(RESOLVED) Campaign Monitor: The 101 of how not to run an ESP

I don’t need to know anything more about an ESP.  This one (their network, that is, which is Freshview Pty Ltd OW-3735-1 (NET-206-72-127-0-1) 206.72.127.0 – 206.72.127.255 in ARIN) is going into the DROP tables. Please post here when you’ve deobfuscated the domain registration. They are their own TUCOWS reseller, too.

[whois.tucows.com]
Registrant:
Contact Privacy Inc. Customer 0130198582
96 Mowat Ave
Toronto, ON M6K 3M1
CA

Domain name: CREATESEND.COM

Administrative Contact:
Contact Privacy Inc. Customer 0130198582,   createsend.com@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457
Technical Contact:
Contact Privacy Inc. Customer 0130198582,   createsend.com@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457

Registration Service Provider:
Freshview Pty Ltd, domainadmin@freshview.com
61295215312

11 Responses to (RESOLVED) Campaign Monitor: The 101 of how not to run an ESP

  1. I agree that an ESP that registers its sending domain with a Whois privacy service is asking to have its mail blocked pre-emptively. :/ But have you seen spam email from this organization? I’d need to run a long search to be sure (they’re not in my filters), but I haven’t noticed anything from them. Yet, anyway.

    • The only reason I had to look them up in the first place, bulk e-mail sent to addresses long dead.


      Return-Path: <SCHNIGGEWertpapierhandelsbankAG-x1x1r@createsend1.com>
      Received: from mo118.createsend.com (mo118.createsend.com [206.72.127.118])
      by x (Postfix) with ESMTP id x
      for ; Fri, 24 Feb 2012 15:0x:xx +0200 (EET)
      Received: by mo118.createsend.com (PowerMTA(TM) v3.5r15) id x for <x>; Sat, 25 Feb
      2012 00:0x:xx +1100 (envelope-from <SCHNIGGEWertpapierhandelsbankAG-x1x1r@createsend1.com>)
      From: SCHNIGGE Wertpapierhandelsbank AG <contact@schnigge-newsletter.de>
      To: "x"
      Reply-To: newsletter@schnigge.de
      Date: Sat, 25 Feb 2012 00:0x:xx +1100
      Subject: SCHNIGGE AG Februar 2012 - Neue "Seidensticker" 7,25% Anleihe
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="_=aspNetEmail=_x"
      X-Mailer: createsend1.com
      X-Complaints-To: abuse@createsend1.com
      List-Unsubscribe: <http://unsub.createsend1.com/t/r/u/x/x/>
      Received: from [88.78.249.121] by createsend1.com via HTTP; Sat, 25 Feb
      2012 12:02:08 +1100
      Message-ID: <cm.000208.x.x.r@createsend1.com>

  2. We really appreciate you getting in touch with us at Campaign Monitor, and we have paused all sending for the customer that caused this issue. We have a very strict anti spam policy, http://www.campaignmonitor.com/anti-spam/, and if there are any problems, we’d love to hear about them because we will find out what’s going right away (and we’re following up on that one sent to us earlier) and that the privacy is specifically because we allow people to white label our app (but all our policies and processes still apply)

    If you do have any specific questions or if you have any further details about this incident you would like to talk to us about, then please feel free to contact us on: support@campaignmonitor.com

    Thank you once again
    Greg Strutton

    Campaign Monitor

    • Thanks for the response, both in email and here, Greg. Your swift participation is truly appreciated.

      It is perfectly possible that the German customer (an investment bank if my German allows me to determine) is mailing otherwise legitimately – aside from the fact that the list contains addresses that have been dead for a really long time.

      Having said that, and this has nothing to do with any customer of yours specifically, I r-e-a-l-l-y don’t get the point of your obfuscating the domain registrations of campaignmonitor.com, createsend.com, createsend1.com and any other domains you might have handled the same way. These are your own, not those of your customers. You are not protecting your customers’ privacy by refusing to identify yourselves. If you figure yourselves a respectable ESP, you want people to know who you are. Using obfuscated domain registration is resorting to spammer tactics.

    • Greg, WRT the Whois privacy on your domains, please heed what Atro said. When I receive spam to a spamtrap from an IP and domain that I am not already familiar with, the first thing I check is the Whois records for the sending IP and the mailserver domain. If the domain has Whois privacy on it, that is a GREAT BIG FLAMING BLARING RED FLAG that this sender is less than anxious for people to know who they are. And *that* is usually a reliable sign of a spammer.

      That’s the last thing you as an ESP want for people to think when one of your customers slips you a dirty list and you send email for that customer. 🙂 What you want is for them (me) to look up the IPs and domain and see them clearly labeled with the company name and a dedicated abuse contact address (abuse@thatdomain). Then, when I check the domain web page, I’ll know that this is a legitimate ESP and that the spam was ultimately due to the customer giving you a bad list.

      In other words, I’ll know that you’re not the spammer and probably want to stop the spam as much as I do. *That* is the message to send if you want people to complain to you about spam from customers, instead of complaining about you to your ISP and the public. 🙂

      So please get rid of the Whois privacy. Then, if you’d like, email me a list of your domains and IPs, and I can put them on my watch list. The downside to that is that I might blog about an interesting spam. The upside is that I’ll probably contact you directly when I see any spam from one of your customers, which will mean that you can deal with it before it causes you problems.

  3. G’day,
    My name is Cameron and I’m in the Systems/Infrastructure team at Campaign Monitor. I really appreciate your feedback on WHOIS privacy settings for ESPs.

    I’m just fixing this oversight up right now. This was a genuine error, we are in the process of moving all our domains away from GoDaddy to OpenSRS and didn’t set our domain defaults correctly.

    If you do have any specific questions or if you have any further details about this incident you would like to talk to us about, then please feel free to contact us on: support@campaignmonitor.com

    Thanks

    Cameron Newman
    Campaign Monitor

    • Excellent! 🙂 Now, if somebody wants to give me your IP ranges, I’ll stick them in the “ESP monitoring” script I use to spot spam sent from an ESP’s IP ranges. As I said, that might lead to an occasional blog, but it will also give you feedback on what your customers are doing and help you keep spammers off of your IPs.

    • Thanks, Cameron. I see the corrected information and have removed the DROP entries from my spamtrap hosts. Stay tuned for more information on customers who mail to boxes long dead 😀

      Catherine,

      # dig +short TXT createsend.com
      "v=spf1 ip4:59.167.164.113 ip4:184.106.86.128/28 ip4:206.72.127.0/24 ~all"
      "spf2.0/pra" "mx" "ip4:59.167.164.113" "ip4:184.106.86.128/28" "ip4:206.72.127.0/24" "~all"

      and

      # dig +short TXT campaignmonitor.com
      "v=spf1 mx ptr ip4:50.57.189.84 ip4:59.167.164.113 ip4:206.72.127.0/24 ip4:27.126.144.0/24 ip4:184.106.87.128/28 ip4:184.106.86.168/29 include:cmail1.com include:aspmx.googlemail.com ~all"

      • Thanks, Atro.

        Cameron, is “campaignmonitor.com” ever used to send bulk email? Or is it used only for non-bulk, business email? The reason I’m asking is I want to know whether to include the IPs that it has in SPF in my ESP bulk email filter. 🙂 Thanks!

  4. G’day,

    campaignmonitor.com is used for business/support email no bulk email will be sent from these ip addresses.

    If you do have any specific questions or if you have any further details about this incident you would like to talk to us about, then please feel free to contact us on: support@campaignmonitor.com

    Thanks

    Cameron Newman
    Campaign Monitor

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top