Jump to solution

-- another two in my Inbox this morning I only got one. I...

mdk
Legendary Grand Master

@lmacri -- another two in my Inbox this morning

I only got one. I feel so deprived.  🙂

Did you get the IP-address from the headers of those 2 messages, e.g.,

        Received: from oppdl.com ([34.218.251.203])
        Subject: $100-walmart.._Reward._Participation_Required
        From: "Thank_you!..walmart.." <info@good-promos.com>

and, from a Windows command-line prompt, enter:  nslookup 34.218.251.203

to get output like:

Name:    ec2-34-218-251-203.us-west-2.compute.amazonaws.com
Address:  34.218.251.203

If so, the spammer was abusing an account on the AMAZON Elastic Cloud Service, and an E-mail of the complete message to abuse@amazon.com is recommended.

Oops! I also got a completely-different type of unwanted E-mail -- a message from some (shady?) "Domain Registrar" wanting me to renew the registration for a domain-name that I previously was using. Unfortunately for the sender, I allowed that domain-registration to expire, in May 2018.  So, they are "barking up the wrong tree", if they want me to renew a domain-name that a domain-squatter ("NameBright" / "HugeDomains.com") currently owns. I could not renew the domain-name, even if I tried -- I am not authorized.

 

 

0 Kudos
Reply
Loading...
Jump to solution

Nslookup Shows Spam IP Addresses Point To compute.amazonaws.com

lmacri
Grasshopper

@mdk wrote:

Did you get the IP-address from the headers of those 2 messages, e.g.,

        Received: from oppdl.com ([34.218.251.203])
        Subject: $100-walmart.._Reward._Participation_Required
        From: "Thank_you!..walmart.." <info@good-promos.com>

and, from a Windows command-line prompt, enter:  nslookup 34.218.251.203

to get output like:

Name:    ec2-34-218-251-203.us-west-2.compute.amazonaws.com
Address:  34.218.251.203

If so, the spammer was abusing an account on the AMAZON Elastic Cloud Service, and an E-mail of the complete message to abuse@amazon.com is recommended...

Hi mdk:

Yes, both spam emails I received on 11-Apr-2021 that were missed by Shaw's spam e-mail filters were received from oppdl.com ([54.187.129.227] and [52.32.232.92])...

Shaw Spam Emails 0 of 2 Detected by Shaw Filters 11 Apr 2021.png

Received: from oppdl.com ([54.187.129.227])
by cmsmtp with ESMTP
id VZYAleApHcPlfVZYIl7ZIa; Sun, 11 Apr 2021 06:50:59 -0600
Authentication-Results: mi05.dcs.int.inet;
dkim=fail (signature verification failed) header.d=good-promos.com
header.b=vj3/kGE2;
dmarc=fail header.from=good-promos.com


Received: from oppdl.com ([52.32.232.92])
by cmsmtp with ESMTP
id VXxdlyE6i1DC6VXxpl9yDr; Sun, 11 Apr 2021 05:09:25 -0600
Authentication-Results: mi06.dcs.int.inet;
dkim=fail (signature verification failed) header.d=good-promos.com
header.b=vj3/kGE2;
dmarc=fail header.from=good-promos.com

... and nslookup shows both those IP addresses point back to us-west-2.compute.amazonaws.com. I"d have to check again but it looks like every spam email I've received since 05-Apr-2021 has a different IP address but has a name that ends with us-west-2.compute.amazonaws.com.

Shaw Spam Emails nslookup amazonaws_com 11 Apr 2021.png

However, I don't think it's my responsibility to check header information in every spam email that Shaw misses and start looking up IP addresses to report the spammer to the owner of the host server. At this point I don't even want to create a filter to automatically move this incoming spam into my Junk folder, because once it's in my Junk folder I am unable to flag it as SPAM to alert Shaw unless I move it back into my Inbox. I'd rather alert Shaw and have them tweak the spam filters on their end so the problem is fixed for all Shaw customers.
-------------
64-bit Win 10 Pro v20H2 build 19042.867 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * MS Outlook 2019 C2R
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

0 Kudos
Reply
Loading...
Jump to solution

Please Check Email Address for Reporting Spam to Amazon AWS

lmacri
Grasshopper

@mdk wrote:

... and, from a Windows command-line prompt, enter:  nslookup 34.218.251.203 to get output like:

Name:    ec2-34-218-251-203.us-west-2.compute.amazonaws.com
Address:  34.218.251.203

If so, the spammer was abusing an account on the AMAZON Elastic Cloud Service, and an E-mail of the complete message to abuse@amazon.com is recommended.


Hi mdk:

Could you also confirm you have the correct email address?  According to How Do I Report Abuse of AWS Resources? spam should be reported to abuse@amazonaws.com (not abuse@amazon.com) if "you are receiving unwanted emails from an AWS-owned IP address, or AWS resources are used to spam websites or forums."
-------------
64-bit Win 10 Pro v20H2 build 19042.867 * Firefox v87.0 * Microsoft Defender v4.18.2103.7 * MS Outlook 2019 C2R
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

0 Kudos
Reply
Loading...