I’ve been getting “Property Spam” recently with subject lines like “A showcase of great properties on the Costa del Sol” or “Achieve high rental yields in an up-and-coming UK city”.
These are sent to addresses that have never signed up to any mailing list (but have been sent spam in the past and would be on spammers’ lists). These spammers are hosted by Online SAS and have a very slick operation (reverse DNS records, SPF records, DKIM, “clean” domain names typically registered ~6 months ago). The emails have no contact details, just a tracking link to receive a brochure.
I complained using Online SAS abuse form and just got this:
—————————————————————-
Good afternoon.
My apologies for the interruption
We have removed James from any future mailing
Thank you
Steve Wroblewski
—————————————————————-
Is that this Steve Wroblewski on LinkedIn?
The domains are all registered on Namecheap and the websites just seem to be phishing exercises as the homepages are blank. An example site is http://www.diarioinca.org/showcase/marbella/index.php (deliberately left unlinked).
Anyway, the spam continues as they are using multiple Online SAS servers and fresh domains. Strangely the servers never appear in any RBLs either.
Same circumstances, spammer setting up different domains and using different IPs every few hours. All operating from Online S.A.S IP blocks.
If you’re using Exchange you can use Add-IPBlockListEntry -IPrange and just run through their assigned address blocks found at https://ipinfo.io/AS12876
Screw those guys.