Swedish spam ESP: Mailcom / Venamail

More information at the sender’s site. Note the complete absence of anything resembling an AUP and anything that would discuss the issue of spam (from the recipient’s perspective, anyway).

The spam contains nothing at all on the address source. That would be a requirement in Finland according to Section 25 of the Personal Data Act.

The spam was sent to an address list that contains outdated and erroneous personal information. Processing such is against Section 9, Paragraph 2 of the Personal Data Act.

Consequently, the spam was sent to the addresses of natural persons with no business context, which is against Section 26 of the Act on the Protection of Privacy in Electronic Communications.

Based on the traps this was seen at, the address source is a severely outdated copy of the Finnish Business Information System data. See yesterday’s blog post for some relevant bits on that fact.

Only an idiot would send spam in Swedish to all and sundry in Finland, at least if their purpose was to make themselves welcome and get somebody to purchase something from them. Because of historical reasons, Swedish is a compulsory subject for Finns at school, and a very large part of the Finnish population has an attitude problem with the language as a result.  If spamming wasn’t enough of a PR disaster for this business, addressing potential Finnish customers in Swedish by default has to be. Själv pratar jag svenska gärna, men det gäller inte majoritetet, tror jag.

Spamming IP: Potentially anything in 87.237.210.0/24?

$ rdns.local 87 237 210 210 | grep venamail
3.210.237.87.in-addr.arpa. 600  IN      PTR     web.venamail.com.
59.210.237.87.in-addr.arpa. 600 IN      PTR     mail.venamail.com.
139.210.237.87.in-addr.arpa. 600 IN     PTR     mail11.venamail.com.
223.210.237.87.in-addr.arpa. 600 IN     PTR     mail4.venamail.com.
224.210.237.87.in-addr.arpa. 600 IN     PTR     mail5.venamail.com.
225.210.237.87.in-addr.arpa. 600 IN     PTR     mail6.venamail.com.
226.210.237.87.in-addr.arpa. 600 IN     PTR     mail7.venamail.com.
227.210.237.87.in-addr.arpa. 600 IN     PTR     mail8.venamail.com.

Spam headers:

Return-Path: <bounce-x-x-x-x@mail.venamail.com>
Received: from mailX.venamail.com (mailX.venamail.com [87.237.210.x])
        by x (Postfix) with ESMTP id x
        for <x>; Fri,  4 Jan 2013 hh:mm:ss +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ml; d=mailcom.se;
        h=Date:To:From:Reply-to:Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Type;
        i=system@mailcom.se;
        bh=x;
        b=x
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=ml; d=mailcom.se;
        b=x;
Received: by mail8.venamail.com id x for <x>; Fri, 4 Jan 2013 hh:mm:ss +0100
        (envelope-from <bounce-x-x-x-x@mail.venamail.com>)
x-virtual-mta: venamail2
Date: Fri, 4 Jan 2013 hh:mm:ss +0100
To: "x" <x>
From: MailCom Europe AB <system@mailcom.se>
Reply-to: MailCom Europe AB <system@mailcom.se>
Subject: VenaMail 2, det självklara valet för att skicka nyhetsbrev
Message-ID: <x@localhost.localdomain>
X-Priority: 3
X-Mailer: Email Sending System
X-Complaints-To: abuse@venamail.com
List-Unsubscribe: <http://open.venamail.com/u.php?p=x/x/x/x/x/x>
X-MessageID: x
X-Report-Abuse: <http://open.venamail.com/report_abuse.php?mid=x>
Precedence: bulk
X-SMTPAPI: {"unique_args":{"abuse-id":"x"}, "category":"campaign"}
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="b1_x"

Human-readable spam contents:

VenaMail 2, det självklara valet för att skicka nyhetsbrev

Det här är ett meddelande från MailCom Europe AB. Vi hoppas att den här kommunikationen är välkommen.

Om du har problem med att läsa detta mail, gå in på denna adress http://open.venamail.com/wb.php?p=x för en webbversion.

Om du inte vill få mer information från oss i framtiden, så kan du avregistrera dig genom att surfa till http://open.venamail.com/u.php?p=x.

Detta meddelande är riktat till dig på företaget som VD, marknadschef, inköpschef, eller ansvarig för marknadsfrågor. Informationen är således inte riktad till dig som privatperson.

5 Responses to Swedish spam ESP: Mailcom / Venamail


  1. $ rdns.local 87 237 214 214|grep venamail
    77.214.237.87.in-addr.arpa. 589 IN PTR mail13.venamail.com.
    148.214.237.87.in-addr.arpa. 590 IN PTR mail14.venamail.com.

    $ rdns.local 87 237 213 213|grep venamail
    20.213.237.87.in-addr.arpa. 600 IN PTR mail12.venamail.com.
    205.213.237.87.in-addr.arpa. 600 IN PTR mail9.venamail.com.
    206.213.237.87.in-addr.arpa. 600 IN PTR mail10.venamail.com.

    $ rdns.local 87 237 215 215|grep venamail
    123.215.237.87.in-addr.arpa. 600 IN PTR mail3.venamail.com.
    187.215.237.87.in-addr.arpa. 600 IN PTR mail15.venamail.com.
    188.215.237.87.in-addr.arpa. 600 IN PTR mail16.venamail.com.
    189.215.237.87.in-addr.arpa. 600 IN PTR mail17.venamail.com.
    190.215.237.87.in-addr.arpa. 600 IN PTR mail18.venamail.com.
    191.215.237.87.in-addr.arpa. 600 IN PTR mail19.venamail.com.
    242.215.237.87.in-addr.arpa. 600 IN PTR mail2.venamail.com.

    They’ve even made local news for being spammers last year, and a Swede living in Norway blogged about their spam already nearly four years ago. And to top it off, they are an old acquaintance of Spamhaus from last year already. Now all that’s missing is for SBL114301 to be extended to cover all of the IPs indicated in this blog post…

  2. Pingback: Xtravaganza.fi / kevytkauppa.fi: Do businesses really worry about weight, or eat snacks? » MainSleaze

  3. Spamming from Litteris.se IPs 87.237.213.66, 68 today. Spam contents are still the same: promotion of their own spamming services, in Swedish, to Finnish recipients, using an unnamed address list (illegal), processing outdated and erroneous personal information (illegal), and spamming natural persons without consent, business position justification or prior customer relationship (illegal).

    Responses from Mats Lindström, CEO and Founder:

    What is the problem with you? Why don’t you put energy on positiv things instead?

    and

    And you never subscribe either…

  4. Spamhaus have created another listing in late Feb 2014, but what’s really needed is for the SBL to cover every single IP that Mailcom Europe AB / Venamail are using.

  5. It must be early Christmas.

    Found 17 SBL listings for IPs under the responsibility of telia.net

    SBL223576
    87.237.213.206/32 telia.net
    27-May-2014 07:03 GMT
    copyprintsweden.se / copystore.se (venamail.com/vmdb.se)

    SBL223575
    87.237.213.204/31 telia.net
    27-May-2014 07:03 GMT
    copyprintsweden.se / copystore.se (venamail.com/vmdb.se)

    SBL223574
    87.237.213.203/32 telia.net
    27-May-2014 07:03 GMT
    copyprintsweden.se / copystore.se (venamail.com/vmdb.se)

    SBL223573
    87.237.210.227/32 telia.net
    27-May-2014 07:00 GMT
    copyprintsweden.se / copystore.se (venamail.com/vmdb.se)

    SBL223572
    87.237.214.148/32 telia.net
    27-May-2014 06:54 GMT
    daydeal.nu / daytoner.com (venamail.com/vmdb.se)

    SBL223571
    87.237.213.68/32 telia.net
    27-May-2014 06:53 GMT
    daydeal.nu / daytoner.com (venamail.com/vmdb.se)

    SBL223570
    87.237.210.139/32 telia.net
    27-May-2014 06:49 GMT
    daydeal.nu / daytoner.com (venamail.com/vmdb.se)

    SBL223569
    87.237.214.77/32 telia.net
    27-May-2014 06:47 GMT
    daydeal.nu / daytoner.com (venamail.com/vmdb.se)

    SBL223568
    87.237.215.188/30 telia.net
    27-May-2014 06:43 GMT
    daydeal.nu / daytoner.com (venamail.com/vmdb.se)

    SBL223567
    87.237.215.187/32 telia.net
    27-May-2014 06:43 GMT
    daydeal.nu / daytoner.com (venamail.com/vmdb.se)

    SBL223566
    87.237.213.20/32 telia.net
    27-May-2014 06:37 GMT
    daydeal.nu (venamail.com/vmdb.se)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top