About this Blog
This blog documents the experiences of several long-time anti-spam professionals and activists with bulk email sent by legitimate companies to us, to our spamtraps, or to email addresses on mail servers that we manage. This spam is normally sent through an email service provider (ESP), a company that sends bulk email and manages lists for other companies. A small amount of this type of spam is also sent from the company’s own IPs or a legitimate third-party SMTP relay service. Anti-spammers call spam from (otherwise) legitimate companies that is sent from a legitimate ESP, legitimate SMTP relay, or the company’s own IPs mainsleaze spam.
In most cases, the bloggers here are blogging under their own real names. Catherine Jefferson, who hosts this blog, owns the domain that hosts it. She knows all of the bloggers either personally or by reputation. She knows the real identity of the anonymous bloggers, and vouches for them as she does for those that are not anonymous. If you want to know something about a specific blogger, look in The Bloggers.
Blog posts will vary in format because there are several bloggers, but blogs that report specific spam incidents will all contain the following information:
- Spam Source. The IP, IP range, or IP group that sent the spam.
- Spam Sample. At least one copy of a spam email, with the victim email address and MX server removed, and any other alterations that the blogger felt were necessary to prevent the victim from being identified. Removing the spammed email address keeps the company from simply dropping that one email address from their list without stopping the spam to other email addresses. (Antispammers call this listwashing.)
- Why the blogger is sure this is spam. An explanation of why the blogger is sure that this email is spam. For example, perhaps the blogger received the email to a personal email address and knows that he or she never asked for it, or perhaps the spam was sent to an email address that has been closed for a long period and no longer receives legitimate email. Occasionally mainsleaze spam is sent to actual spamtraps that have been managed properly, but most mainsleaze spammers are careful enough about their list hygiene that they rarely have actual spamtraps on their lists.
Most blog posts that report spam will have additional information about the spam, the company that is advertised in the spam, and the ESP that sent it (where applicable).
Blog posts that document general spam problems with a company or ESP will vary more in format and information given. We may blog about observed patterns of spam issues at a company or an ESP. We might blog about another subject that involves bulk email from a legitimate company or ESP. Occasionally we will blog about security breaches at legitimate ESPs when the breach leads to spam sent from the ESP’s mailservers. In all cases, we will keep the language reasonably clean and the information in the blog useful/actionable.
Comments on this blog are enabled. We require an account before commenting to prevent blog spam and enforce a bit of accountability, not to discourage people from commenting. We especially welcome comments from companies and ESPs that are mentioned here. The bloggers want to stop spam. If we can help a company that is sending spam fix its bulk email processes so that this does not happen, we consider that time well spent.
To comment, you will need an account. To obtain an account, contact the blog administrator at
<email@example.com> and provide your user name and an email address that WordPress can use to send you your password, and the administrator can use to contact you if necessary. Automatic account creation is disabled because spambots autocreate thousands of accounts daily on this and other wisely-used WordPress sites in hopes of abusing them to send spam. :/ Email addresses you provide are used only for administrative purposes; we don’t spam or share addresses. (Ya think? <G>)
WordPress logins are not secure, so do not use an email address that you want to protect, or a password that you use for any “valuable” account, such as a web mail account, online banking, or any account that has your credit card or other sensitive personal information. These days, you really should use a password vault and simply use different passwords on different sites.
The usual disclaimers apply. The blogger who writes a blog is solely responsible for the content of that blog. The information in blogs is as accurate as we can reasonably make it, but errors and omissions are inevitable. You use this information at your own risk; we accept no legal liability.