this thread naive? If I did this much digging dont you think I would have done as much digging into those I take the actual investment advice from? And I might add that Mr heyandrew should have done as well.

    I know he problably just read the hear-say of others on the net that weren’t humble enough and astute enough to understand the currents of descions that people make that cause stock prices to go up. The people that were mad because either they didnt buy in and saw they lost what could have been or the people that did buy in and weren’t smart enough to look at patterns.

    No I’m sorry I did do my homework. But some insider that somehow got ahold of your trap email address, combined with your temperment lacking any reason, and basing all your decisions on conditioning from your past; that I couldn’t have prepared for. But I can say this. The odds of something like this happenning enough to keep me down are very slim. So I will keep going by the grace of God.

    thank you

  9. This seems unfortunate. I have signed up and want to receive emails from as well as there other affiliated sites. They are from my experience one of the best promoters out there, and would hardly consider them spam or a scam. I have never received emails to any accounts that I did not directly sign up for. Penny stocks is a dangerous place (for that matter any stocks) for people who don’t know what they are doing.

  10. Hmmm… Suddenly two people show up to comment on an old blog who seem really determined to defend the legitimacy of an email that looks for all the world like stock pumping spam. Further, we have anonymous web mail addresses used, and no indication of who these people are. My nose twitches. I find myself doubting seriously that the commenters really are customers of this spammer.

    But that isn’t particularly relevant. Whoever they may be, the commenters appear to be saying that, since they have personally benefited from the emails sent by, others who do not care to be spammed by have no right to say so publicly.

    Obviously I disagree. This blog is mostly about legitimate companies who spam. Plenty of people want to get email from Walmart, or Disney, or Dell, or Hewlett Packard, or any of the multitude of other legitimate companies who have spammed and whose spam I have commented on in this blog. That does NOT excuse the fact that they spammed. That does not render them immune from criticism for spamming, or from being expected to clean up their act and quit doing so.

    It isn’t difficult to stay off of Spamhaus or other blocklists, or out of the MainSleaze blog, as long as you don’t spam and manage your lists properly.

  11. Pingback: added to SpamHaus DBL » Goode Trades

  12. FYI, Michael Goode just posted some additional information about Centro Azteca on GoogleDocs, and posted a comment to his own blog to that effect. ESPs, ISPs, and other interested parties might want to review that information. The email that this entity sent to Michael Good was not spam, but solicited. However, the same email has been sent to a number of email addresses that did not request it. So it seems wise to me to monitor all of these accounts.

  13. Michael_Goode

    It appears that is no longer on the SpamHaus DBL. Furthermore, their various websites seem to now be using and requiring double opt-in (rather than single opt-in as they had previously done).

    • It’s possible that Centro Azteca took the spam issues seriously (at last) and is adopting confirmed opt-in (COI) (what you call “double opt-in”) to ensure that the email addresses that they receive are legitimate. If they do that and get rid of or reconfirm their old lists, then they won’t send spam any more and won’t hit spamtraps. If they don’t send bulk email to email addresses that didn’t requiest that email, then they won’t hit spamtraps. If they don’t hit spamtraps, then they won’t draw the attention of antispammers.

      That doesn’t mean that they won’t draw the attention of the police, of course. I don’t have any particular contacts with the SEC, but it would not surprise me at all if somebody at Spamhaus had those contacts and passed on a few URLs to them. While I think that fraud is a more serious issue than spam, however, it isn’t the same thing. I have my opinions about stock pumping, but I’ll leave any actual determination of the legality of Centro Azteca’s business model to those who know the law.

  14. Today I did something I haven’t done before — I deleted a comment instead of approving it. Those of you who comment twice on any posts on this blog and have those comments approved are presumed to be trustworthy and your comments post immediately, but comments from new accounts are held for moderation. So far, Akismet has done an excellent job of catching spam, and the commenters have done an excellent job of sticking to the topic at hand.

    This comment, unfortunately, had no substance. Instead, it was a nasty personal attack on one of the other people in this comment thread. On this blog comments need to stick to the subject and avoid purely personal attacks. If you keep in mind that comments are for a public audience and not for sending a personal message, you should do fine. (In other words nothing like “It doesn’t matter if you don’t understand what I’m talking about because X does.)

    Unless somebody has something to add about additional spam by Centro Azteca, I think we’re done in this thread anyway. If Centro Azteca has indeed adopted confirmed opt-in and sticks to that, there shouldn’t be any more spam from them. (Bulk email to people who asked for it isn’t spam.)

  15. People are coming out to defend the legitimacy of the newsletter because we day traders have made real money following it, including Michael Goode who the majority of his big wins comes from AwesomePennyStocks as he has publicly verified the profits (buying the pumps not shorting them)

    There’s a bit of a hypocrisy / conflict of interest here that people deserve to know about. I’ve never been sent an email by AwesomePennyStocks or affiliate sites that I didn’t opt-in for, how can that be spam?

    • Trust me, the post that I deleted was not about defending the legitimacy of Centro Azteca. It was a purely personal attack. Yours isn’t, and (even better) it’s on-topic.

      Centro Azteca’s emails can be spam because they were sent to spamtraps, mine and (presumably) those at Spamhaus. I’ve blogged twice about the problem of email that is sent both to people who requested it and to spamtraps: on February 22 and again just a couple of days ago. Regardless of politicial views, I hope that nobody here considers either the Obama campaign or the Romney campaign to be an illegitimate organization or their emails to constitute anything but normal political campaigning. However, both campaigns are spamming because at least some of the recipients of their emails did not request them.

      To summarize, bulk email is spam when it is sent to email addresses that did not request it. Whether the company is legitimate or the product or service being offered is legitimate is irrelevant. Spam is unsolicited bulk email.

      In this case, Centro Azteca’s spam appeared to me to be of a particular type that is well known, rests upon deliberate fraud, and is therefore illegal in the United States — something that we in the anti-spam world call “stock pumping” spam. I spoke about about that aspect mostly because it almost convinced me that the Centro Azteca spam did not qualify for mention on the Mainsleaze spam blog. (Companies mentioned here are supposed to be legitimate companies offering a legitimate product or service, and I doubted that Centro Azteca qualified.) What Centro Azteca was emailing about — the subject and content of the email — had some relevance to whether it was mainsleaze spam or not, but had nothing to do with whether or not it was spam.

      That you and others made money on the recommendations provided by Centro Azteca refutes the fraud allegation only if you did so without others having been defrauded at the same time. In other words, if you were part of the Centro Azteca operation, then you’re a scammer as well as a spammer. If not, then IMHO you got *very* lucky.

      That you were legitimately subscribed to those lists and wanted the emails does indicate that Centro Azteca had some actual subscribers. That is of interest, since it indicates that the product may not be the scam that it appeared to me to be, but again doesn’t really address the issue of spam.

      In any event, I’ll let the SEC and others who know financial and trading laws in various jurisdications decide whether Centro Azteca should be of interest to them. If Centro Azteca isn’t spamming any more, then they aren’t of further interest to me.

      • Thx for the reply on that and clarifying on some things.

        As far trading goes it’s all about being smart and anyone who treats over-the-counter stocks as an investment does typically get lucky when it’s a win. Stock scam, real company with momentum, it’s all irrelevant in penny stocks. If you see volume / increasing share price you make a move and get out quick, anyone who doesn’t trade like this gets burned on penny stocks. Anyone who follows APS makes $$$ continuously if they stick to these rules.

        Of course there will be this opportunity when Centro Azteca releases something because there’s so many people on the list. I can’t even begin to guess, is it 100,000 subs, 1,000,000 subs, more? The $volume I see pour in when an email hits is amazing, people buy like hot cakes. I definitely get what you’re saying and it’s a legitimate point but myself, Michael Goode and many others can tell you it’s not luck to make money with APS / Centro Azteca, as it keeps happening over and over for us.

        • As you probably gathered from one of my previous comments, what I don’t know about trading in stocks fills most of the universe. <wry grin> And what little I do know comes from talking with my mother, who trades mostly in blue chips, not in penny stocks. I gather that’s a whole different world, and I know only about a criminal offshoot of it that uses spam to manipulate the market. As I said, if the SEC thinks that what Centro Azteca is doing breaks the law in any significant way, they can act. I know spam and spamming, not finance law — it’s out of my scope.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top