DoNotPay Spam?

Sabri Berisha sabri at cluecentral.net
Thu Jan 14 00:28:11 UTC 2021


----- On Jan 13, 2021, at 2:22 PM, Bryan Fields Bryan at bryanfields.net wrote:

Hi Bryan,

> What you can do is when you notice these, email geeks at nanog with the full
> email including headers immediately.  We can then cross check it against new
> signups.  I wish there was a more scientific way to process it.

The first time I got it, I sent this to support at donotpay.com:

> I received this email in, what appears to be, reply to a post I made on NANOG.

> Needless to say, I never signed up for this. I did not even know you existed.
> Since you do add "support at donotpay.com" in your email, I assume this is a
> honest mistake, and you'll be happy that I'm contacting you and will be fixing
> it immediately.

> Obviously, further unsolicited emails will result in ... a different approach
> taken.

A few days later, I got the same again, and contacted their hosting provider,
Mailgun (while CCing support at donotpay.com), with the following:

> I've received, multiple times, email such as below after posting to the North
> American Network Operators Group (NANOG) email list. I've tried contacting
> support at donotpay.com (ticket #13202), but they seem oblivious to the issue
> and asked me to unsubscribe.

> Please educate your customer. Alternatively, I will contact Amazon, who seem
> to advertise your IP space.

> 161.38.200.0/22    *[BGP/170] 00:51:18, localpref 150
>                        AS path: 53356 60011 3356 16509 I, validation-state: unverified
>                      > to 195.16.87.249 via ge-0/0/6.0

> Headers are as follows:

[snip]

I did not even get a reply on that. So, as promised, the third time I was
spammed, I took the liberty of contacting AWS. They responded with:

> This is a follow up regarding the abusive content or activity report that you
> submitted to AWS. We have investigated this report, and have taken steps to
> mitigate the reported abusive content or activity.

But of course, nothing changed.

This goes a lot further than someone accidentally subscribing. So, it seems
that there are few options other than to simply block mail from that /22. 

Thanks,

Sabri


More information about the NANOG mailing list