Feb
17

Regus (International Workplace Group plc)

Spamming through SendEthic this time, targeting addresses stolen from other companies.

In January 2022, I discussed a potential consultant assignment with a company somewhere. Being my own Internet Service Provider with unlimited email aliasesa, I am in the habit of generating dedicated addresses for many different purposes. That’s what I did this time, too. I generated an alias that identifies this other company, and proceeded to use it exclusively in my communications with them.

The consultant assignment didn’t happen. The alias remained on the email server, dormant, seeing no use at all after the initial conversation.

Until June 2023. At that point, multiple companies that do email verification started pounding it. All of their efforts were for naught; they were all blocked on the server anyway. So you come in and plan to say “Hi, I’d like to talk to you about Jesus”, but unfortunately for you I don’t care if you’re selling firewood, or introducing me to your latest version of Jesus, or telling me that my cat seems to be stuck up a tree nearby – I already recognised you and told you to go pound sand before you had even gotten started with your actual message of the day.

So, you’d think all of the verifiers would have reported it to their customers that this one is no good. Naah, in September 2023 it started receiving spam from a variety of senders both foreign and domestic that really were very varied and only had one thing in common: none of them were related in the slightest to the original company for whom the alias was generated.

Come February 2026. Regus, who have been mentioned on this site as spammers as far back as 2014, decided to join the merry band of thieves trying to send their unwanted email marketing to this address whose existence should be fully unknown to anyone else but the originally mentioned recruitment company.

Waiting to see what SendEthic’s reaction will be – the Ethic in the name ought to make the would-be complainant rather hopeful, but their AUP (Conditions generales de vente) leaves the reader rather unsure about their unequivocal forbidding of all spam and the use of purchased lists.

Oct
01

July to September 2020 in Spamtraps: ESPs

Turns out there was a point to being lazy with the monthly reports over the summer. This chart needed to be drawn over a longer period of time to highlight the obvious.

A logarithmic chart of the contributions of various ESPs in the Koli-Lõks OÜ spamtraps over the period of July to September 2020.
Summer 2020 in Spamtraps: ESPs
Read more…
Jun
01

May 2020 in Spamtraps: ESPs

Figure 1. Top 10 ESPs in our spamtraps, May 2020
Read more…
May
12

Join Netflix today

Recently, a friend encouraged me to look into the marketing of Netflix, the video-on-demand platform.

They’re sending from Amazon SES, one of the ESPs we are tracking, so I might have materials to look at.

My notes on ESP spam go back years, so I can easily pull up the data and draw a graph of the percentage of mail related to netflix.com in the observed output of Amazon SES in our traps.

I’d say somebody has got a little over excited with the remarketing. My favourites are the “Join today!” emails sent to addresses that never existed, where the explanation for why the recipient got it is that they had previously created an account. Why do they need to join in a second time and how were they able to join to begin with, with an email address that has never existed?

Nov
20

Urmo Mark at it still/again

Urmo just can’t shake his old habits. Here he is again, today or yesterday, spamming with some new domains created in October 2019, predictably proposing spam-for-hire services to Estonian companies. The sending domain is already on Spamhaus DBL and I don’t predict a great lifespan for the OVH IP out of which this was sent.

Read more…
Aug
28

UpCloud – competition is fierce and business prospects dire

Earlier today, the Finnish cloud hosting company UpCloud Ltd (www, biz reg, responsible people) decided they’d start looking for new customers by spamming.

Read more…

Feb
01

October 2018 in Spamtraps: ESPs

Blast from the recent past

(This is what happens when you forget to click Publish)

ESP spam seen in spamtraps, October 2018

The percentage of ESP spam was 3.0%, down from 3.2% in September. The total amount of mail in this trap collection was up 16% from September.

There’s a new player on the list again. Ediware is a French email service provider that has been around since 2001. This is the first time ever they have made this list in any capacity, and it’s straight to the top 10. During October 24 from 5 pm to 8 pm CEST they had a malware/botnet/whatever infestation spamming “fix your wifi”, “desktop microscope”, “heating gadget” etc. To their credit, they got on top of it quite quickly, in four hours the problem was completely curbed, but while it was going on, the volume was huge. Any other stuff from them amounted to 0.4% of the total – no wonder we don’t usually see them.

Salesforce is so much ahead of SendGrid this month I would have expected to see something unusual from them. But no, it’s the same old players, none of whom are sending anything out of the ordinary.

SendGrid really need to get rid of Advisor Perspectives. Like, really. And so do MailChimp, for that matter.

Bubbling under this month: Mapp Digital (2.1%), Adobe Campaign (2.0%).

RATINGPARTICIPANTPERCENTAGENOTESMOST PROMINENT CUSTOMER
0All others34.7%
1Salesforce Marketing Cloud14.2%ExactTargetKohls (4.5%)
2SendGrid11.8%Advisor Perspectives (11%)
3MailChimp8.9%Boston Globe (0.8%)
4Oracle Marketing Cloud5.7%Nordstrom (6.9%)
(Nordstrom and Nordstrom Rack are also Salesforce’s #7 most spamming customer with 1.6% of SMC total)
5Amazon SES5.0%Netflix (3.8%)
6CheetahMail4.2%Eddie Bauer (5.8%)
7Mailgun4.0%The Italian affiliate spammers (at least 35%)
8Ediware3.9%Botnet flood on October 24 (>99%)
9IBM Marketing Cloud3.1%renewlife.com (nearly 30%)
10Constant Contact2.5%123dj.com (2.4%)
Sep
04

On The Forensic Capabilities of LeadForensics

The study of forensics refers to scientific tests or techniques used in connection with the detection of crime. It is an odd choice of name for what I think is a data seller, especially one whose targeting seems poor enough to be spamming me. They claim to want to help me generate more leads for my website, but my website doesn’t sell anything. I do not really need any leads.

They are sending from IP address 46.236.37.232, which appears to be an email platform called Message Focus or Adestra.

From what I can tell, the only forensic capability this entity has shown me is that they seem to buy B2B spam leads, which is very disappointing.

Aug
31

Siltaraha Oy / Finlandia Finance Oy

In May 2016, a Finnish B2B financing company (or “payday loans for businesses”, if you like) called Siltaraha Oy (www, biz reg, people responsible) started advertising its activities in B2B spam to purchased lists.
Read more…

Jul
28

New Finnish B2B spammer: Digimarketingmanager.com / Mailmarketingmanager.net

Here’s the culprit

Domains have been registered a week ago. The LI profile indicates the operation has started in July 2018. The people whose network the spam was sent from already know. Not just abuse@, the actual people.

If you’re reading this, Mr. A, take my advice: stop now.

Go back to top