[RESOLVED] Serena Software – now spamming multiple spamtraps

I had posted back in November about Serena Software mailing a spamtrap via Marketo. Serena is now hitting not one, not two, not even a handful, but rather slightly below a hundred pure spamtraps.

I’m still curious how Serena Software built their list initially, but I’m even more curious what methods they are using to grow it. I *suspect* it may be e-appending, based on the ever increasing number of spamtraps, and on some of the patterns in the localpart of the trap email addresses.

ESP is still Marketo.

IP address for the spam samples below: 199.15.212.109
(most of the traps got hit by 199.15.212.109, however some were hit by other IPs within 199.15.212.0/22)

November: 1 spamtrap
December: About 20 spamtraps
January: Close to 100 spamtraps

Now, that is some rapid (dare I say “malignant”) list growth if I ever saw it.
It would be nice if Marketo could automatically detect and flag such activity.

December mailing, that hit “only” about 20 traps (Headers)

Return-Path: <mail___@em107.mktomail.com>
Received: from em-sm4-109.mktomail.com (em-sm4-109.mktomail.com [199.15.212.109])
	by _____________________ with ESMTP id _____________________
	for <____________________________>; Tue, 20 Dec 2011 00:__:__ GMT
Received: from mktomail.com ([172.25.6.140])
	by em-sm4-109.mktomail.com (StrongMail Enterprise 4.1.1.6(___________)); Mon, 19 Dec 2011 18:__:__ -0600
X-VirtualServer: vsg-sm4-107, em-sm4-109.mktomail.com, 172.25.6.109
X-VirtualServerGroup: vsg-sm4-107
X-MailingID: _____________________________________________________________
X-SMHeaderMap: mid="X-MailingID"
X-Destination-ID: ______________________________________
X-SMFBL: _____________________________
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative;
	boundary="----_______________________________________________"
X-Report-Abuse: Please report abuse here: http://www.marketo.com/policy
Reply-To: info@serenasoftware.com
MIME-Version: 1.0
Message-ID: <_____________@serenasoftware.com>
Subject: Customer Case Study: How Kutxa Bank Orchestrates Software Development
Date: Mon, 19 Dec 2011 18:__:__ -0600
To: REDACTED
From: "Serena Software" <info@serenasoftware.com>

December mailing, that hit “only” about 20 traps (Human readable)

Subject: Customer Case Study: How Kutxa Bank Orchestrates Software Development
Date: Mon, 19 Dec 2011 18:__:__ -0600
To: REDACTED
From: “Serena Software” <info@serenasoftware.com>

Customer Case Study: How Kutxa Bank Orchestrates Software Development

_____,

Read how Kutxa-Vital-Banco Madrid is using Serena to streamline software development and configuration management. Kutxa is made up of three financial institutions that provide savings and loans services, private banking and wealth management advice. Kutxa manages and supports IT requirements for all three organizations.

Learn how Serena’s orchestrated ALM approach helped Kutxa implement a business process around SCCM, automate quality control and improve efficiency across the application development process.

Read more about Kutxa.
(http://info.serena.com/ALM_Nur12_Kutxa-VitalBancocasestudy_LP.html)

Sincerely,

Serena Software

Serena Software, Inc. 1900 Seaport Boulevard, Redwood City, California 94063 USA Contact Us

Unsubscribe: http://info.serena.com/UnsubscribePage.html?mkt_unsubscribe=1&mkt_tok=_________________________________________________.

January newsletter, that hit just shy of 100 traps (Headers)

Return-Path: <mail___@em107.mktomail.com>
Received: from em-sm4-109.mktomail.com (em-sm4-109.mktomail.com [199.15.212.109])
	by _________________________ with ESMTP id _________________________
	for <_________________________>; Thu, 5 Jan 2012 15:__:__ GMT
Received: from mktomail.com ([172.25.6.140])
	by em-sm4-109.mktomail.com (StrongMail Enterprise 4.1.1.6(_________________________)); Thu, 05 Jan 2012 07:__:__ -0600
X-VirtualServer: vsg-sm4-107, em-sm4-109.mktomail.com, 172.25.6.109
X-VirtualServerGroup: vsg-sm4-107
X-MailingID: __________________________________________________
X-SMHeaderMap: mid="X-MailingID"
X-Destination-ID: _________________________
X-SMFBL: _________________________=
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative;
	boundary="----=____________________________________"
X-Report-Abuse: Please report abuse here: http://www.marketo.com/policy
Reply-To: info@serenasoftware.com
MIME-Version: 1.0
Message-ID: <____.____@serenasoftware.com>
Subject: The #1 Application Development Priority and other Serena news
Date: Thu, 05 Jan 2012 07:__:__ -0600
To: REDACTED
From: "Serena xPress Newsletter" <info@serenasoftware.com>

January newsletter, that hit just shy of 100 traps (Human readable)

Subject: The #1 Application Development Priority and other Serena news
Date: Thu, 05 Jan 2012 07:__:__ -0600
To: REDACTED
From: “Serena xPress Newsletter” <info@serenasoftware.com>

To view this email as a web page, go to the following address: http://info.serena.com/index.php/email/emailWebview?mkt_tok=______________________________________________________

SERENA xPress Newsletter
January 2012
Volume 1, Issue 12

Feature Story: Speed: The #1 App Dev Priority for 2012

At the Gartner AADI Summit in December 2011, we surveyed IT executives about their top application development and delivery priorities for the coming year and discovered some notable results.

68% of respondents confirmed that faster delivery of applications is the top priority. Expanding the use of Agile and reducing application development costs were the second and third highest priorities, coming in at 52 percent and 49 percent respectively.

To get the software delivery speed that you need, find a way to effectively manage existing tools, roles and functions, and then put the right processes in place.

Read More <http://www.serena.com/blog/?p=885>

—————

Survey: What is your top priority?

We want to hear about the top app dev priority in your organization. Vote on one of the three below.

– Deliver applications faster.
– Expand the use of Agile.
– Reduce app dev costs.

Vote Now <http://svy.mk/______>

—————

Best of the Blogs

Water-Scrum-fall is the reality of agile, SD Times <http://bit.ly/______>

The reality of agile adoption has diverged from the original ideas described in the Agile Manifesto, with many adoptions resembling what Forrester labels water-Scrum-fall.

Mobile apps: Is the software development lifecycle different?, SearchSoftwareQuality <http://bit.ly/______>

The processes are mostly similar but there are two main differences.

The death of IT?, Econsultancy <http://bit.ly/______>

No, not death but change. IT’s effectiveness comes from integrating existing technology in new ways to create a competitive advantage.

—————

Case Study: EUMETSAT Simplifies Change Management with Dimensions CM

Learn how the European Organisation for the Exploitation of Meteorological Satellites (EUMETSAT) used Dimensions CM to manage change requests for over 12,000 Configuration items. They are now able to provide full audit and tracking for any change, including approvals and change requests.

Read More <http://bit.ly/______>

—————

Serena in the News

Orchestration of ITSM: The Glue that Binds IT Teams Together, Data Center Post <http://bit.ly/______>

Two new solutions, Serena Release Manager and Serena Service Manager, help close the DevOps gap.

Social media and ALM: Serena hosting Twitter PlusIs contest, IT Knowledge Exchange <http://bit.ly/______>

Serena uses social media to communicate with customers and hold a Twitter contest, with an iPad 2 as the grand prize.

—————

Product News

The following new releases are available at the support website <http://support.serena.com/Download/Default.aspx>.

ChangeMan ZMF 6.1.3
Release Control 3.1
Release Manager 1.1
Development Manager 1.0
Dimensions CM 12.2 – See reviews and metrics <http://bit.ly/______>.

View Serena’s Product Roadmap (Customer login required.)

Β© 2011 Serena Software Inc. All Rights Reserved. Trademark information <http://www.serena.com/company/legal.html>.

Serena Software | 1900 Seaport Blvd. | Redwood City | CA | 94063 USA

Unsubscribe: http://info.serena.com/UnsubscribePage.html?mkt_unsubscribe=1&mkt_tok=______________________________________________________.


16 Responses to [RESOLVED] Serena Software – now spamming multiple spamtraps

  1. I just checked my spamtraps. This must be a heavily targeted mailing, perhaps to Finnish customers, because I’ve got nothing in the past few days from this IP range. Which doesn’t make this remotely acceptable, of course. :/

    We used Serena’s Teamtrack product for version control at ${DAYJOB} til recently. I’ll ask around at work today and see if they’ve been spamming development or IT.

  2. Hello – I’ll check into this. The tweet was appreciated, got the attention of our social media folks who forwarded it to me.

    –Autumn Tyr-Salvia, Marketo compliance

  3. I saw you in my follow list on Twitter — I’m following you now too. I tweet only about some of what gets posted here, usually the more severe and/or more interesting cases. This was the first of those; around 100 spams to what I know to be a fairly small spamtrap collection is *definitely* beyond the norm. Serena is lucky that it hit Atro’s spamtraps and not those at Spamhaus.

    FYI, if Serena is spamming anybody at work, it isn’t on the development team or the IT people that I know. That, combined with the lack of spam to any of my spamtraps (and I have a much larger collection than Atro does) suggests that this was probably targeted at Finland or Scandinavia. My spamtrap coverage is decent for central and southern Europe as well as the Americas, but lacking for northern Europe. That’s on my list of things to change. πŸ™‚

    Let us know what you find.

  4. Oops, that’ll teach me not to check authors. The spam run was seen by U.S.-based Joe Sniderman, not Finland-based Atro Tossavainen. But I still haven’t seen anything here. πŸ™‚

  5. Yeah, that was my post, not Atro’s. Atro has been posting a lot, and I haven’t exactly been posting as much as I could and probably should…

    Its not horribly unusual for me to see a sender hit a hundred (or more) traps in a single mailing. What *is* *very* unusual is for me to see a sender hit *one* trap with one mailing, a bunch of traps the next, and have the number just rapidly continue to grow like that.

    IDK how long Serena has been Marketo’s customer, but the first spam that I saw from Serena was in November, with rapid acceleration since then. Ie, whether it was a list purchase, or an e-append, whatever Serena did to enlarge their list was very recent. Hopefully that will make it considerably easier for Marketo to investigate.

    • I concur; that *is* bad even if not as blatantly so as I thought at first. You’ve got access to more spamtraps than Atro does, although I don’t think the number that I do. (Or the variety.)

      Autumn Tyr-Salvia at Marketo is investigating, and in my experience she’s thorough and good at this. I hope she’s not haring off looking for some Finnish connection because she didn’t check back. I might email her to be sure.

  6. Just to keep you updated, I have been in touch with the Marketo team at Serena Software. They have responded to me, and we are working on understanding where the spam traps came from and thus how we can resolve this.

    As part of our conversation, they requested additional information about these incidents. I offered a little context, and also provided a link to this page.

    I’ll stay in touch as this develops.

  7. Serena Software is going to send a final opt-in/goodbye message to all inactive records created before July 1, 2011. Once that has been completed, I’ll check in here to see if you receive further spamtrap hits. (It would also be helpful to know if their goodbye message hits any/all of the spamtraps, so we will know if they’re on the right track or not.)

  8. Serena Software will be sending a confirmation pass to inactive leads on Tuesday, 1/31. It would be helpful if you can let us know if your spam traps receive the message, so we have an idea if their attempted hygiene is likely to work or result in further trap hits.

  9. Yes, a large number of traps received the permission pass e-mail Tuesday. However, several traps (far fewer) also received the “6 Steps to Competitive Advantage through IT Ops and other Serena news” newsletter this morning.

    You should also be aware that there are some traps that received this morning’s mailing that had not received previous mailings, nor the permission pass. Ie, new bad data is present.

    I think it would be best to send a permission pass to *ALL* of Serena’s list, even those leads that are not flagged as “inactive.” This way you can nuke any and all bad data, regardless of how they have it classified. It would probably be a very good idea to have Serena use Confirmed-Opt-In only from now on, and perform the confirmation at Marketo rather than let them do it themselves. That way no new bad data can be introduced. Keep a close eye too on IP addresses that are submitting the subscriptions, and particularly any IP addresses that submit a lot of new subscriptions. that never gets confirmed.

    • That does sound like somebody at Serena is playing games with Marketo. :/ I’m just surprised that I haven’t seen it. They must be targeting email addresses at companies that either have done business with them or whose business they specifically hope to get — probably high-tech companies with significant software development staff.

  10. Wonderful.

    I’ll discuss this with my team, and with Serena. I’ll let you know as the matter progresses.

  11. They have been doing continued data cleanup, and tell me they sent again on 3/19. Did they hit traps again, and if so, did they hit any new ones?

    Thanks.

    • No, they have not hit any of my traps on 3/19/2012, nor any after that date. I’m marking this as resolved. πŸ˜€

      • Hooray! Thanks for your patience. The fellow at Serena had to do a pretty massive database and process cleanup, so we’re sorry for the delay. I’m really glad to hear this has been resolved. It’s a good day when we can cross one of these off the list.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top