? Halloween Zombie Porn? ? Confirm your Subscription Now ! ??? (and similarly titled emails)

[lepa71]

I started getting a lot of spam from a private Google group. Here is the whole email with a header.  Google needs to do something about it.

Delivered-To: XX
Received: by 2002:ac9:2dad:0:0:0:0:0 with SMTP id g45-v6csp545233oce;
        Wed, 7 Nov 2018 06:24:46 -0800 (PST)
X-Received: by 2002:a25:58c6:: with SMTP id m189-v6mr458372ybb.80.1541600686183;
        Wed, 07 Nov 2018 06:24:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1541600686; cv=none;
        d=google.com; s=arc-20160816;
        b=M2GsUZVwDPCBu2EJlzSZe0RJT+sqpSxhXwcqBMenXRzQX+T7oSsjG9wjKMXVc8BUKV
         G0Y7rzce1aF+U1xu+fp2PWYLMOKMZivVJ8/mDGaw8F8cc14BLXMuXj6/QWlAcVJvCkc6
         Z0viPcEHBrDabae5qQinP/4e5/6nd34upu/ZsO+3p0J32Cd8xkHLJcttl4QnRdqSU/aT
         ah4WMtXHIdAd+SUxR5GVgZCr+7r+jYL7iYDTrjPUd79F5UxuvdE6WM5/s12nXS01lTB3
         rlSRXOBm9QYBYiUT8Qzl6v1JHZziWGWC41WgaKsDJwNO6VCc0G87vh8uM1qexD5CLwN0
         MJMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-archive:list-help:list-post:list-id
         :mailing-list:precedence:mime-version:subject:message-id:to:from
         :date:dkim-signature;
        bh=mP8gVWXOEmnpwckcjEng1uSeKBNMR1DGfTCWeRAbG34=;
        b=yDZwIauN85oZf32xY9a5qXyWM3JbQaS2JHBKV7xB155eOAyN2ZLFiCeynLZZJzMfxm
         YlCaS436OqqjGSgX2Tb66KWAC+u0K2FM4eaeqPlXmU6ValUmgtBb3XwYzDxEgA6dFFGy
         R6NOxB4tUILkk+C1PspwDmj11hgzwZ2/6SAIFNBeb/kqCSRJqeHHu9MNBGPruGJkFvXt
         Xe8zDgwZXXJfA8k7qz1VF7P1X1WstpR0gQi6rfeyfNuQXTt5E9O8TlCwwRAp8o/2w0vm
         xl1PYSamRI/fxcdDKjYzMvejTFX5RkfhW9FVykzlLnmrdM/TCpWBwcOBSnktSU4SJogl
         TDzA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@visalapsa-gq.20150623.gappssmtp.com header.s=20150623 header.b=Duad5zvo;
       spf=neutral (google.com: 209.85.220.69 is neither permitted nor denied by best guess record for domain of unsubscribe-me297+bncbccibjun7ylbbjplrppqkgqem34nkci@visalapsa.gq) smtp.mailfrom=unsubscribe-me297+bncBCCIBJUN7YLBBJPLRPPQKGQEM34NKCI@visalapsa.gq
Return-Path: <unsubscribe-me297+bncBCCIBJUN7YLBBJPLRPPQKGQEM34NKCI@visalapsa.gq>
Received: from mail-sor-f69.google.com (mail-sor-f69.google.com. [209.85.220.69])
        by mx.google.com with SMTPS id 23-v6sor115582ywu.193.2018.11.07.06.24.46
        for <XX>
        (Google Transport Security);
        Wed, 07 Nov 2018 06:24:46 -0800 (PST)
Received-SPF: neutral (google.com: 209.85.220.69 is neither permitted nor denied by best guess record for domain of unsubscribe-me297+bncbccibjun7ylbbjplrppqkgqem34nkci@visalapsa.gq) client-ip=209.85.220.69;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@visalapsa-gq.20150623.gappssmtp.com header.s=20150623 header.b=Duad5zvo;
       spf=neutral (google.com: 209.85.220.69 is neither permitted nor denied by best guess record for domain of unsubscribe-me297+bncbccibjun7ylbbjplrppqkgqem34nkci@visalapsa.gq) smtp.mailfrom=unsubscribe-me297+bncBCCIBJUN7YLBBJPLRPPQKGQEM34NKCI@visalapsa.gq
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=visalapsa-gq.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:message-id:subject:mime-version:x-original-sender
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-unsubscribe;
        bh=mP8gVWXOEmnpwckcjEng1uSeKBNMR1DGfTCWeRAbG34=;
        b=Duad5zvoy8/8JEGgJe+K5l97zu+59R9V8U3VCHzDYlKHjtEdqZl28lpq7CKXsAyLqp
         BaiKxubMKTju6naOtyWfpMvUhX4LXsWGJutB5raSubthEwlm4HHPwDLfCbQaHdZnJL77
         Jkldl7W6bEhCMXBCWZQEOTuUv/MeWXFmkfYJti455lQk/ZfH8oXfWfE5y4NEbanhY7M8
         5fB9nmRd92xD4Uo9tk1vvnsZj22SvijwyeidTyG6Vvx3X5nNBV/R2H/0JDvkYVEiMVS7
         XkJxORstNIAv3TuuzT30bLAcTCWaeafP5oMTTnueFIcazWHgUz94VrcdqbnqC1ZS44eD
         r3mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:message-id:subject:mime-version
         :x-original-sender:precedence:mailing-list:list-id:list-post
         :list-help:list-archive:list-unsubscribe;
        bh=mP8gVWXOEmnpwckcjEng1uSeKBNMR1DGfTCWeRAbG34=;
        b=W62ueM/qTXcS9GCDxGNSH+XdvDw/s1JQT1XyAkN/wfsi5GC3jYnx39MT6VXmpF/4l1
         SLijXPilRzRzTR1nPzifqKiUrEm3KY3bYPedcBIdM1sKmtZN1Z2KtXPZBHZytfteHYOJ
         VGwVVuzYagWYgEWj5BSJ7QS/sLCsHHX9ayQXJMvE8JJLxE/o5u3a2ezBRlZ4kYWQjFFD
         IuocFj+kvXP4JqViH7XbuO/u5+e1aNqWRmJQTXCxjt/ulTw++iwyL6KctW8WsMjQsiox
         joty2Vdr6qHvFZr85jnVfMXhwudSLxL+mv7xYBcXWeOgVtZCpeso/xCAY1Cz0jccrl5i
         VV3g==
X-Gm-Message-State: AGRZ1gLiNXHflEYtixMR1co+KonHb45rGnvfTV4clYqoX6+zL/7qvA8T v1LfU/nTUg+t9ICBnof2byqetA==
X-Google-Smtp-Source: AJdET5cf1dxQXTcL0+aYGJU7WrtbnyT3u/UptSnrbJMTrTLhuTHZx9Ot6N5Jlc1Dug30Vj/MW8XWzA==
X-Received: by 2002:a0d:f502:: with SMTP id e2-v6mr227656ywf.9.1541600685887;
        Wed, 07 Nov 2018 06:24:45 -0800 (PST)
X-BeenThere: unsubscribe-me297@visalapsa.gq
Received: by 2002:a25:42c8:: with SMTP id p191-v6ls7551298yba.1.gmail; Wed, 07 Nov 2018 06:24:37 -0800 (PST)
X-Received: by 2002:a5b:705:: with SMTP id g5-v6mr4342ybq.5.1541600677456;
        Wed, 07 Nov 2018 06:24:37 -0800 (PST)
Date: Wed, 7 Nov 2018 06:24:36 -0800 (PST)
From: Unsubscribe-me297 <unsubscribe-me297@visalapsa.gq>
To: Unsubscribe-me297 <unsubscribe-me297@visalapsa.gq>
Message-Id: <11c8076b-282c-441a-bd89-1b34ed909558@visalapsa.gq>
Subject: ? Halloween Zombie Porn? ? Confirm your Subscription Now ! ???
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_2950_1123970729.1541600676952"
X-Original-Sender: unsubscribe-me297@visalapsa.gq
Precedence: list
Mailing-list: list unsubscribe-me297@visalapsa.gq; contact unsubscribe-me297+owners@visalapsa.gq
List-ID: <unsubscribe-me297.visalapsa.gq>
X-Google-Group-Id: 789764997124
List-Post: <https://groups.google.com/a/visalapsa.gq/group/unsubscribe-me297/post>, <mailto:unsubscribe-me297@visalapsa.gq>
List-Help: <https://support.google.com/a/visalapsa.gq/bin/topic.py?topic=25838>, <mailto:unsubscribe-me297+help@visalapsa.gq>
List-Archive: <https://groups.google.com/a/visalapsa.gq/group/unsubscribe-me297/>
List-Unsubscribe: <mailto:googlegroups-manage+789764997124+unsubscribe@googlegroups.com>, <https://groups.google.com/a/visalapsa.gq/group/unsubscribe-me297/subscribe>

------=_Part_2950_1123970729.1541600676952
Content-Type: multipart/alternative; boundary="----=_Part_2951_1121448232.1541600676953"

------=_Part_2951_1121448232.1541600676953
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

 
Confirm NOW and Start your Free Trial on Us! 

Hi There,This is an email to Inform you that your *Email Address* has been 
Listed as a subscriber to receive *Notifications* from our *Zombie Sex +18* 
website.
To make sure we are only sending these emails to our subscribers and to 
respect Subscriber's Terms and Conditions Agreement, we need you to 
*CONFIRM* whether you are a Subscriber or Not! 
If you are a real Subscriber, please renew your Subscription by Responding 
to this Email..
We'd like to make sure we got your right email address .

Yes, it's me.. let's get started! 
<%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=%20yes,%20this%20is%20my%20email%20!> No!.. 
Unsubscribe 
<%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=Unsubscribe%20this%20email%20!> 

If you have any questions you can contact us at Support 
<%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=contact%20Our%20Support,%20my%20email%20!> 
To unsubscribe from the online newsletter service please . (click here 
<%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=remove%20!>) 

<http://go.microsoft.com/fwlink/?LinkID=324395> 
<https://account.live.com/SecurityNotifications/Update>

------=_Part_2951_1121448232.1541600676953
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<div dir="ltr"><div style="color: rgb(79, 86, 93); line-height: 20px; font-family: &quot;Helvetica Neue&quot;, Arial, sans-serif;">
    <center>
      <table style="width: 800px;">
        <tbody>
          <tr>
            <td style="padding-bottom: 20px; border-bottom: 1px solid rgb(233, 237, 238);">			  
<h1 style="text-decoration-line: underline;">Confirm NOW and Start your Free Trial on Us!</h1>
            </td>
          </tr>
	          <tr>
            <td colspan="2" style="padding-top: 30px; padding-bottom: 30px;">
              <p style="color: rgb(29, 34, 39); line-height: 28px; margin: 12px 10px 20px;">
</p><h3 style="text-decoration-line: underline;">Hi There,</h3>This is an email to Inform you that your <b style="text-decoration-line: underline;">Email Address</b> has been Listed as a subscriber to receive <b style="text-decoration-line: underline;">Notifications</b> from our <b style="text-decoration-line: underline;">Zombie Sex +18</b> website.<br>
 To make sure we are only sending these emails to our subscribers and to
 respect Subscriber&#39;s Terms and Conditions Agreement, we need you to  <b style="text-decoration-line: underline;">CONFIRM</b> whether you are a Subscriber or Not! <br>
If you are a real Subscriber, please renew your Subscription by Responding to this Email..<br>We&#39;d like to make sure we got your right email address .<p></p>
                <a style="display: inline-block; padding: 18px 22px; background-color: rgb(84, 135, 150); border-width: 2px; border-style: solid; border-color: rgb(128, 0, 128); border-radius: 5px; color: rgb(255, 255, 255); font-weight: bold;" href="mailto:%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=%20yes,%20this%20is%20my%20email%20!" target="_blank">Yes, it&#39;s me.. let&#39;s get started!   </a>
  <a style="display: inline-block; padding: 18px 22px; background-color: rgb(255, 140, 0); border-width: 2px; border-style: solid; border-color: rgb(255, 140, 0); border-radius: 5px; color: rgb(255, 255, 255); font-weight: bold;" href="mailto:%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=Unsubscribe%20this%20email%20!" target="_blank">No!.. Unsubscribe    </a>
              <p></p>
            </td>
          </tr>
		            <tr>
            <td colspan="2" style="padding-top: 30px; border-top: 1px solid rgb(233, 237, 238); color: rgb(155, 159, 165);">
              If you have any questions you can contact us at <a href="mailto:%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=contact%20Our%20Support,%20my%20email%20!">Support</a>
            </td>
          </tr>
          <tr>
            <td colspan="2" style="border-top-width: 1px; border-top-color: rgb(233, 237, 238); color: rgb(155, 159, 165);">
              To unsubscribe from the online newsletter service please . (<a href="mailto:%3Cadmin@itsnotrock.co.uk%3E,%20%3Cadmin@cloudbrights.co.uk%3E,%20%3Cadmin@liveanddie.co.uk%3E,%20%3Cadmin@fespurg.co.uk%3E,%20%3Cadmin@literateminds.co.uk%3E,%20%3Cadmin@puBlictransportlay.co.uk%3E,%20%3Cadmin@truthescape.co.uk%3E,%20%3Cadmin@enormoon.co.uk%3E,%20%3Cadmin@ballstoyourhand.co.uk%3E,%20%3Cadmin@securityplanshere.co.uk%3E,%20%3Cadmin@sportishere.co.uk%3E?subject=remove%20!">click here</a>)
            </td>
          </tr>
        </tbody>
      </table>
    </center>
  </div>

<a id="iLink2" class="link" style="color: rgb(38, 114, 236);" href="http://go.microsoft.com/fwlink/?LinkID=324395"></a>
<a id="iLink3" class="link" style="color: rgb(38, 114, 236);" href="https://account.live.com/SecurityNotifications/Update"></a></div>
------=_Part_2951_1121448232.1541600676953--
------=_Part_2950_1123970729.1541600676952--

[Lking]

In the future, PLEASE post the spam Tracking URL vs the raw email.

By posting the spam directly you help the spammer by including all the links which make it look like SpamCop is sharing links to the spammer, boosting their standing with any search engines.

It also makes a long scroll for everyone to get to the discussion.

Without a question about reporting, I am moving this thread to the Lounge.

[Steve]

Short of writing Google a letter to get them to stop these emails being sent  from IP address 209.85.220.69, what can I do to get them to take appropriate action against this and blacklist it so it can't be used for spam anymore? I have reported 13 emails to Google's abuse address about this in the last 2 days and 39 in total (I get 3-4 a day). They came from several different email addresses, usually the 1st one:

Unsubscribe-me132 <unsubscribe-me132@mitindrhm.cf>, "Please Confirm <strapgr_213@hapt01cn.ml>" or variants/variations of it, such as this one: ("Please Confirm <strapgr_142@michellelafosse.ml>" or this one: "congratulations <strapgr_241@moriyama.ml>"), "Unsubscribe-me132 <unsubscribe-me132@denamarke.tk>" 

Attempting to access any of the Group URLs (such as the one below and its variants/variations) in the emails results in the url redirecting to this 2nd link  as well displaying this when clicking on the 2nd link:
https://groups.google.com/a/mitindrhm.cf/group/unsubscribe-me132



 Google Groups
Authorization Failed
This group is on a private domain.
Please sign in with an authorized account to view this content.

----------------------------------------------------------------------------------------------------------------

Here's tracking URL for one of the emails

 

https://www.spamcop.net/sc?id=z6497296422zc7cd4be6fe49cdb5a13994e922e19258z

Edited November 8, 2018 by Steve

[Lking]

Yes I remember seeing spam similar to this.  Thank you for including a Tracking URL.

I assume you did not follow the unsubscribe link, which confirmed for the spammer that a real person reads email sent to your email address.

[Steve]

2 hours ago, Lking said:

Yes I remember seeing spam similar to this.  Thank you for including a Tracking URL.

I assume you did not follow the unsubscribe link, which confirmed for the spammer that a real person reads email sent to your email address.

Nope. The unsubscribe link is a bunch of shady email addresses that I wouldn’t think twice of sending emails to! I received several more in my spam folder today. I have yet to do anything with them. Should I do something with them?

Edited November 8, 2018 by Steve

[Lking]

Continue reporting them to SpamCop and on to Google.  If a 1/3 of the large ISP/MSP would fix/block 1/3 of the spammers they host life would be much nicer.  In the mean time HotMail is blocking me.

The fight goes on.

[mojorisin]

It seems quite a few people are hacked off with that IP address ☹️

IP Abuse Reports for 209.85.220.69:

This IP address has been reported a total of 407 times from 94 distinct sources. 209.85.220.69 was first reported on December 2nd 2017, and the most recent report was 3 hours ago.
https://www.abuseipdb.com/check/209.85.220.69?page=1#report

[Steve]

Just reported several more today. At some point Google's gonna have to take action against this IP address.

[gnarlymarley]

12 hours ago, Steve said:

Just reported several more today. At some point Google's gonna have to take action against this IP address.

Hence this is what the blacklist is for.  The sad part is sometimes legitimate email needs to be sometimes rejected by servers using the blacklist in order for some admins to realize that it is best if they take action.  Having their IP on the blacklist is usually a motivator for admins to clean up their servers.

[gnarlymarley]

On 11/7/2018 at 9:00 AM, lepa71 said:

I started getting a lot of spam from a private Google group. Here is the whole email with a header.  Google needs to do something about it.

I am not sure if google will fix this problem.  Probably been going on for more than a year.  See the following post, which goes back to as early as January.

 

[Steve]

How are private Google Groups allowed to send these unsolicited emails and then include a bunch of shady email addresses that no one should think twice of sending emails to to get their email addy removed from said list that they were never on in the first place?!?!?!?!?