Hello the community,

One of my users is a victim of a "marketing group" which sends him 100~200 e-mails every week .

Currently I am completely barring every mail from a certain number of hosting providers. The blocking will remain in place until I may decide to remove it by hand.

Below you will find :
1) the list of all addresses the spammers have presented in the "RCPT To" smtp dialog during the last 7 days. The "From:" clause in the mail headers usually contains something else. (if I let the mail in )
2) the list of all their hostnames and IP addresses that have contacted my server during the last 7 days.
3) the block list currently enforced, with some comments

Is there anybody here experiencing the same problem ?

The e-mail messages themselves contain a lot of tracking data. Usually thay contain a "click here to get removed" link, but I would not recommend using it.

Most of these messages bear a postal address, e.g.

Entertainment Publications, Inc.,
1414 East Maple Road,
Troy, MI 48083
1-866-826-1619

Pedi Paws is located at P.O Box 600991 San Diego, CA 92160

6965 El Camino Real
Suite 105 - 698
La Costa, CA 92009

Consumer Service 9-334 Queen Street South, Suite 200, Bolton, Ontario, Canada L7E-2N9

Technical Support
30 East 23 rd. St. New York, NY 10010

Pure Play, 660 4TH Street, Ste 294, San Francisco, CA 94107
All the sending hosts have SPF published data, and they run an MTA able to handle a mailqueue (thus defeating the greylisting)

Happy to hear from you, if you experince the same.

Frederic

(and now the promised attachments)::
1) the list of all addresses presented during the last 7 days.

If I get spam that looks like it's actually trying to be CAN-SPAM compliant (it isn't, since my email address was harvested by webcrawling bots before being sold to folks like this), I forward it to spamcop.net. The tracking information lets them know who reported them without giving them the impression that that person actually looked at the email. (After all, CAN-SPAM requires them to remove my name from their mailing list; it doesn't keep them from selling it to other spammers on a premium-priced "people who open spam" list.) Since they are mailing from their own servers instead of hijacked proxies, they do have an interest in staying off the Spamcop blocklist, so I've found they will eventually stop mailing to me.

It's kind of silly they ever mail to me in the first place, as I know my addresses are on a list spammers circulate of people who report to Spamcop and also the list of people who used to report to Blue Frog. They could save themselves a lot of trouble by removing the names of people who will never buy anything -- and who will probably report them -- before sending out their spam.

Could my address be on that premium list, since I sometimes can't investigate a site without using the link code? Probably. But anyone who is on the Spamcop and Blue Frog lists and also on an opens-spam list is probably an anti-spammer, someone who they definitely want to avoid mailing to.

Thank you for the reply -- I will try to automate the task ...

Frédéric

Here they are not all formatted the same way -- from the same originating domain, one is html with only images that I didn't download, the other one is pure text...

Here is a recent item: (xxxxxx are from me)