A Finnish branch office of a Lithuanian(?) ESP that doesn’t even observe its own AUP

Somewhat unfortunately, my traps are in receipt of spam that was sent by Webcore, aka, to a purchased list, one that contains addresses of natural persons, and outdated and erroneous personal data. So their own AUP doesn’t appear to apply to themselves, and hence is worth exactly the loo roll it was printed on. (“WebCore”,, a d/b/a of Agrolink Ab) appears to be the Finnish reseller of the supposedly UK business (Now the domain registrations for and indicate UAB “Itema” in Lithuania, and the RIPE WHOIS of the network where reside,, is in Lithuania as well… But that’s beside the point, isn’t it.)

MailerLite’s Anti-spam Policy reads just fine. You can’t send to purchased lists, and you can’t send to harvested lists. The Finnish equivalent is identical in substance as it should be.

Spamming IP: 92.61.38.{3,4,5,6}

Spam headers:

From Wed Oct  3 10:50:51 2012
Return-Path: <>
Received: from ( [])
        by x (Postfix) with ESMTP id x
        for <x>; Wed,  3 Oct 2012 hh:mm:ss +0300 (EEST)
Received: from ( [])
        by (Postfix) with ESMTP id x
        for <x>; Wed,  3 Oct 2012 hh:mm:ss +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=ml;
        t=timestamp; bh=0hSHAVv4noCDaAoejCm0JkZoVxqDg/rZOgx37rker2w=;
Received: from localhost.localdomain (unknown [])
        by (Postfix) with ESMTP id x
        for <x>; Wed,  3 Oct 2012 hh:mm:ss +0300 (EEST)
Date: Wed, 3 Oct 2012 hh:mm:ss +0000
To: x
From: Webcore <>
Reply-To: Webcore <>
Subject: =?utf-8?Q?Haluatko=20keskitty=C3=A4=20kaupantekoon=20ja=20siirt=C3=A4=C3=A4=20it-ongelmat,=20serverit=20ja=20muut=20luotettaviin=20k=C3=A4siin?=
Message-ID: <x@localhost.localdomain>
X-Priority: 3
X-Mailer: MailerLite (
X-Mailer-BounceId: x;x;x
Sender: =?utf-8?Q?"Webcore"?=<>
List-Unsubscribe: <>, <>
MIME-Version: 1.0
Content-Type: multipart/alternative;
Content-Length: 23559
Lines: 650

Human-readable contents: Practically HTML only, and heavily infested with tracking information. Omitting from here, available on request. Missing mandatory information on the personal data file and its controller, of course. The addresses they’ve been sending to are guaranteed to have been bought, harvested, or both.

8 Responses to A Finnish branch office of a Lithuanian(?) ESP that doesn’t even observe its own AUP

  1. MailerLite are now spamming from


    inetnum: –
    netname: LT-HOSTEX
    descr: Client servers LAN
    country: LT

  2. Pingback: OfficeHelpsX Oy: Selling printing supplies to spamtraps » MainSleaze

  3. Today, (Agrolink Ab) wants to sell Thinkpad laptops to spamtraps, and predictably, the message is coming from MailerLite infrastructure, to spamtraps that must be Fonecta originated, and the spam fails to include the legally mandatory mention of the personal data file they used. Nothing new under the sun, in other words?

  4. They’ve been at it for a while. A quick check revealed that they have sent me spam on Oct 9th, Oct 11th, Nov 19th and Nov 26th. Webcore has a “very poor” trust rating on MyWot.

    They also lie on their website (

    “Yksityishenkilöille ei myönnetä yritysverkkotunnusta. Sen sijaan voidaan nykyään käyttää pp-verkkotunnusta. Ainoa edellytys on, että verkkotunnus on vapaana. Tällaisessa tapauksessa sähköpostiosoitteesi on muotoa: sinä@minkä ja kotisivusi saa osoitteen: http://www.minkä”

    Translation: Corporate domains are not granted to individuals. Nowadays you can use a pp-domain instead. The only requirement is that the domain is free. In a case like this your email is of the form: and your homepage gets the address:

    For the record, fi-domains are available to all >15yo’s living in Finland with a Finnish personal id number.

    Sounds like a professional scam business.

    • Any chance of you posting copies of their spam texts, or maybe even just subject lines, from the dates you mention?

      For the record, I don’t think the bit you quoted from their web page (regarding substitute personal .fi domains) is a deliberate lie. Just seriously outdated, which doesn’t surprise me at all. It’s only since 1 March 2006 that private individuals have been able to apply for .fi domain names proper… Do you actually expect a business in the Internet age to react to news in 8 years? 😀

  5. I was wondering about the data being purely out of date, but the page also does advertise IDNA-domains which were allowed in late 2005 I think. So there would only be a window few months in 2005-2006 when the page might have been valid.

    Here are the samples:

    Subject: Puinen konvehtirasia
    Subject: Puinen konvehtirasia
    Subject: Aarteita joululahjoiksi
    Subject: Herkkuja ja hemmottelua

    All html messages and advertising Valkila Oy, links to either or both Mlsend and/or

  6. Hello,
    sysadmin from here, this site has been brought to my attention from blacklist guys (many thanks to them).
    We had some problems with Finnish partner (local reseller of our services). Now we have taken this region back to our main office, so if you’ll happen to see abusers or spamers from please let us know about it.

    Please send your report here abuse {+at+}

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top