Spammers abusing U of MN OIT email servers

Some spammers have been abusing the University of Minnesota OIT email servers for months, up to dozens of attempts per day. Abuse@ and postmaster@ were notified with overwhelming evidence months ago but the spam continues to trickle through.

Read more…

Capital One: Poster Boy for Poor Security and Privacy

Capital One, a large US-based bank and credit card issuer, stands out for sending by far the largest number of transactional emails containing personally identifying information (PII) to my spamtrap collection. :/ Capital One uses a number of ESPs, but its transactional emails are usually sent from Bigfoot Interactive, owned by Epsilon Interactive.

Read more…

About outsourcing mail reception services

If you are somebody who habitually receives abuse complaints from random third parties, consider twice before outsourcing all your mail reception to third parties such as Google or Microsoft.

Read more…

Finnair: Massive failure in personal data processing

During the evening (Finnish time, UTC+0200) of January 8, 2015, Finland’s national airline, Finnair (www, biz reg) launched an unprecedented email advertising campaign at their valued customer list.

Read more…

EmailVision: Competing with Topica for the #1 payday loan spam ESP prize

“Interesting” affiliate spam from EmailVision, hitting over a hundred spamtraps that I have access to. Promoting Euroloan Consumer Finance plc, a Finnish payday lender. I am getting the impression that Jubiis might be a Danish affiliate(?) spammer, but their website says they’re on Malta, and their Domain by Proxy registration illegally leaves them untraceable. The spam text is in Finnish save for the “description” of how you came to be on their list and how to be removed, which are in Danish, which is of course equal to Gibberish for 99.9% of the world population (save for the 5.59 million Danes, that is).

Read more…

Finnish Post: How not to (not) handle bounces

The NetPosti service of the Finnish Post is one of the most offensive parties to illegally handle outdated and erroneous personal data. They’ve finally woken up. Sorta.

Read more…

Chase Bank: Sending Transactional Email to a Spamtrap

Chase Bank simply doesn’t get it, or doesn’t care. Months after I reported that Chase was spamming email addresses that did not belong to live customers with marketing and transactional email messages, it is now sending transactional emails containing a customer name and information about account activity to yet another spamtrap. This email was sent directly from Chase’s own IPs.

Read more…

The incredible leakyness of commercial mailers

Here is a repost of a blog entry by CAUCE President John Levine in which he explores the murky world of stolen mailing lists, and how companies rarely acknowledge such breaches.

How not to manage a mailing list, or: The Importance of Confirming Opt-Ins

Somewhere out there, there’s a web page that contains a “sign me up for the mailing list” link.

Somewhere out there, there’s a person with a grudge. Maybe a disgruntled spammer.

The two meet.

Read more…

Go back to top