Jump to content

More and more DEVNULL reports


Sven Golly

Recommended Posts

It seems I have been seeing more SpamCop reports going to devnull lately. For example, I am getting spam via salesforce.com and those ALL go to devnull. Is this because salesforce.com is not acting? Do they have a behind the scenes deal with CISCO (SpamCop)? Salesforce does have a working abuse@salesforce.com address so it can't be lack of that. Any thoughts?

Link to comment
Share on other sites

devnull because of 1 of 3 reasons.

1) Does not want munged reports
2) No abuse address is available to sent reports to
3) Action has reported been taken against abuser, thus no more reports are needed, but you will see such a message in the report.

 

 

Link to comment
Share on other sites

  • 1 year later...

The problem seems to be that salesforce doesn't do anything about spam. Their abuse address is abuse@salesforce.com, but it is a big black hole. I contacted them on twitter and they said to forward the reports to security@salesforce.com, which I did. They claimed they would look into them, and the spam did seem to stop.

However a week ago I got a spam from exacttarget (now owned by salesforce) and I forwarded it to security@salesforce.com. The reply I got was that they had unsubscribed the recipient email address from the mailing list, along with a screenshot of said unsubscribe! I replied saying I didn't want to unsubscribe, but was reporting spam, and asked what they intended to do. I haven't gotten a reply.

And now this morning I see a spam from newswatchtv, the same spammer I reported to their security@salesforce.com in November 2020 (after them saying that reporting the spam there would get it resolved). This was from smtp12-ia4-sp1.mta.salesforce.com [13.110.74.235], the main salesforce network (not exacttarget).

So, basically they are a huge waste of time, and I don't think I have ever received any legitimate emails via salesforce and am considering blocking their entire network if I can easily figure out their ip ranges.

Link to comment
Share on other sites

On 8/9/2022 at 1:11 AM, groupboard said:

13.110.74.235

13.110.74.235 abuse address is not salesforce?
It is abuse[ AT]c[DOT]exacttarget[DOT]com at least that is what my Wuois comes up with?

Edited by petzl
Link to comment
Share on other sites

20 hours ago, petzl said:

13.110.74.235 abuse address is not salesforce?
It is abuse[ AT]c[DOT]exacttarget[DOT]com at least that is what my Wuois comes up with?

Exacttarget is owned by salesforce. Monday's newswatchtv spam came from 13.110.74.235 (smtp12-ia4-sp1.mta.salesforce.com), and that spammer was previously reported to abuse@salesforce.com and security@salesforce.com multiple times (due to multiple spams from them) in Nov 2020.

Link to comment
Share on other sites

10 hours ago, groupboard said:

Exacttarget is owned by salesforce. Monday's newswatchtv spam came from 13.110.74.235 (smtp12-ia4-sp1.mta.salesforce.com), and that spammer was previously reported to abuse@salesforce.com and security@salesforce.com multiple times (due to multiple spams from them) in Nov 2020.

Can you give a URL for a SpamCop track Before you submit a report it is at top of page.
Do they have a unsubscribe link? Not seeing they are Blackhats?
Had problems with kindle Amazon giving my credit card (CC) details to Audio books. my kindle don't do audio. but they are pushy/scamy (not first time, always cancel their "free" offer in buying a Kindle book), they then without asking signed me up for a "free" 14 day trail,
Then did a zero amount check on my CC the moment they did this.
My bank sent a auto SMS Alert, do I recognize "CLIENTCONNECT.AI", I replied no and card is considered compromised so deactivated.
A real pain be a long while before I use Amazon again.
Sounds like your details have been also passed on maybe?

Link to comment
Share on other sites

6 hours ago, petzl said:

Can you give a URL for a SpamCop track Before you submit a report it is at top of page.
Do they have a unsubscribe link? Not seeing they are Blackhats?
Had problems with kindle Amazon giving my credit card (CC) details to Audio books. my kindle don't do audio. but they are pushy/scamy (not first time, always cancel their "free" offer in buying a Kindle book), they then without asking signed me up for a "free" 14 day trail,
Then did a zero amount check on my CC the moment they did this.
My bank sent a auto SMS Alert, do I recognize "CLIENTCONNECT.AI", I replied no and card is considered compromised so deactivated.
A real pain be a long while before I use Amazon again.
Sounds like your details have been also passed on maybe?

I'm not sure what you're getting at here. The problem is simply that salesforce doesn't do anything about spam reports and they have now confirmed that. The spams have been sent to various email addresses on our network from various spammers. Some have unsubscribe links, others (such as newswatch TV) don't have any unsubscribe links. I won't be reporting any further salesforce spam, as it's a waste of time.

The spammers presumably purchase lists of email addresses that have been scraped from websites, or guessed from linkedin and then sold. None of the spammers in question had any contact with us previously. Basically just the same as all other spam.

Link to comment
Share on other sites

9 hours ago, groupboard said:

The spammers presumably purchase lists of email addresses t

Can you give a URL for a SpamCop track Before you submit a report it is at top of page.
Do they have a unsubscribe link? Not seeing salesforce are Blackhats?
abuse[ AT]c[DOT]exacttarget[DOT]com add to next report

Link to comment
Share on other sites

19 hours ago, petzl said:

Can you give a URL for a SpamCop track Before you submit a report it is at top of page.
Do they have a unsubscribe link? Not seeing salesforce are Blackhats?
abuse[ AT]c[DOT]exacttarget[DOT]com add to next report

You can see two of the spams here:

 

https://pastebin.com/r1kdNGc9

https://pastebin.com/4Yybr1NP

One has an unsubscribe, one doesn't.

I just noticed the eco.de complaint address, so I've sent a complaint there.

Link to comment
Share on other sites

Just did a quick google lookup on salesforce and exacttarget. Surprising information what salesforce has done in the last decade and a half!
surprise: Salesforce bought exacttarget in 2013 for $2.5 billion and having it renamed to Salesforce Marketing Cloud.
in other words, whatever you send to exacttarget and "many other bought companies" by salesforce should go to salesforce.

I do have the feeling that salesforce is getting away as "innocent" because everybody thinks that the companies they bought during these last 15 or so years are independent, alas they are owned and operated by salesforce!

Link to comment
Share on other sites

13.110.74.235 has the right address for this IP bounces salesforce
13.111.68.15 is abuse[ AT]c[DOT]exacttarget[DOT]com don't take SpamCop reports
There are also the US government that address Cyber abuse - central[AT]cisa[DOT]dhs[DOT]gov (AFAIK)
Seems to me someone you deal with has given your details to Saleforce as Amazon did to me!
Also put your your spam on their Facebook page state they refuse abuse reports, ignore unsubscribe, etc.
https://www.facebook.com/SalesforceAPAC/
The best way to do this is send a SpamCop Tracking url
top of page before you submit.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6770888978zba9c05deea1cc1ab344161b60c8b6fb9z
 

Edited by petzl
Link to comment
Share on other sites

31 minutes ago, RobiBue said:

Just did a quick google lookup on salesforce and exacttarget. Surprising information what salesforce has done in the last decade and a half!
surprise: Salesforce bought exacttarget in 2013 for $2.5 billion and having it renamed to Salesforce Marketing Cloud.
in other words, whatever you send to exacttarget and "many other bought companies" by salesforce should go to salesforce.

I do have the feeling that salesforce is getting away as "innocent" because everybody thinks that the companies they bought during these last 15 or so years are independent, alas they are owned and operated by salesforce!

Look like a house of cards and panicking 

Link to comment
Share on other sites

Still getting these newswatchtv spams, but I see the ip in question (smtp13-ia4-sp1.mta.salesforce.com [13.110.74.236]) is on the SORBS spam list.

My spam filter does actually check salesforce emails against SORBS spam. (I don't do that for all emails, as it can have quite a few false positives, but for stuff like salesforce that's fine). The reason it got through the spam filter is because I reduce the spam score when our company name is used in the email (which it was for this spam). So I just need to either rethink my heuristics, or else badger salesforce some more.

Link to comment
Share on other sites

On 8/19/2022 at 1:49 AM, groupboard said:

Still getting these newswatchtv spams, but I see the ip in question (smtp13-ia4-sp1.mta.salesforce.com [13.110.74.236]) is on the SORBS spam list.

Unless you effectively report these you will get more and more until you fall over.
They provide "cloud space" free 30 day trails" a spammers haven.
They also seem ignore abuse reports, even if they shut a free spam account, the offending spam bot just creates a new one
 

Start your free trial.

No credit card required, no software to install.

With your 30-day trial, you get:
  • Pre-loaded data or upload your own
  • Pre-configured processes, reports, and dashboards
  • Guided experiences for sales reps, leaders, and administrators
  • Online training and live onboarding webinars
Edited by petzl
Link to comment
Share on other sites

On 8/18/2022 at 9:49 AM, groupboard said:

My spam filter does actually check salesforce emails against SORBS spam.

I added my own blocking list.  My spam filter doesn't reject email from any single list.  I has to be on multiple lists.  (I no longer have seen false positives.)

13 hours ago, petzl said:

Unless you effectively report these you will get more and more until you fall over.

Also to note that when properly reporting, it feeds spamcop's blocking list.  The list can also add to the spam score.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...