PublicHealthCorps: Spamming Blog Owners

Today PublicHealthCorps, a non-profit organization that I have never heard of before and that has a newly-registered domain, spammed the administrative email address for this blog. The spam requests that we post their information at intervals during the coming year. The ESP is JangoMail, an old marketing company that used to send a lot of spam but hasn’t recently.

If this blog were about medicine or healthcare, or anything remotely relevant to those subjects, I would assume that they had searched for contacts on healthcare blogs. This blog has nothing to do with those subjects, however, and nothing on it would deceive anybody who read it into thinking that it did. The URL that they propose to host their healthcare information is completely inappropriate to the subject — it is a blog about a Finnish spammer selling printer inks! If I had heard of the organization before, I’d think that an inexperienced volunteer didn’t know better than to spam a scraped list. If the domain were registered to a legitimate organization instead of to GoDaddy’s Domains by Proxy Whois Privacy Service, I would at least think that this was probably a legitimate organization.

As things stand, this is either an extremely ignorant organization that was misadvised by a spammer, or the organization itself is not what it pretends to be. In either case, it clearly didn’t tell its ESP where it got its decidedly non-opted-in list.

Sending IPs: 173.244.184.203

Spam Sample:

Actual Headers:

Received: from xl30-a.jsmtp.net (xl30-a.jsmtp.net [173.244.184.203])
	by <xxx> (Postfix) with ESMTP id <xxx>
	for <xxx>; Thu, 15 Jan 2015 18:##:## -0600 (CST)
DKIM-Signature: <xxx>
DomainKey-Signature: <xxx>
Message-ID: <casmtp-<xxx>@mail.outreach>
Reply-To: "Patricia Sarmiento" <info@publichealthcorps.org>
Subject: 10 Critical Cancer Risk and Prevention Resources
From: "Patricia Sarmiento" <info@publichealthcorps.org>
Date: Fri, 16 Jan 2015 00:##:## +0000
To: <xxx>
X-Priority: 3
MIME-Version: 1.0
X-Mailer: N/A
List-Unsubscribe: 
 <http://<xxx>.net/u.z?<xxx>>,<mailto:<xxx>@jangomail.com?Subject=Unsubscribe>
X-UserID: <xxx>
X-VConfig: <xxx>
Content-Type: multipart/mixed; boundary="--SMTPSPACER:<xxx>--"
MsgID: <xxx>
LocalSender: <xxx>@relay.jangosmtp.net

Readable Email:

From: Patricia Sarmiento <info@publichealthcorps.org>
To: <spamtrap>
Subject: 10 Critical Cancer Risk and Prevention Resources

Greetings from PublicHealthCorps,

In preparation for a new year full of important Awareness Months and Days [1], we recently began a series of research projects. We started with cancer prevention, which we will soon segment by cancer types.

As I’m sure you can imagine, our initial research turned up numerous educational and potentially lifesaving resources. We reviewed over 175 of them and narrowed down the list to the best 10. We’d prefer not to keep these to ourselves – the information is too important.

May I share this list with you?

Our hope would be that you would then post the resources on your site (maybe this page: http://mainsleaze2.spambouncer.org/finink-com-selling-printer-inks-to-spamtraps-oraakkeli-net-new-finnish-b2b-spam-esp/?), share them on Twitter or Facebook, and/or simply forward them on to colleagues, family members, friends, etc. Let’s get this information out there and help encourage others to make lifestyle and environmental changes today!

It’s my sincere hope that this information is useful to you and, in turn, your site visitors, social network, family and friends. That said, please let me know in an email response if you’re not interested in cancer-related information so that I can leave you off any future outreach efforts.

In health,
Patricia Sarmiento

[1] https://www.charities.org/sites/default/files/2015%20Cause%20Awareness%20Calendar.pdf

Putting the Public Back in Public Health

http://publichealthcorps.org/
info@publichealthcorps.org
340 S LEMON AVE #5780, WALNUT, CA 91789

3 Responses to PublicHealthCorps: Spamming Blog Owners

  1. We spotted this in our traps as well. It’s close enough to our niche that we listed the domain name. We’ve let Jangomail know about it and are waiting for their reply – their mass mailer anti-spam policy reads all right and should be reason enough for them to chuck this spammer.

  2. Hello,

    This is Chris from JangoMail’s Abuse team and I want to apologize up front for this. Thanks to the alert given to us by ScientificSpam we were able to quickly locate and terminate this malicious user.

    Like other ESP’s, from time to time, spammers are able to get their way past our vetting process. Although this does not happen often, as you can see, we were clearly not given correct information regarding the opt-in validity of this user’s list. When a user does not have an alarmingly high bounce or block percentage to their email campaigns, we must rely on sources like yours and dedicated feedback loops in order to know if a malicious user is using a harvested and/or bought list.

    I want to assure you JangoMail is committed to it’s anti-spam policy.

    • Excellent. 🙂 If an ESP anywhere has come up with an unerring means to spot and stop spammers before they spam, I wish they would share it with the rest of us! This particular spam hit me on the funnybone, coming to the administrative address fo this blog, but I have a rather large spamtrap collection and a quick look for emails from “jsmtp.net” shows a very low hit count. If you send all of your mailings from servers within that domain, you’re doing well.

      Atro privately let me know that email to abuse@jangomail.com bounced, although email to abuse@jmail.net went through. You might want to fix this; just set up an abuse email address at your main domain and alias it to abuse@jmail.net. That can prevent misunderstandings.

      Thank you for taking care of this!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top