Symantec: no respect for opt-out
Symantec, provider of security software for personal computers, is desperate to reach their old contacts at Savon Voima despite the domain having changed owners and opt-outs having been sent. The ESP is Responsys.
Spamming IP: 12.130.139.5
On June 14, 2011, Symantec sent an invitation to the Symantec Technology Day in Helsinki on Nov 16 to their old contact at Savon Voima. I haven’t mailed Symantec with anything prior to this day, and my current mail logs only extend as far as Oct 31, 2010, so I don’t know if they tried between Dec 29, 2009 and Oct 30, 2010, but the absence of anything in the “sent” folder suggests that they may not have.
The June 14 message elicited the following response from me:
Date: Tue, 14 Jun 2011 22:49:39 +0300
From: Atro Tossavainen <atro.tossavainen at atro.fi>
To: symantec_communications-EMEA@symantec-corporation.com
Cc: postmaster@symantec-corporation.com, abuse@symantec-corporation.com,
symantec_communications-EMEA@symantec.com, postmaster@symantec.com,
abuse@symantec.com, marketing_finland@symantec.com
Subject: Cease and desist: atro.fi
Message-ID: <20110614194939.GA20405@myhostname>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.2i
Status: RO
Content-Length: 859
Lines: 19You’re trying to mail something to addresses @atro.fi.
Savon Voima (a power generation company in eastern Finland) gave up this domain name on August 31, 2009. It properly expired after the three month probationary period on November 30, 2009. On December 29, 2009, I registered it for myself as a private person.
All email that you send to addresses @atro.fi didn’t reach a mail server at all between September 1, 2009 and December 29, 2009. After Dec 29, 2009, all mail to those addresses was bounced with 550 5.1.1 No such user, which should have been the final clue that you needed to manage mailing list hygiene properly, until about March 2010. At present, I accept it all and hand it over to certain third parties for further processing.
Please see http://www.atro.fi/ for further information.
Thank you for attending to this.
Atro Tossavainen
This was delivered, as shown by the following Postfix log snippet:
Jun 14 22:49:40 myhostname sendmail[20413]: p5EJnd9H020413: to=marketing_finland@symantec.com,abuse@symantec.com,postmaster@symantec.com,symantec_communications-EMEA@symantec.com,abuse@symantec-corporation.com,postmaster@symantec-corporation.com,symantec_communications-EMEA@symantec-corporation.com, ctladdr=atossava (500/100), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=211415, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as D92B9794D3F) Jun 14 22:49:43 myhostname postfix/smtp[20418]: D92B9794D3F: to=<abuse@symantec-corporation.com>, relay=imh.rsys3.net[12.130.135.103]:25, delay=2.7, delays=0.11/0.03/1.4/1.2, dsn=2.0.0, status=sent (250 Ok: queued as C029A4A8052) Jun 14 22:49:43 myhostname postfix/smtp[20418]: D92B9794D3F: to=<postmaster@symantec-corporation.com>, relay=imh.rsys3.net[12.130.135.103]:25, delay=2.7, delays=0.11/0.03/1.4/1.2, dsn=2.0.0, status=sent (250 Ok: queued as C029A4A8052) Jun 14 22:49:43 myhostname postfix/smtp[20418]: D92B9794D3F: to=<symantec_communications-EMEA@symantec-corporation.com>, relay=imh.rsys3.net[12.130.135.103]:25, delay=2.7, delays=0.11/0.03/1.4/1.2, dsn=2.0.0, status=sent (250 Ok: queued as C029A4A8052) Jun 14 22:49:45 myhostname postfix/smtp[20419]: D92B9794D3F: to=<abuse@symantec.com>, relay=cluster4.us.messagelabs.com[216.82.253.227]:25, delay=4.5, delays=0.11/0.03/3.5/0.81, dsn=2.0.0, status=sent (250 ok 1308080990 qp 7004 server-14.tower-170.messagelabs.com!1308080989!11453964!1) Jun 14 22:49:45 myhostname postfix/smtp[20419]: D92B9794D3F: to=<marketing_finland@symantec.com>, relay=cluster4.us.messagelabs.com[216.82.253.227]:25, delay=4.5, delays=0.11/0.03/3.5/0.81, dsn=2.0.0, status=sent (250 ok 1308080990 qp 7004 server-14.tower-170.messagelabs.com!1308080989!11453964!1) Jun 14 22:49:45 myhostname postfix/smtp[20419]: D92B9794D3F: to=<postmaster@symantec.com>, relay=cluster4.us.messagelabs.com[216.82.253.227]:25, delay=4.5, delays=0.11/0.03/3.5/0.81, dsn=2.0.0, status=sent (250 ok 1308080990 qp 7004 server-14.tower-170.messagelabs.com!1308080989!11453964!1) Jun 14 22:49:45 myhostname postfix/smtp[20419]: D92B9794D3F: to=<symantec_communications-EMEA@symantec.com>, relay=cluster4.us.messagelabs.com[216.82.253.227]:25, delay=4.5, delays=0.11/0.03/3.5/0.81, dsn=2.0.0, status=sent (250 ok 1308080990 qp 7004 server-14.tower-170.messagelabs.com!1308080989!11453964!1)
No response to the opt-out. However, a reminder, in other words, spam:
Aug 16 11:38:06 myhostname postfix/smtpd[8613]: connect from om-symantecenterprise-emea.rsys3.com[12.130.139.5] Aug 16 11:38:06 myhostname postfix/smtpd[8613]: 748E1794B87: client=om-symantecenterprise-emea.rsys3.com[12.130.139.5] Aug 16 11:38:06 myhostname postfix/cleanup[8617]: 748E1794B87: message-id=<0.0.23.698.1CC5BEFD41E1124.0@om-symantecenterprise-emea.rsys3.com> Aug 16 11:38:07 myhostname postfix/qmgr[24926]: 748E1794B87: from=<symantec_communications-EMEA@symantec-corporation.com>, size=20458, nrcpt=1 (queue active) Aug 16 11:38:07 myhostname postfix/smtpd[8613]: disconnect from om-symantecenterprise-emea.rsys3.com[12.130.139.5]
And more spam just today. Spam headers:
From symantec_communications-EMEA@symantec-corporation.com Mon Oct 24 15:25:44 2011 Return-Path: <symantec_communications-EMEA@symantec-corporation.com> Received: from om-symantecenterprise-emea.rsys3.com (om-symantecenterprise-emea.rsys3.com [12.130.139.5]) by mail.atrotossavainen.fi (Postfix) with ESMTP id C9866794DC1 for <x@atro.fi>; Mon, 24 Oct 2011 15:25:43 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=symanteccorporation; d=symantec-corporation.com; h=MIME-Version:Content-Type:Date:From:Reply-To:Subject:To:Message-ID; i=symantec_communications-EMEA@symantec-corporation.com; bh=38JhR5heZ+5Kc4gOa7vmLl/sEY4=; b=iYMCVbv6sZIfNzXOr5T0FZWtTEv79orHqOFmrQNf0tNVzJIU+0L5r5s262Q+Tp4zeaiMIQJnWxst W2fdB6bgF37Her2Arb92879/7Nq08lJzFg+7kvk0Cck38I47oGZQOREmN0MvvRMs5bYLdTbChlXU 7h7g6VckqAX/+gD/2qY= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=symanteccorporation; d=symantec-corporation.com; b=Pje8tDyPwlb0EOwygTpOyLvKOSirSTmvtLYmHiZMWwv11vs6fJBBCCraKD/28f+e+pE01TGOaVhF VpNkEVwMl6zfdJrW3um5QRTQL+sy/V3Lzrs0h7sQxDn4LMYNWoyYhWGIjw97QCC/FmmbCK+m1RAk hjmFCzcfOuLcyrtUcoo=; Received: by om-symantecenterprise-emea.rsys3.com (PowerMTA(TM) v3.5r17) id hklcke0morcv for <jussi.ruuskanen@atro.fi>; Mon, 24 Oct 2011 05:25:37 -0700 (envelope-from <symantec_communications-EMEA@symantec-corporation.com>) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----msg_border" Date: Mon, 24 Oct 2011 05:25:37 -0700 From: "Symantec Finland" <symantec_communications-EMEA@symantec-corporation.com> Reply-To: "Symantec Finland" <symantec_communications-EMEA@symantec.com> Subject: =?UTF-8?B?TVVJU1RVVFVTIEtVVFNVU1RBTU1FIOKAkyBTeW1hbnRlYyBUZWNo?= =?UTF-8?B?bm9sb2d5IERheSAxNi4xMS4yMDExIEhlbHNpbmdpc3PDpA==?= X-cid: smemea.2610.13 X-sgxh1: rmkkpQjmmksHgLgxHljhQMp To: x@atro.fi Message-ID: <0.1.16F.85A.1CC924808EC3BB8.0@om-symantecenterprise-emea.rsys3.com> Content-Length: 35382 Lines: 827
Pingback: Symantec Corporation: Advertising Ghost to …ghosts, er, spamtraps » MainSleaze