1. Forum
  2. Usenet
  3. NEWS.ADMIN.NET-ABUSE.EMAI

  • Strange spam, or not?

    From Andreas Kohlbach@21:1/5 to All on Thu Dec 21 13:44:47 2023
    Got weird spam today which made it into the inbox.

    Although it came via Mailchimp (and in my experience they don't care much
    about spam complaints) and the site hosted at Google I would not assume
    this is spam or scam. Or is planeslive scam per se?

    =====

    Received: from o4728.e.email.planeslive.com
    (o4728.e.email.planeslive.com. [223.165.119.254])
    by mx.google.com with ESMTPS
    id d6-20020a0caa06000000b0067a92d7c4b7si1698005qvb.319.2023.12.21.01.05.20
    for <my@email.address>
    (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256
    bits=128/128); Thu, 21 Dec 2023 01:05:21 -0800 (PST)

    [Snippage of DCIM and other headers]

    Received: from MzI2OTI3Nzc (unknown) by geopod-ismtpd-12 (SG) with HTTP
    id h2wInTIuChMIV_cse9A Thu, 21 Dec 2023 09:05:19.469 +0000 (UTC)
    Content-Type: multipart/alternative; boundary=12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
    Date: Thu, 21 Dec 2023 09:05:19 +0000 (UTC)
    From: Planes Live <planes@email.planeslive.com>
    Mime-Version: 1.0
    Subject: Start a free trial, travel like a Pro ◈

    [...]


    --12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49 Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain; charset=utf-8
    Mime-Version: 1.0

    Travel smarter with Pro.
    ‌ ‌ ‌ ‌ ‌ ‌ ‌
    ‌ ‌ ‌ ‌ ‌ ‌ ‌
    ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
    ‌ ‌ ‌ ‌ ‌ ‌ ‌
    ‌ ‌ ‌ ‌ ‌ ‌ ‌
    ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

    Planes Live ( https://link.email.planeslive.com/ls (long ID here)
    ====Anyone else got mail from them these days?

    Suppose I don't need to say I never signed up for their service.
    --
    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Ritz@21:1/5 to Andreas Kohlbach on Thu Dec 21 13:23:45 2023
    This message is in MIME format. The first part should be readable text,
    while the remaining parts are likely unreadable without MIME-aware tools.

    On Thursday, 21 December 2023 13:44 -0500,
    in article <878r5njsyo.fsf@usenet.ankman.de>,
    Andreas Kohlbach <ank@spamfence.net> wrote:

    Got weird spam today which made it into the inbox.

    Although it came via Mailchimp (and in my experience they don't care
    much about spam complaints) and the site hosted at Google I would
    not assume this is spam or scam. Or is planeslive scam per se?

    This, whatever it might be, came via sendgrid.com, not Mailchimp.

    =====

    Received: from o4728.e.email.planeslive.com
    (o4728.e.email.planeslive.com. [223.165.119.254])
    by mx.google.com with ESMTPS
    id d6-20020a0caa06000000b0067a92d7c4b7si1698005qvb.319.2023.12.21.01.05.20 for <my@email.address>
    (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256
    bits=128/128); Thu, 21 Dec 2023 01:05:21 -0800 (PST)

    $ whois -h whois.arin.net 223.165.119.0/24

    [...]

    # start

    NetRange: 223.165.119.0 - 223.165.119.255
    CIDR: 223.165.119.0/24
    NetName: SG-223-165-119-0
    NetHandle: NET-223-165-119-0-1
    Parent: BRAZE-7 (NET-223-165-112-0-1)
    NetType: Reassigned
    OriginAS:
    Organization: SendGrid, Inc. (SENDG-12)
    RegDate: 2020-09-08
    Updated: 2020-09-08
    Ref: https://rdap.arin.net/registry/ip/223.165.119.0


    OrgName: SendGrid, Inc.
    OrgId: SENDG-12
    Address: Twilio, Inc.
    Address: 1801 California Street
    Address: Suite 500
    City: Denver
    StateProv: CO
    PostalCode: 80202
    Country: US
    RegDate: 2012-06-14
    Updated: 2020-11-13
    Comment: http://www.sendgrid.com
    Comment:
    Comment: (888) 985-8363
    Comment: Support hours: M-F, 7a-7p Mountain Time.
    Ref: https://rdap.arin.net/registry/entity/SENDG-12


    OrgTechHandle: CTG2-ARIN
    OrgTechName: Guething, Carl Thomas
    OrgTechPhone: +1-888-985-7363
    OrgTechEmail: t+arin@sendgrid.com
    OrgTechRef: https://rdap.arin.net/registry/entity/CTG2-ARIN

    OrgAbuseHandle: ABUSE3074-ARIN
    OrgAbuseName: Abuse Desk
    OrgAbusePhone: +1-888-985-7363
    OrgAbuseEmail: abuse@sendgrid.com
    OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3074-ARIN

    OrgTechHandle: TSNO-ARIN
    OrgTechName: Twilio SendGrid Network Operations
    OrgTechPhone: +1-888-985-7363
    OrgTechEmail: netops+arin@sendgrid.com
    OrgTechRef: https://rdap.arin.net/registry/entity/TSNO-ARIN

    # end

    [Snippage of DCIM and other headers]

    Received: from MzI2OTI3Nzc (unknown) by geopod-ismtpd-12 (SG) with HTTP
    id h2wInTIuChMIV_cse9A Thu, 21 Dec 2023 09:05:19.469 +0000 (UTC) Content-Type: multipart/alternative; boundary=12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
    Date: Thu, 21 Dec 2023 09:05:19 +0000 (UTC)
    From: Planes Live <planes@email.planeslive.com>
    Mime-Version: 1.0
    Subject: Start a free trial, travel like a Pro ◈

    [...]

    [...]
    Planes Live ( https://link.email.planeslive.com/ls (long ID here)
    ======

    Anyone else got mail from them these days?

    https://check.spamhaus.org/not_listed/?searchterm=planeslive.com

    Host planeslive.com.dbl.spamhaus.org not found: 3(NXDOMAIN)
    Host planeslive.com.multi.uribl.com not found: 3(NXDOMAIN)
    Host planeslive.com.multi.surbl.org not found: 3(NXDOMAIN)
    Host planeslive.com.uribl.spameatingmonkey.net not found: 3(NXDOMAIN)
    Host planeslive.com.v1.bl.dns-nod.net not found: 3(NXDOMAIN)
    Host planeslive.com.iddb.isipp.com not found: 3(NXDOMAIN)

    Suppose I don't need to say I never signed up for their service.

    'Tis the season for ignoring all best practices. This, however, appears
    to be a frequent issue for Twilio/SendGrid senders.

    https://www.spamhaus.org/sbl/listings/sendgrid.com

    --
    David Ritz <dritz@mindspring.com>
    Be kind to animals; kiss a shark.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Thu Dec 21 20:38:24 2023
    Am 21.12.2023 um 13:23:45 Uhr schrieb David Ritz:

    Suppose I don't need to say I never signed up for their service.

    'Tis the season for ignoring all best practices. This, however,
    appears to be a frequent issue for Twilio/SendGrid senders.

    https://www.spamhaus.org/sbl/listings/sendgrid.com

    sendgrid sells their service to spammers and doesn't care, I've also experienced that.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas Kohlbach@21:1/5 to David Ritz on Thu Dec 21 19:13:49 2023
    On Thu, 21 Dec 2023 13:23:45 -0600, David Ritz wrote:

    On Thursday, 21 December 2023 13:44 -0500,
    in article <878r5njsyo.fsf@usenet.ankman.de>,
    Andreas Kohlbach <ank@spamfence.net> wrote:

    Got weird spam today which made it into the inbox.

    Although it came via Mailchimp (and in my experience they don't care
    much about spam complaints) and the site hosted at Google I would
    not assume this is spam or scam. Or is planeslive scam per se?

    This, whatever it might be, came via sendgrid.com, not Mailchimp.

    Same (scammy email provider) for me. ;-)

    Sorry, should had double checked.

    [...]

    Suppose I don't need to say I never signed up for their service.

    'Tis the season for ignoring all best practices. This, however, appears
    to be a frequent issue for Twilio/SendGrid senders.

    https://www.spamhaus.org/sbl/listings/sendgrid.com

    Still odd I got this, assuming planeslive are kosher. But they failed
    executing a confirmed opt-in.

    Also getting quite some real order confirmations from companies of India,
    like ICICI bank. Sent by them, no fraudulent links or anything suspicious.

    Or a company managing condos there. Sometimes I see "Ankish", so I
    suppose the guy made a spello and used my email address by accident.

    Even the real Government of India once had me in their mailing list once...
    --
    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)