Lowe’s, a U.S.-based hardware and home improvement store that competes directly with Home Depot, a few months ago started sending bulk email advertisements to a spamtrap that cannot have been live after 2002. Today Lowe’s hit a second spamtrap, an email address that (if it was ever live) closed in 2005. The ESP is ExactTarget.
The Ringling Brothers, Barnum & Bailey circus Center for Elephant Conservation, and their corporate parent Feld Entertainment, today sent an email advertisement to a spamtrap email address that, if it was ever live, was closed in 2003. The ESP is Yesmail, a subsidiary of Infogroup.
Today’s spam take: seven spam emails from one presidential campaign, one senatorial campaign, and our old friends the Democratic Senatorial Campaign Committee (DSCC) and Democratic Congressional Campaign Committee (DCCC). The DSCC, DCCC, and MittRomney.com are really pumping it out today. :/ Mailings from the DSCC, DCCC, and ElizabethWarren.com are blocked by SpamCop, a major blocklist. So far MittRomney.com has escaped listing on any widely-used blacklists, but if the spamtrap hits continue at this rate, that won’t last.
I admit it. I’ve been hesitant to talk about the flood of political spam that is hitting my spamtraps because there’s so much of it that I don’t know where to start. But the situation is crazy and getting worse by the day. So welcome to the new Political Spam Today report on the MainSleaze blog.
Sometime towards the beginning of summer 2012 the Louisville Courier-Journal, a newspaper serving north-central Kentucky and southern Indiana, began sending email updates to an email address at a domain that was closed over seven years ago. The Courier-Journal’s parent company is U.S. media conglomerate Gannett. Their ESP is ExactTarget.
I forgot to post this at the time.
The message contains a link to an obviously fake LinkedIn profile at the sender’s name.
The message was sent to an address that only exists in a HTML comment on a website. The only parties that will ever find it are spammers spidering for addresses.
The domain is registered at Moniker to “Kery Nieminen”, which sounds fictitious (“Kery” not being a Finnish name at all, or a name in any language I know…), apparently of Snellmaninkatu 83, 02760 ESPOO, tel. +358-40-6345731 (unlisted number). The unfortunate part is that there is no Snellmaninkatu in all of Espoo… Googling for the person’s name brings up the LinkedIn page and any number of spams that contain the same text as below, sent to blogs and public mailing lists.
Something calling itself “Hälyx” is advertising business security services to spamtraps. The message contains the admission that the source of the register they operate, which they decline to name as required by law, are “public address sources on the Internet”.
The spam service provider is Panic Marketing, no stranger to us here, unfortunately, who also operate the web bug in this message (“<img src=’http://static.dmt.panic.fi/scripts/handle_reademail.php?x=<timestamp.x.x.swift@dmt.panic.fi>’>).