Kaledo Art
he wasn't even looking at me and he found me
One Nice Bug Per Day
Cosmic Funnies
"I'm Dorothy Gale from Kansas"
noise dept.
No title available
tumblr dot com
No title available
JBB: An Artblog!
No title available
blake kathryn
No title available
we're not kids anymore.
titsay
⁂
taylor price
dirt enthusiast
i don't do bad sauce passes
AnasAbdin
seen from United Kingdom
seen from United Kingdom
seen from Singapore
seen from United States
seen from United Kingdom
seen from Türkiye
seen from United States
seen from Brazil
seen from India
seen from United Kingdom
seen from United States
seen from United States
seen from Malaysia
seen from Brazil
seen from United Kingdom
seen from United States
seen from T1
seen from Malaysia
seen from United Kingdom
seen from Türkiye
@suomispam
Microsoft is blocking us
Microsoft has decided to block any emails from Suomispam to any M365 domains. We have no idea why and Microsoft has not disclosed any information to us.
Therefore do not expect a response if you email us from any email domain hosted by Microsoft.
Update: The block has apparently been listed at least for now.
Legal threats again, this time hoosat.fi
Suomispam DNSBL is used to getting all kinds of legal threats from people who are opposed to spam blacklists. Today we got a major rant from the CEO of hoosat.fi, Toni Lukkaroinen. He was absolutely convinced that Suomispam is in charge of Hotmail spam filtering, and that we are criminally causing him to be unable to send an invoice to his customer. He was furious that we have signalled in our list that the very network he is placed in has very recently been actively used to send huge volumes of phishing emails. Well, Suomispam is not providing DNSBL to Microsoft (trust me, we would notice if we had them as a customer) but Mr. Lukkaroinen was so convinced that we are criminals that there was no convincing him about the real state of affairs. So no, if you are having trouble getting your emails through to Gmail or Hotmail, we have absolutely nothing to do with it. But I am sure there are a lot of people who are not sure how DNSBL's work so I'll give a short brief. The way it works is DNSBL's like Suomispam or Spamhaus track a lot of spam and do analysis on the IP's, networks, operators and the spammers themselves. Then we publish data based on our research on what kind of reputation different networks or IP's have. Typically we provide that information on DNS so that third parties can query our servers easily. This is basically the technical spam version of restaurant reviews. In a way we publish our journalistic reviews on how good we think "certain restaurants" or neighborhoods are. We do not as such block anyone's emails. The next step is that some operators or users have evaluated us and chosen to agree with our listing decisions, and to query us for reputation data for email senders they encounter. Some choose to reject emails from IP's or networks, or domains listed on blacklists. For example Spamhaus is quite often used in this way. Some do not outright refuse the emails but may run the emails through a statistic analyzer that estimates how likely the email is to be unwanted spam based on a lot of individual factors, which may include several blacklists. As far as I know, all the phases are perfectly legal at least in all western democracies. It is lawful for intelligence companies to analyze spam and to publish analysis results (or restaurant reviews), and it is lawful for hosting providers using said DNSBL's to reject emails that may or may not be spam. So, why does Suomispam have a policy to publish it every time someone threatens us with police or lawyers? Simply because we are a journalistic operation and aim to provide honest impartial reviews on what kind of spam reputation each network operator has, therefore we must be extra careful to maintain our impartiality and never ever cave in to threats. Even if we do not suspect this specific guy of being a spammer, merely someone who thinks spam filtering is illegal. Digital Ocean could easily clean up that network and ask us to delist once cleared. We would be happy to delist once the phishing problem is resolved. But threats will absolutely not work.
Sendgrid just overtook OVH as the operator with most Suomispam listings. OVH has been improving for years now with less and less new listings. Sendgrid on the other hand has been getting worse and worse. Their most notable spammers for the Finnish market for 2022 and 2023 have been nopeet.fi (they sell shades with spam and seem to have a permanent clearance sale), salainenagentti.fi (they sell clothes with spam) and victoriamilan.com (cheating hookup site). It does not look like sending spam gets you kicked out from Sendgrid anymore. For example nopeet.fi has been sending spam from their network since 2019. Unfortunately Sendgrid is pretty big and therefore the listings do cause a lot of problems for their customers. We do recommend finding more reputable service providers since we do not expect the situation improve anytime soon. By allowing shady spammers to stay on their network Sendgrid is damaging the reputation and deliverability of all of their users.
Suomispam email blacklist
Major email providers such as Google have strict inbound spam filtering but appear to have very loose outbound filtering. Because they are so huge, it does not make sense to blacklist them outright, but spam originating from their service is getting worse.
So we decided to start a new experimental blacklist to cover that, the Suomispam email blacklist. The list can be queried by DNS at ebl.suomispam.net.
We track individual accounts at the major email providers and instead of listing the IP or domain, we list hashes of the spam accounts. How this EBL works is that you first convert the email address to lower case, and then take a SHA1 hash of it. I.e. if you are checking email [email protected], you need to check the A record for 1ffff7d2d2b7f100df95b70e659c88e5b38ec4e6.ebl.suomispam.net. The other blacklists we provide still work the same but now you can start using the Suomispam EBL to tackle Gmail/Hotmail/Outlook spam.
But it is an old listing...
We receive a lot of delisting requests, some justified, most not. Of of the common justifications that will not fly is this one: “but it is an old listing”.
If you have had a rodent problem for a long time, is it no longer a problem?
Suomispam does have some very old listings because a lot of spammers are in it for the long haul. Sure, some spammers come and go and some use throw-away accounts, but a lot just keep doing it.
Suomispam listings can be removed once the spam issue has been dealt with. That is the path to delisting. Not waiting it out, not threats, not complaining that it was someone else who sent spam.
The number of Suomispam IP listings has generally not been on the rise in the last years. I.e. roughly as many new IP’s get listed as old ones get delisted.
Comments
This blog is based on Tumblr. Therefore we automatically follow their conventions or how they organize discussion. Tumblr does not have old-school comments for posts. The Tumblr equivalent system is to reblog with a comment (caption), i.e. the arrows logo next to the post title.
While reblogs do make it possible to practice public debate, it is important to note that it is not the channel for support requests (which is the official email address). We might not notice when someone reblogs.
This should not be a surprise, but...
This should not be a surprise, but yes, if you hire affiliate spammers, Suomispam will list you just as if you sent the spam yourself.
Effortia Oy which runs www.asuntojenmyynti.fi has been reported to have been involved in spam at least since 2014. They have been listed by Suomispam as well for quite a while.
A long time ago they approached us telling us that they have had a look at how they operate and made changes and promised to have mended their ways. We fell for the explanations (we do like to give people a bit of slack at first if there is any plausible explanation) and we did delist them. Unfortunately they did not mend their ways and the flow of spam did not stop.
So we did relist them. We have since refused to delist them without them first giving up affiliate spam. Effortia has now indicated that because our listing is bad for business, they will be filing an official complaint with the police. Unfortunately for them, something being bad for business is not illegal. Otherwise we would start putting restaurant critics in jail for causing bad business to bad restaurants.
There are a few lessons to this story:
Do not hire affiliate spammers, they will destroy your service’s reputation. They will try to scam the end users any way they can and they are very good at hiding their own identity.
If you get listed, the only way to get delisted is to cease spam. Not threats, not bogus explanations, nothing. We always recommend stopping spam. It will actually help with listings.
If you invoke official complaints to police or courts, you do have to go all the way through. There is no point in having several concurrent processes, i.e. both a court process and our own private delist request process going on at the same time. Therefore we suspend our own delisting process until there is a valid court order. There has never been a court order against Suomispam.
See also: http://mainsleaze.spambouncer.org/tag/effortia-oy/
No, we do not delist addresses just because someone threatens us with bad reviews. A payday loan spammer, omalaina.fi, got the IP address and later the network listed over a year ago and to date Linode has not done anything to the issue. We check these things. Unfortunately webkonsulenter.dk has their facts completely wrong and yet they try to use publicity to pressure us to delist. Hosting providers often have several customers and it is an unfortunate but unavoidable fact that just a few persistent spammers can cause major collateral damage. I would have thought a web consultant would know that.
There is very simple way for a hosting provider such as Linode to get addresses delisted. Resolve the issue that causes the listing, i.e. kick the spammer out, and the problem goes away. It should be really easy, right?
D-Fence gone black hat, and cartooney
D-Fence is a fairly old Finnish spam filtering company. They have provided filtering MX service for years for deploying in front of regular mail servers. Last year they started to migrate to new areas of business and attempted to monetize on the GDPR. Unfortunately they partnered with vine.eu to advertise their new service using spam. I.e. a spam filtering company chooses to use spam for their own marketing. Just because you sell spam filtering services does not give you a free pass to send your own spam, and they of all people should know this. Also just because you have two products and you only try to sell one of those with spam does not get you a free pass.
D-Fence has publicly admitted to buying business contacts (and we would guess email addresses) from Asiakastieto as well as collecting them from other sources. Vine is also known to sell address lists so we do not reliably know who sold them the address lists they actually use. Buying 3rd party address lists and/or harvesting them from other sources is by definition spam. There is no way they could have permission from the recipients of their marketing emails.
Their spam campaigns landed them listings on both Suomispam and Spamhaus lists. Apparently they did not consider getting listed as a sign that they really should reconsider their business methods. Instead they have threatened to file criminal complaints against Suomispam with made up reasons. It has already been established that Suomispam is perfectly legal, but D-Fence apparently feels it is in their interest to try to shut Suomispam down with bogus charges anyways.
It is sad that it has come to this but our recommendation is for any remaining D-Fence customers to migrate their spam filtering services to some other white hat service providers.
Suomispam investigated and cleared by police
Finally it happened.
Suomispam does get people upset pretty often. Especially spammers really do not like it when we list their domains or IP’s. Every now and then they threaten to either sue us or file criminal complaints against us. Those are almost always empty threats. We know our legal basis pretty well so we do not feel particularly threatened by them. All those threats do is block the possibility of reëvaluation of the listing in the near timeframe.
However, finally someone actually did file a criminal complain due to Suomispam listing them. This “brave” spammer in question was toimistotarviketukku.fi (Owela Oy) whose chairman of the board Tero Ojala filed a criminal complaint with the police. He asked the police to investigate if Suomispam is guilty of interfering with electronic communications. Unfortunately he apparently did not know that the statute does not cover what reputation databases do. (It covers only unlawfully interfering with communications).
The admins of email servers are perfectly in their right to filter emails using blacklist information and Suomispam absolutely has the right to distribute reputation information to user organisations. It is basically the same legal principle of it being lawful for restaurant critics to tell everyone how certain restaurants serve terrible food. Even if it may be bad for business for the restaurants to get bad reviews.
Anyways, the good news is that the Finnish police do agree with our assessment. Suomispam was cleared and the investigation was cut short. It is a shame people feel the need to waste police time with bogus complaints, but at least we got sort of a precedent.
Anti-Bribery Policy
It is surprising and sad that this needs to be mentioned.
Someone from Middle-East approached us and escalated their demands for delisting by offering us a bribe in exchange for delisting. Let’s make this absolutely clear. Our listings are cleared when and only when we feel confident that the situation no longer merits a listing. We do NOT accept any kinds of bribes. You can NOT buy yourself out of a listing. An attempted bribe will lead to the exact same result as will baseless legal threats: processing that delist request immediately stops. If you try to force our hand by either bribery or threats, the issue gets moved to the end of the queue along with other cases that require more time spent monitoring.
We would like to also point out that being a subscriber to the data feed does not give an exception to listings. Money may buy you a data feed but it does not buy a delisting. Dealing with abuse issues and building up trust leads to delisting.
OVH the first operator to reach one thousand BL listings
Unfortunately OVH today became the first operator with over one thousand Suomispam BL listings. Soltia has the second place at less than 300, which is also a mighty big number. Each listing can cover either just one IP or a larger netblock if that netblock has a significant number of spam hosts in it.
Most of OVH’s listings are caused by a single spamming entity. This is indicative of the current state of spam. Blacklists are pretty good at catching single spamming IP’s. That is why quite many spammers employ the so called snowshoe spamming tactic i.e. they obtain huge amount of hosts to spread the spam. Each single IP sends only a fraction of the total number of messages and that makes them more difficult to notice. We put a lot of effort into listing as many IP’s used by the spammers as possible, but in the end it is more or less playing whack-a-mole.
That is what has happened with OVH. It is so easy and cheap to buy thousands of hosts from OVH that the spammers do just that. And we follow and list those hosts and those networks. If the operator can keep up and do due diligence on their abusive customers, the number of listings typically stays under control. Unfortunately it looks like OVH is too easy and too cheap for spammers to deploy and thus the spam situation has gotten out of control. Such spam contamination is bad for honest OVH customers because they are bound to get hit by collateral damage from the thousand listings.
Roughly a third of all Suomispam BL listings are in OVH networks.
http://suomispam.net/#!origin/AS16276
Wonky delist requests
We get plenty of delist requests. Some come from ISP’s, some come from hosting customers and some from 3rd parties. Some result in delisting and some do not.
Sometimes we get requests that are either totally unintelligible or ones that do not seem sincere. Not sure what to think of this one we got recently:
We have suspended the suspicious account from server and we have also scanned the whole server for any malicious file, so kindly please delist the ip.i am not sending any spam. i am only doing simple marketing mailingi didn't get any date and time i don't use spamming, i am added in the list mistakenly
We ended up sending this reply:
Are you serious?
So you are in effect claiming all of the below arguments:
That you did not do it but a customer, who was kicked out, did it
That it was a virus or something like that and you cleaned it up
That you are only doing simple email marketing (also called spam), but it is not spam
That you don't know time or day ?!?
That there was some mistake and no spam whatsoever
And you have the nerve to make such claims for an IP that has a reverse name of edc1.bitcoin-gratis-free.com and is used to host a bitcoin scam site.
Request denied.
People, when sending us delist requests, please give us something to work with and do not try to scam us. We check things out. There have been lots of days when we delist more than we list, but we only delist when there is cause.
Also, there is no such thing as Suomispam whitelist. We cannot add you to a whitelist because one does not exist.
But but no other list lists this IP?
There are quite a few comments that come up regularly when one operates a blacklist for a while. One of them is the complaint from someone demanding delisting of an IP because no other blacklist has it listed. Typically this comes up from Mxtoolbox users who check their hosting provider’s IP against the close to hundred blacklists that they search.
Typically people think there must be something wrong with Suomispam because we are the only ones who pick up something. In our opinion it is actually the opposite. If Suomispam picked up all the same spammers as everyone else, there would be no point in us doing all the work of listing and delisting. We would be redundant.
Suomispam exists because there is a lot of spam in Finland (and Nordic countries) that often flies under the radar with regard to large global blacklists. A lot of global spam, at least in English, is targeted at hundreds of millions of users and is quite often sent through hacked servers. Finnish spam targets five million users and the only type of Finnish spam that is typically sent through hacked servers is phishing spam. Large portion of Finnish spam is sent by affiliate spammers through cloud servers that they actually pay for. Magazine subscriptions, online casinos, payday loans, office supplies, courses and electronics are among the top items spammers try to sell to Finnish email users.
Suomispam was created to stop regional Finnish spam and that is why we are happy that we catch stuff other lists do not catch. It may not be in English but it is still spam and millions suffer from it.
Threats from spammers: Heikki Holvikari / Victoria Oy / Onestop
Suomispam sometimes gets various threats from spammers whom we list. Usually they either threaten to sue us or to report us to someone.
In December Heikki Holvikari of onestop.fi and victoria.fi sent out a spam campaign advertising business gifts.
Lifetime of a listing
The Suomispam site describes the policies that Suomispam listings are based on and we are always involved in a dialogue with various operators and with the antispam-community. But in the name of openness we want to open up a bit on what is a typical lifetime of a listing, what happens at various stages. Currently we do not list anything automatically. We might in the future set up some automatic escalation mechanisms of something similar but at this time all listings are based on some actual spam being sent to some actual address. We mainly only care about spam in Finnish or targeting Finland. Finnish spam is almost always under the radar of the big global blacklists because the target population is only a few million. They do a good job dealing with global spam so it does not make sense for us to deal with that. We sometimes list some fishing emails (especially banks) or iPhone-scams that might come from hacked machines, but almost all of our listings are actual email marketing. We use the same definition of spam as Spamhaus, i.e. unsolicited bulk email. If the sender did not have the recipients permission and the email is clearly bulk email, the issue is clear, it fits our listing criteria. We are not a law enforcement agency so our listings is not based on if something is legal or not. However, a huge portion of the campaigns we list are actually illegal in Finland. Most often they are in violation because they process personal data without regard for the law, they might hide their corporate identity or description of their personal data file in their marketing messages, or they might not have permission from natural persons to send them email. But even if the spam might be technically legal, if it is spam, we can list it. Not all addresses are listed for spam coming from that specific address. We might list the whole block as an escalated listing if we have reason to believe an IP-range is used for snowshoe spam (i.e. a lot of IP’s in that range are used to send out spam to avoid detection or to fly under the radar). But in general we do try to avoid collateral damage. The same goes for shared servers, if the spam problem is not out of hand and the operator is putting effort to keeping their service clean, we prefer not to cause collateral damage. However if the operator tries to abuse this “protection” of innocent users, they cannot avoid a listing in the end. But it is always unfortunate when it comes to that. Unfortunately our listings often have a really long lifetime. Because most of our spammers are actual companies doing shady marketing, they have a vested interest in not stopping spamming. Luckily some operators (especially some global hosting providers and ESP’s) are really good with dealing with spam. Some of them kick out spammers for violating their terms of service real fast, some of them might not be fast but a lot of companies are making good efforts that we much appreciate. Our listings do not expire but we do sometimes check up on old listings of several years, more or less randomly. We delist if it looks like the spammers have moved on. Also we do get plenty of delisting requests. Because our listing criteria is basically that the IP’s are used for spam, that is the primary issue we evaluate when looking into a delist request. Do we have a reason to believe spam has ceased? The more information we get to support the notion that spam has stopped, the more likely a delisting is. We do get a huge number of requests stating that the server was hacked and the problem has been dealt with but that is almost never the case. We might be triggered to check up on the address if the listing is old and has not been reëvaluated recently. In general, to ensure that a delisting request is successful you should describe who did what and what measures have been taken to ensure it does not happen again. Oh and delist requests are more successful if they are made by someone with standing to make the request on behalf of the operator. We might listen to some users of the service but in general they cannot enforce other users of the same operator or service to behave well on the Internet. The operator on the other hand can enforce it’s terms of service. Then there is a whole different class of requests/demands that we get. It is the demands for delisting based on various fictional legal threats. Some spammers falsely think blacklists are illegal and that we unjustly interfere with their business by publicly stating that they send spam. Unfortunately for them blacklists are just as legal as are restaurant reviews. Just as a bad review might cause people to not go to a restaurant, our bad review might make their spam not be accepted into some people’s inbox. For some reason people think that by threatening us they can get their listing removed. Well, they can’t, our list would be useless if it did no represent our honest analysis of their activity. They could get delisted if they stopped spamming, but they wont. More on these threats later...