Hanco

What do we make of this? Any insights? I’d love to know more about the owner/source of this stuff. I think they are a source of the majority of spams I get. So much cloak and dagger. Though I see it *says* Flex Marketing Group, and I think they’ve been caught spamming before. I notice “ec2” mentioned in one of the URLs (EC2 being the Amazon service perhaps) https://to-email.com/find-email/from-mx/ip-172-31-40-64.ec2.internal https://to-email.com/find-email/dce79a24436e8368cf2ccd1b12ef9f9a

Absolutely. That’s my experience too.

I will say, Amazon AWS and the other EC2 group in the Amazon empire are both responsive and have been helpful to me. I wish they would accept the Spamcop reports but at least they help. Google though… ugh, a different story!

Exactly. Especially the replies that are as frustrating as hell. The replies that there is nothing they can do as it is not blacklisted by any reliable blacklist so contacts the host instead.

I tell them I have a "Aboriginal" curse which is for your family and friends, keep away from them (often they panic and hang-up)! Brilliant haha 😂

Was it from a US mobile number? Or other country? There is a good site for finding the carrier for US numbers. It has their abuse email addresses and they will typically investigate and suspend/terminate their customer. https://scammerblaster.com/carrier-lookup/

All of the above is accurate for me. It had been for several years now. I’ve found a couple of things out about the spammer behind the annoying emails. 1) Flex Marketing Group (New York) is likely a part of the problem 2) There is little more info but my email address is listed on a public web page at “to-email.com” - I would like to get my email address off this page but not sure about contacting the site owner or going to the hosting provider! https://to-email.com/find-email/dce79a24436e8368cf2ccd1b12ef9f9a And when I checked the domain registration details for to-email.com, the mailing box address given has a large number of reports of scams related to it…

And I see the tracking links are no longer reporting from SpamCop https:// storage.googleapis.com/… /dev/null'ing report for nomaster@devnull.spamcop.net so I’ll do like you guys and submit reports direct to Google and in SpamCop so the email sender is aware and the sc Blacklist gets built on.

Awesomeness. Thanks

Yeah, happening for probably about 4 weeks intermittently. As others are reporting here too. It seems the general consensus is to resubmit the headers and report again. Agree? I don’t like to report again but it appears the report is not sent based on the error, even though it also looks like it could have been because you can see the “reports already sent” too. What to do?!?

I’ve been seeing a few of these after clicking to send the report. Known issue? Something I am doing wrong? Can't send report: smtpEnvelope (7140149017.647c8b81@bounces.spamcop.net, report_spam@hotmail.com): smtpFrom: mail From 7140149017.647c8b81@bounces.spamcop.net: error (452 #4.3.1 temporary system error (12) ) Can't send report: smtpEnvelope (7140149032.4eb15871@bounces.spamcop.net, abuse@att.net): smtpFrom: mail From 7140149032.4eb15871@bounces.spamcop.net: error (550 No expected reply from SMTP) Can't send report: smtpEnvelope (7140149033.dbb0b274@bounces.spamcop.net, rmedina@nettogo.net): smtpFrom: mail From 7140149033.dbb0b274@bounces.spamcop.net: error (550 No expected reply from SMTP)

Yes it takes too long, and my spammer guy is organized just enough that the providers struggle to keep up. Not sure if I mentioned but I got his name and address! I emailed him and got no response. It was read though. Since he ignores unsubscribe requests, I’ve taken to using BBB to formally complain to his spamvertized companies. The LLC/Inc groups usually respond, though not always. The genuine businesses with a brand of consumer value reply, while the others that are dubious morally or have a BBB rating in the gutter already are half hearted in their response efforts or don’t even write back. Reminds me, I have one detailed complaint to send to an attorney general. Two “affiliate programs” this year contacted back through BBB providing their contact details and we had very positive interactions.Neither seemed to like the spammer very much and they said they don’t work with him any longer. After agreeing in writing not to reveal these guys as the source, they gave me his name, address, and contact details. They advised they didn’t think he will care much about my request to get off his list. They were not wrong. Some reduction seen definitely, but every so often he’s active. Recently it’s been SendGrid.net as his mode of operation. Just one topic/spam email at a time, and using twitter for spam image content delivery. Of course SpamCop does not send reports to SendGrid (why not?) and does not report to Twitter. spam dates: 29 May, 3 Jun, 6 Jun, 11 Jun, 17 Jun (twice), 19 June Separately, noticed a significant uptick in 419 Scammer emails. They often have a US phone number on them so I report the number to the FTC. I also call it (my number withheld) and if it sounds like the guy was asleep I repeat every few minutes at my leisure, put on a voice, ask stupid questions, generally really waste their time. I might be a sadist in this respect...I don’t feel at all guilty about doing it 😂

Sendgrid will follow up if you report to them. They are pretty good at dealing with spammers. They do not want to be on blacklists because their whole business is enabling delivery of legitimate emails for groups who have large lists of subscribers. That has been my experience anyway.

Did it stop? There is a spammer who uses Google Cloud Storage to spew out affiliate spam. Keto, loans, warranty, medical... It takes over a week, maybe ten days before they shutdown his account unfortunately. Then he just switches mode of operation to another method. Here’s his last campaign links list. The html is a redirect of course. The image links were his departure from using a redirect or direct link to imgur.com content, a direct IP addressed machine (or other image hosting provider) The man behind this is a complete (expletive) storage.googleapis.com/emarket111/Unsub.html storage.googleapis.com/emarket111/unsubscribe.html storage.googleapis.com/amlfk/unsubscribe.html storage.googleapis.com/emarket111/health.html storage.googleapis.com/emarket111/health1.png storage.googleapis.com/emarket111/health2.png storage.googleapis.com/amlfk/okwatt.html amlfk/okowatt.PNG storage.googleapis.com/amlfk/okowattunsub.PNG storage.googleapis.com/amlfk/getinstahard.html storage.googleapis.com/amlfk/insta.PNG storage.googleapis.com/amlfk/instaunsub.PNG storage.googleapis.com/emarket111/instahard.html storage.googleapis.com/emarket111/instahrdd.png storage.googleapis.com/emarket111/insahardunsub.PNG storage.googleapis.com/amlfk/refratequide.html storage.googleapis.com/emarket111/maxloan.html storage.googleapis.com/emarket111/rexmd1.png storage.googleapis.com/emarket111/rexmd2.png storage.googleapis.com/emarket111/rexmd.html storage.googleapis.com/emarket111/montezuma.html storage.googleapis.com/emarket111/montezuma1.png storage.googleapis.com/emarket111/montezuma2.png storage.googleapis.com/amlfk/fastcharging.html storage.googleapis.com/amlfk/fastchargring.jpg storage.googleapis.com/amlfk/fastunsub.PNG storage.googleapis.com/amlfk/healnsooth.html storage.googleapis.com/amlfk/healnsooth.PNG storage.googleapis.com/amlfk/healunsub.PNG storage.googleapis.com/tetssdfff/index%20CBD%20GUMMIES%20COMCAST.html storage.googleapis.com/amlfk/ketoboost.html storage.googleapis.com/amlfk/ketoboost.PNG storage.googleapis.com/amlfk/ketoboostunsub.PNG storage.googleapis.com/amlfk/bluesky.html storage.googleapis.com/emarket111/engagedketo.html storage.googleapis.com/emarket111/engagedketounsub.PNG storage.googleapis.com/emarket111/HOMEWARANTYSERVICES.html storage.googleapis.com/emarket111/homeservicesunsub.PNG storage.googleapis.com/emarket111/cbdT.html storage.googleapis.com/emarket111/cbdT2.png storage.googleapis.com/emarket111/cbdT1.png storage.googleapis.com/amlfk/refi.html storage.googleapis.com/amlfk/REFIREFI.jpg storage.googleapis.com/amlfk/refubsub2.png storage.googleapis.com/amlfk/cbdgummies.html storage.googleapis.com/amlfk/CBDGUMM.jpg storage.googleapis.com/amlfk/CBDUNSUB.png storage.googleapis.com/amlfk/smatfinancial.html storage.googleapis.com/amlfk/Smartfinancial.jpg storage.googleapis.com/amlfk/smartfinancialunsub.PNG storage.googleapis.com/amlfk/ketozin.html storage.googleapis.com/amlfk/ketozin.png storage.googleapis.com/amlfk/ketozinunsub.PNG storage.googleapis.com/emarket111/instahard.html storage.googleapis.com/emarket111/instahrdd.png storage.googleapis.com/emarket111/insahardunsub.PNG storage.googleapis.com/emarket111/safe1.png storage.googleapis.com/emarket111/safe.html storage.googleapis.com/emarket111/safe2.png https://storage.googleapis.com/emarket111/Life.html storage.googleapis.com/emarket111/Life1.png storage.googleapis.com/emarket111/Life2.png storage.googleapis.com/emarket111/HomePro.html storage.googleapis.com/emarket111/HomrPro2.png storage.googleapis.com/emarket111/HomePro1.png storage.googleapis.com/amlfk/scrores.html storage.googleapis.com/amlfk/scoresunssss.PNG https://storage.googleapis.com/amlfk/scroesbody.PNG storage.googleapis.com/emarket111/russian.html storage.googleapis.com/emarket111/russian1.png storage.googleapis.com/emarket111/russian2.png storage.googleapis.com/emarket111/conceal.html storage.googleapis.com/emarket111/conceal1.png storage.googleapis.com/emarket111/conceal2.png storage.googleapis.com/amlfk/automotive.PNG storage.googleapis.com/amlfk/automotive.html storage.googleapis.com/amlfk/automotiveunsbs.PNG storage.googleapis.com/emarket111/Aloehand.html storage.googleapis.com/emarket111/Aloehand1.png storage.googleapis.com/emarket111/2.png storage.googleapis.com/emarket111/instahrdd.png storage.googleapis.com/idrivec/shadowbox.html storage.googleapis.com/idrivec/shadowbox.png storage.googleapis.com/idrivec/unsubscribe.html storage.googleapis.com/idrivec/shadowboxunsub.png storage.googleapis.com/idrivec/engaged_keto.html storage.googleapis.com/idrivec/engagedketounsub.PNG storage.googleapis.com/idrivec/instahrd.png storage.googleapis.com/idrivec/instahard.html storage.googleapis.com/idrivec/inshardunsub.PNG storage.googleapis.com/idrivec/cbdgummies.PNG storage.googleapis.com/idrivec/cbdgummiesunsub.PNG storage.googleapis.com/idrivec/CBD_Gummies.html https://storage.googleapis.com/idrivec/conceledunsub.png storage.googleapis.com/idrivec/Conceled.html storage.googleapis.com/idrivec/conceled.png storage.googleapis.com/amlfk/ketozin.html storage.googleapis.com/idrivec/ketozinunsub.PNG storage.googleapis.com/idrivec/ketozin.png storage.googleapis.com/amlfk/scrores.html storage.googleapis.com/idrivec/cbdoil.jpg https://storage.googleapis.com/idrivec/cbdoiunsub.PNG storage.googleapis.com/idrivec/CBD_OIL.html

I am continuing to deal with a spammer who uses multiple redirects for the spamvertized sites he makes affiliate commissions for. So I do like to report these links in the email body. The URLs in the email body plain text are almost always redirects, or they are image links. So I let SpamCop take the first for reporting and I separately run a redirect follower to capture the others (trying wherever possible not to visit the last hop with tracking parameters since I don’t want to encourage more spam). Some redirect followers which once worked no longer work. It’s like he found a way to block them. I open another SpamCop browser page and discover the host of each hop in the redirect dance I identified. Then add those to the notes of the report page and add the host abuse reporting addresses to the user notified list of recipients in my report. It is laborious and annoying at times, but I hope the nutter behind this gets bored eventually. It takes a few days but his redirects get shut down eventually. And in some cases his images for the spam emails he sends are deleted within hours, sometimes minutes.

https://domainbigdata.com/nj/mZHpadbrnAFQT4F6G79g4w Paul Goldstein strategiccompulytics.com Registers a lot of random domains. We’ve seen that behavior a lot! And the topics in many are familiar spammy email ones.

And finally! The source: strategiccompulytics.com I may never know how they got my email address to send me periodic newsletters for these products or services.: “We have the internet cornered in all categories, from solar power, to credit repair, to dating, financial services, to senior care, and even health, life and auto insurance – so there is no shortage of opportunities to get the latest savings and new products to the market. Our job is to serve you, so we will continue to find the best direct partners and match them to your needs.” If they are so keen on “serving” why do NONE of their “periodic newsletters” (sometimes sent up to 27 times in a day) mention Strategic Compulytics on them? For anyone else getting the same junk, maybe these super friendly guys are the true source. I hope this is useful to folks who might be dealing with never ending email arrival on the topics above and others that they don’t mention (tinnitus, erectile dysfunction, fungal nails, all of which have miracle cures doctors wish they understood and pharmaceutical companies want to hide from the public - allegedly!!) Note: Better Business Bureau says Strategic Compulytics they have not responded to their ask, to stop claiming BBB accreditation My current spam levels are now down to <0.5 per day average. The ones I get now are 419 Scam emails. They will stop one the sender isolates who is reporting their junk and gets their gmail/yahoo accounts closed.

Well, I hope my spamming jerk of a friend is ok and did not get Coronavirus.... but today was pleasantly uninterrupted! Yesterday I had a mail from them and for the first time in a LONG time it did not show SPF fail in the headers. In fact it reportedly associated itself with a well respected marketing outfit called ActiveCampaign. Why do I rate AC so highly? Well they do at very least have an actually comprehensive guide on their long established site about how not to be classed as a spammer. All of which, I think I can truthfully say, my spammer friend(s) flaunt ignorance of! https://www.activecampaign.com/legal/anti-spam-policy Of course this may have been their last ditch attempt to list wash and maybe “Jason at ActiveCampaign d o t c o.m” was happy to give them my info to take me off their list. Who knows eh? At least it might be done with. So what now? One day of nil spam does not maketh tranquility... it could be Coronavirus or something less scary. They may be back tomorrow. If they are, I’ll do everything I can to make their marketing ineffective and and as fruitless as can be. Alternatively, if that is my lot, I’ll dance a jig, pour something cool and clear to drink, and store the folder of junk they’ve sent me away until they mess up and restart. Fingers and toes crossed. Good luck all you spam warriors!

I use those sites that scan the url for the redirects and see where they end up (if I have the time)

Funny because all mine were either bit.ly or googleuser links (either way, it’s all about more redirects to hide behind)

My spammer switched target sites again today. Cannot use the same domain/site in California (Google) for too many spams or it risks blacklist status and gets shut down. So it’s back to .RU or other Eastern Europe for a bit I guess. Today’s fun fascinating final target spamvertized sites are rewardyoursurvey.com (I doubt the reward is enough for my time) Any of you guys been seeing this in the hops from spam link to target site? http://masscancel.site/r.php or mayattented.live site? both hosted by DigitalOcean and both were created by the spam guy via Namecheap, before being used on the same day for the emails he sends.

Because the spam affiliate scam artist is income maybe. And AWS does like to get its income (funds its effort to dominate the online retail space?)

Dunno. One thing I did find today, and it seems to list a lot of what I have seen in terms of spam email topics: https://www.maxbounty.com/campaigns.cfm?offer_id=14005&mbs=Mailer&mba=Click Link&mbo=Medicare Guide - CPL (US)&mbc=14005&mbx1=&mbx2= Thinking of contacting those folks and asking to be added to do not mail list... not sure yet 🤔

I used to send to: abuse@amazonaws.com, ec2-abuse@amazon.com, ipmanagement@amazon.com, abuse@amazon.com I have found that all except “ipmanagement” are now not sent in SpamCop. That’s ok if the ipmanagement one can work. I cannot say it reduced my spam in any way, but complaining directly to the “businesses” might be working. I think, somehow, most of my spam is from an affiliate marketeer. One that follows many very bad practices in email marketing and is also terrible at managing opt outs.

They’ve done that before. It didn’t stop their customer continuing to spew out endless repetitive emails multiple times a day with links to new Namecheap sold domain names for sites that have no purpose except to provide redirect mechanisms to the scam sites the “affiliate spammer” exists to drive traffic to (NerveRenew, Snow Teeth Whitener, Miracle Erectile Dysfunction Cures, Diet Wonder Pills etc.) I’m with you. This scumbag email abuser will say whatever they want and the flow of emails from Amazon IPs will continue (with links to Zupimages, Bit.ly, Imgur, etc.) And the unsubscribe links will continue to be to random (mostly Namecheap domains, and sometimes to actual “mailto” actual email addresses, with many being to domains that don’t even have an MX running at them) In short, useless of Amazon to claim they are doing anything. They are in bed with the Namecheap customer.