Dec
24

Facebook: Reminding Several Thousand Spamtraps to Join

Yesterday and today Facebook emailed several thousand of my spamtraps, reminding them that “just one step” was needed to join the social networking site. The problem is, none of these spamtraps ever *asked* to join Facebook. None of them send email. Some of them never existed at all, and of those that were once live email addresses, several were closed in the late 1990s — before Facebook existed. Facebook sent these emails from their own IPs; no ESP was involved.

Spamcop is already listing most of the emitting IPs for these spams. I have no idea whether Facebook is the target of a massive forge subscriptions attack or somebody thought that it would be a good idea to spam a purchased or email appended list over Christmas week. This is ridiculous, however. Facebook needs to fix whatever allowed it to happen, soonest.

Sending IPs: 66.220.144.128/26, 66.220.155.128/26, 66.220.157.64/27

Spam Sample:

Actual Headers:

Received: from mx-out.facebook.com (outmail038.prn2.facebook.com
        [66.220.144.1##])
        by <xxx> (Postfix) with ESMTPS id <xxx>
        for <xxx>; Thu, 25 Dec 2014 00:##:## +0200
        (EET)
DKIM-Signature: <xxx>
Received: from facebook.com (<xxx> 10.102.##.##)
        by facebook.com with Thrift id <xxx>;
        Wed, 24 Dec 2014 14:##:## -0800
X-Facebook: from ##:##:##:##:face:##:##:## ([<xxx>])
        by www.facebook.com with HTTP (ZuckMail);
Date: Wed, 24 Dec 2014 14:##:## -0800
To: <xxx>
From: Facebook <notification+<xxx>@facebookmail.com>     
Reply-to: noreply <noreply@facebookmail.com>
Subject: Just one more step to get started on Facebook               
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
Errors-To: notification+<xxx>@facebookmail.com
X-Facebook-Notify: email_confirm; mailid=<xxx>
List-Unsubscribe: <https://www.facebook.com/o.php?k=<xxx>&u=<xxx>&mid=<xxx>>
X-FACEBOOK-PRIORITY: 1
X-Auto-Response-Suppress: All
Message-ID: <<xxx>@www.facebook.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="b1_<xxx>"

Readable Email:

From: Facebook <notification+<xxx>@facebookmail.com>
To: <spamtrap>
Subject: Just one more step to get started on Facebook

Hi <xxx>,

You’re almost done with the sign-up process

Confirm Your Account
https://www.facebook.com/n/?<xxx>

<removed>

This message was sent to <xxx>. If you don’t want to receive these emails from Facebook in the future, please follow the link below to unsubscribe.

https://www.facebook.com/o.php?<xxx>

Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303

6 Responses to Facebook: Reminding Several Thousand Spamtraps to Join

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top