Rocksolid Light - news.admin.net-abuse.email

Strange spam, or not?

<878r5njsyo.fsf@usenet.ankman.de>

https://news.novabbs.org/computers/article-flat.php?id=1482&group=news.admin.net-abuse.email#1482

copy link Newsgroups: news.admin.net-abuse.email

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ank@spamfence.net (Andreas Kohlbach)
Newsgroups: news.admin.net-abuse.email
Subject: Strange spam, or not?
Date: Thu, 21 Dec 2023 13:44:47 -0500
Organization: A noiseless patient Spider
Lines: 57
Message-ID: <878r5njsyo.fsf@usenet.ankman.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: dont-email.me; posting-host="c66df63c65347a84c49b80914c98e805";
logging-data="1244671"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/P/HDQpBPUO1gojjl3GQyW"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:85me3wMfx2HXnBxjLCOWj5bhFNQ=
sha1:ZjqYUPlpswOLwFVFovy4ioYrGlc=
X-No-Archive: Yes

by: Andreas Kohlbach - Thu, 21 Dec 2023 18:44 UTC

Got weird spam today which made it into the inbox.

Although it came via Mailchimp (and in my experience they don't care much
about spam complaints) and the site hosted at Google I would not assume
this is spam or scam. Or is planeslive scam per se?

=====

Received: from o4728.e.email.planeslive.com
(o4728.e.email.planeslive.com. [223.165.119.254])
by mx.google.com with ESMTPS
id d6-20020a0caa06000000b0067a92d7c4b7si1698005qvb.319.2023.12.21.01.05.20
for <my@email.address>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256
bits=128/128); Thu, 21 Dec 2023 01:05:21 -0800 (PST)

[Snippage of DCIM and other headers]

Received: from MzI2OTI3Nzc (unknown) by geopod-ismtpd-12 (SG) with HTTP
id h2wInTIuChMIV_cse9A Thu, 21 Dec 2023 09:05:19.469 +0000 (UTC)
Content-Type: multipart/alternative;
boundary=12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
Date: Thu, 21 Dec 2023 09:05:19 +0000 (UTC)
From: Planes Live <planes@email.planeslive.com>
Mime-Version: 1.0
Subject: Start a free trial, travel like a Pro ◈

[...]

--12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0

Travel smarter with Pro.
=E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=
=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=80=
=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
= =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=
=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=80=
=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
= =E2=80=8C
Planes Live ( https://link.email.planeslive.com/ls (long ID here)
======

Anyone else got mail from them these days?

Suppose I don't need to say I never signed up for their service.
--
Andreas

Re: Strange spam, or not?

<pnr3p8ps-63n4-s02q-n26p-0rqo7391n8s6@zvaqfcevat.pbz>

copy mid

https://news.novabbs.org/computers/article-flat.php?id=1483&group=news.admin.net-abuse.email#1483

copy link Newsgroups: news.admin.net-abuse.email

Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!news-2.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: dritz@mindspring.com (David Ritz)
Newsgroups: news.admin.net-abuse.email
Subject: Re: Strange spam, or not?
Date: Thu, 21 Dec 2023 13:23:45 -0600
Organization: SpamBusters!
Lines: 126
Message-ID: <pnr3p8ps-63n4-s02q-n26p-0rqo7391n8s6@zvaqfcevat.pbz>
References: <878r5njsyo.fsf@usenet.ankman.de>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="0-755582500-1703186626=:24069"
X-Trace: individual.net Z7TeECcc7BlYUT++vwSruwzRg3QSBbJOiekegnMEC/8T1A6kEy
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:+kn9FMaPXGXYv4b0WMFgf5Fr5t8= sha256:3hm/5KZoop5qGVT5jZO2pbGurduXL+cYSEVWK9o/cng=
In-Reply-To: <878r5njsyo.fsf@usenet.ankman.de>
OpenPGP: id=9CD055375C05466038D2194852BC29991A12DEEB
X-Comment-1: Spam is bad. <http://trillian.mit.edu/~jc/humor/WhatIsSpam.html>
X-Comment-2: LART a spammer for Dobbs.
X-Comment-3: Invalid assumptions tend to produce invalid conclusions.
X-Comment-4: This message is intended to be read with a monospaced font.
X-Meow: yes

by: David Ritz - Thu, 21 Dec 2023 19:23 UTC

On Thursday, 21 December 2023 13:44 -0500,
in article <878r5njsyo.fsf@usenet.ankman.de>,
Andreas Kohlbach <ank@spamfence.net> wrote:

> Got weird spam today which made it into the inbox.

> Although it came via Mailchimp (and in my experience they don't care
> much about spam complaints) and the site hosted at Google I would
> not assume this is spam or scam. Or is planeslive scam per se?

This, whatever it might be, came via sendgrid.com, not Mailchimp.

> =====
>
> Received: from o4728.e.email.planeslive.com
> (o4728.e.email.planeslive.com. [223.165.119.254])
> by mx.google.com with ESMTPS
> id d6-20020a0caa06000000b0067a92d7c4b7si1698005qvb.319.2023.12.21.01.05.20
> for <my@email.address>
> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256
> bits=128/128); Thu, 21 Dec 2023 01:05:21 -0800 (PST)

$ whois -h whois.arin.net 223.165.119.0/24

[...]

# start

NetRange: 223.165.119.0 - 223.165.119.255
CIDR: 223.165.119.0/24
NetName: SG-223-165-119-0
NetHandle: NET-223-165-119-0-1
Parent: BRAZE-7 (NET-223-165-112-0-1)
NetType: Reassigned
OriginAS:
Organization: SendGrid, Inc. (SENDG-12)
RegDate: 2020-09-08
Updated: 2020-09-08
Ref: https://rdap.arin.net/registry/ip/223.165.119.0

OrgName: SendGrid, Inc.
OrgId: SENDG-12
Address: Twilio, Inc.
Address: 1801 California Street
Address: Suite 500
City: Denver
StateProv: CO
PostalCode: 80202
Country: US
RegDate: 2012-06-14
Updated: 2020-11-13
Comment: http://www.sendgrid.com
Comment:
Comment: (888) 985-8363
Comment: Support hours: M-F, 7a-7p Mountain Time.
Ref: https://rdap.arin.net/registry/entity/SENDG-12

OrgTechHandle: CTG2-ARIN
OrgTechName: Guething, Carl Thomas
OrgTechPhone: +1-888-985-7363
OrgTechEmail: t+arin@sendgrid.com
OrgTechRef: https://rdap.arin.net/registry/entity/CTG2-ARIN

OrgAbuseHandle: ABUSE3074-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-888-985-7363
OrgAbuseEmail: abuse@sendgrid.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3074-ARIN

OrgTechHandle: TSNO-ARIN
OrgTechName: Twilio SendGrid Network Operations
OrgTechPhone: +1-888-985-7363
OrgTechEmail: netops+arin@sendgrid.com
OrgTechRef: https://rdap.arin.net/registry/entity/TSNO-ARIN

# end

> [Snippage of DCIM and other headers]
>
> Received: from MzI2OTI3Nzc (unknown) by geopod-ismtpd-12 (SG) with HTTP
> id h2wInTIuChMIV_cse9A Thu, 21 Dec 2023 09:05:19.469 +0000 (UTC)
> Content-Type: multipart/alternative;
> boundary=12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
> Date: Thu, 21 Dec 2023 09:05:19 +0000 (UTC)
> From: Planes Live <planes@email.planeslive.com>
> Mime-Version: 1.0
> Subject: Start a free trial, travel like a Pro ◈
>
> [...]
>
[...]
> Planes Live ( https://link.email.planeslive.com/ls (long ID here)
> ======

> Anyone else got mail from them these days?

https://check.spamhaus.org/not_listed/?searchterm=planeslive.com

Host planeslive.com.dbl.spamhaus.org not found: 3(NXDOMAIN)
Host planeslive.com.multi.uribl.com not found: 3(NXDOMAIN)
Host planeslive.com.multi.surbl.org not found: 3(NXDOMAIN)
Host planeslive.com.uribl.spameatingmonkey.net not found: 3(NXDOMAIN)
Host planeslive.com.v1.bl.dns-nod.net not found: 3(NXDOMAIN)
Host planeslive.com.iddb.isipp.com not found: 3(NXDOMAIN)

> Suppose I don't need to say I never signed up for their service.

'Tis the season for ignoring all best practices. This, however, appears
to be a frequent issue for Twilio/SendGrid senders.

https://www.spamhaus.org/sbl/listings/sendgrid.com

--
David Ritz <dritz@mindspring.com>
Be kind to animals; kiss a shark.

Re: Strange spam, or not?

<um247h$16ieo$1@dont-email.me>

copy mid

https://news.novabbs.org/computers/article-flat.php?id=1484&group=news.admin.net-abuse.email#1484

copy link Newsgroups: news.admin.net-abuse.email

Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mm+usenet-es@dorfdsl.de (Marco Moock)
Newsgroups: news.admin.net-abuse.email
Subject: Re: Strange spam, or not?
Date: Thu, 21 Dec 2023 20:38:24 +0100
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <um247h$16ieo$1@dont-email.me>
References: <878r5njsyo.fsf@usenet.ankman.de>
<pnr3p8ps-63n4-s02q-n26p-0rqo7391n8s6@zvaqfcevat.pbz>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 21 Dec 2023 19:38:25 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="a2a7d78dc5505cee10bad240a240aa1a";
logging-data="1264088"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1//vSscIK3tt9i/7JLkyfk1"
Cancel-Lock: sha1:l7crv3pZ/Nb0T3vxsg0CKm/CYSs=

by: Marco Moock - Thu, 21 Dec 2023 19:38 UTC

Am 21.12.2023 um 13:23:45 Uhr schrieb David Ritz:

> > Suppose I don't need to say I never signed up for their service.
>
> 'Tis the season for ignoring all best practices. This, however,
> appears to be a frequent issue for Twilio/SendGrid senders.
>
> https://www.spamhaus.org/sbl/listings/sendgrid.com

sendgrid sells their service to spammers and doesn't care, I've also
experienced that.

Re: Strange spam, or not?

<87o7ejhz5u.fsf@usenet.ankman.de>

copy mid

https://news.novabbs.org/computers/article-flat.php?id=1485&group=news.admin.net-abuse.email#1485

copy link Newsgroups: news.admin.net-abuse.email

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ank@spamfence.net (Andreas Kohlbach)
Newsgroups: news.admin.net-abuse.email
Subject: Re: Strange spam, or not?
Date: Thu, 21 Dec 2023 19:13:49 -0500
Organization: A noiseless patient Spider
Lines: 39
Message-ID: <87o7ejhz5u.fsf@usenet.ankman.de>
References: <878r5njsyo.fsf@usenet.ankman.de>
<pnr3p8ps-63n4-s02q-n26p-0rqo7391n8s6@zvaqfcevat.pbz>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: dont-email.me; posting-host="360b2bca3a047b5ca13c851181450391";
logging-data="1342100"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+X1ErJHBt7enqjr8gq/BmQ"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:aMu0IV1OlgOkz1tGY7Dx34/KMOc=
sha1:LNmsycULidd32aiZusmH1mpUQlw=
X-No-Archive: Yes

by: Andreas Kohlbach - Fri, 22 Dec 2023 00:13 UTC

On Thu, 21 Dec 2023 13:23:45 -0600, David Ritz wrote:
>
> On Thursday, 21 December 2023 13:44 -0500,
> in article <878r5njsyo.fsf@usenet.ankman.de>,
> Andreas Kohlbach <ank@spamfence.net> wrote:
>
>> Got weird spam today which made it into the inbox.
>
>> Although it came via Mailchimp (and in my experience they don't care
>> much about spam complaints) and the site hosted at Google I would
>> not assume this is spam or scam. Or is planeslive scam per se?
>
> This, whatever it might be, came via sendgrid.com, not Mailchimp.

Same (scammy email provider) for me. ;-)

Sorry, should had double checked.

[...]

>> Suppose I don't need to say I never signed up for their service.
>
> 'Tis the season for ignoring all best practices. This, however, appears
> to be a frequent issue for Twilio/SendGrid senders.
>
> https://www.spamhaus.org/sbl/listings/sendgrid.com

Still odd I got this, assuming planeslive are kosher. But they failed
executing a confirmed opt-in.

Also getting quite some real order confirmations from companies of India,
like ICICI bank. Sent by them, no fraudulent links or anything suspicious.

Or a company managing condos there. Sometimes I see "Ankish", so I
suppose the guy made a spello and used my email address by accident.

Even the real Government of India once had me in their mailing list once...
--
Andreas

Help! I'm trapped in a PDP 11/70!

computers / news.admin.net-abuse.email / Re: Strange spam, or not?

Subject	Author
Strange spam, or not?	Andreas Kohlbach
Strange spam, or not?	David Ritz
Strange spam, or not?	Marco Moock
Strange spam, or not?	Andreas Kohlbach