Discussion:
Strange spam, or not?
(too old to reply)
Andreas Kohlbach
2023-12-21 18:44:47 UTC
Permalink
Got weird spam today which made it into the inbox.

Although it came via Mailchimp (and in my experience they don't care much
about spam complaints) and the site hosted at Google I would not assume
this is spam or scam. Or is planeslive scam per se?

=====

Received: from o4728.e.email.planeslive.com
(o4728.e.email.planeslive.com. [223.165.119.254])
by mx.google.com with ESMTPS
id d6-20020a0caa06000000b0067a92d7c4b7si1698005qvb.319.2023.12.21.01.05.20
for <***@email.address>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256
bits=128/128); Thu, 21 Dec 2023 01:05:21 -0800 (PST)

[Snippage of DCIM and other headers]

Received: from MzI2OTI3Nzc (unknown) by geopod-ismtpd-12 (SG) with HTTP
id h2wInTIuChMIV_cse9A Thu, 21 Dec 2023 09:05:19.469 +0000 (UTC)
Content-Type: multipart/alternative;
boundary=12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
Date: Thu, 21 Dec 2023 09:05:19 +0000 (UTC)
From: Planes Live <***@email.planeslive.com>
Mime-Version: 1.0
Subject: Start a free trial, travel like a Pro ◈

[...]


--12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0

Travel smarter with Pro.
=E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=
=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=80=
=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=
=E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=
=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=E2=80=
=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C =E2=80=8C
=
=E2=80=8C
Planes Live ( https://link.email.planeslive.com/ls (long ID here)
======

Anyone else got mail from them these days?

Suppose I don't need to say I never signed up for their service.
--
Andreas
David Ritz
2023-12-21 19:23:45 UTC
Permalink
On Thursday, 21 December 2023 13:44 -0500,
Post by Andreas Kohlbach
Got weird spam today which made it into the inbox.
Although it came via Mailchimp (and in my experience they don't care
much about spam complaints) and the site hosted at Google I would
not assume this is spam or scam. Or is planeslive scam per se?
This, whatever it might be, came via sendgrid.com, not Mailchimp.
Post by Andreas Kohlbach
=====
Received: from o4728.e.email.planeslive.com
(o4728.e.email.planeslive.com. [223.165.119.254])
by mx.google.com with ESMTPS
id d6-20020a0caa06000000b0067a92d7c4b7si1698005qvb.319.2023.12.21.01.05.20
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256
bits=128/128); Thu, 21 Dec 2023 01:05:21 -0800 (PST)
$ whois -h whois.arin.net 223.165.119.0/24

[...]

# start

NetRange: 223.165.119.0 - 223.165.119.255
CIDR: 223.165.119.0/24
NetName: SG-223-165-119-0
NetHandle: NET-223-165-119-0-1
Parent: BRAZE-7 (NET-223-165-112-0-1)
NetType: Reassigned
OriginAS:
Organization: SendGrid, Inc. (SENDG-12)
RegDate: 2020-09-08
Updated: 2020-09-08
Ref: https://rdap.arin.net/registry/ip/223.165.119.0


OrgName: SendGrid, Inc.
OrgId: SENDG-12
Address: Twilio, Inc.
Address: 1801 California Street
Address: Suite 500
City: Denver
StateProv: CO
PostalCode: 80202
Country: US
RegDate: 2012-06-14
Updated: 2020-11-13
Comment: http://www.sendgrid.com
Comment:
Comment: (888) 985-8363
Comment: Support hours: M-F, 7a-7p Mountain Time.
Ref: https://rdap.arin.net/registry/entity/SENDG-12


OrgTechHandle: CTG2-ARIN
OrgTechName: Guething, Carl Thomas
OrgTechPhone: +1-888-985-7363
OrgTechEmail: t+***@sendgrid.com
OrgTechRef: https://rdap.arin.net/registry/entity/CTG2-ARIN

OrgAbuseHandle: ABUSE3074-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-888-985-7363
OrgAbuseEmail: ***@sendgrid.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3074-ARIN

OrgTechHandle: TSNO-ARIN
OrgTechName: Twilio SendGrid Network Operations
OrgTechPhone: +1-888-985-7363
OrgTechEmail: netops+***@sendgrid.com
OrgTechRef: https://rdap.arin.net/registry/entity/TSNO-ARIN

# end
Post by Andreas Kohlbach
[Snippage of DCIM and other headers]
Received: from MzI2OTI3Nzc (unknown) by geopod-ismtpd-12 (SG) with HTTP
id h2wInTIuChMIV_cse9A Thu, 21 Dec 2023 09:05:19.469 +0000 (UTC)
Content-Type: multipart/alternative;
boundary=12c95c993f3a62276c50e7d1f7afb43a6dd66d4560d48248e2529ba27f49
Date: Thu, 21 Dec 2023 09:05:19 +0000 (UTC)
Mime-Version: 1.0
Subject: Start a free trial, travel like a Pro ◈
[...]
[...]
Post by Andreas Kohlbach
Planes Live ( https://link.email.planeslive.com/ls (long ID here)
======
Anyone else got mail from them these days?
https://check.spamhaus.org/not_listed/?searchterm=planeslive.com

Host planeslive.com.dbl.spamhaus.org not found: 3(NXDOMAIN)
Host planeslive.com.multi.uribl.com not found: 3(NXDOMAIN)
Host planeslive.com.multi.surbl.org not found: 3(NXDOMAIN)
Host planeslive.com.uribl.spameatingmonkey.net not found: 3(NXDOMAIN)
Host planeslive.com.v1.bl.dns-nod.net not found: 3(NXDOMAIN)
Host planeslive.com.iddb.isipp.com not found: 3(NXDOMAIN)
Post by Andreas Kohlbach
Suppose I don't need to say I never signed up for their service.
'Tis the season for ignoring all best practices. This, however, appears
to be a frequent issue for Twilio/SendGrid senders.

https://www.spamhaus.org/sbl/listings/sendgrid.com
--
David Ritz <***@mindspring.com>
Be kind to animals; kiss a shark.
Marco Moock
2023-12-21 19:38:24 UTC
Permalink
Post by David Ritz
Post by Andreas Kohlbach
Suppose I don't need to say I never signed up for their service.
'Tis the season for ignoring all best practices. This, however,
appears to be a frequent issue for Twilio/SendGrid senders.
https://www.spamhaus.org/sbl/listings/sendgrid.com
sendgrid sells their service to spammers and doesn't care, I've also
experienced that.
Andreas Kohlbach
2023-12-22 00:13:49 UTC
Permalink
Post by David Ritz
On Thursday, 21 December 2023 13:44 -0500,
Post by Andreas Kohlbach
Got weird spam today which made it into the inbox.
Although it came via Mailchimp (and in my experience they don't care
much about spam complaints) and the site hosted at Google I would
not assume this is spam or scam. Or is planeslive scam per se?
This, whatever it might be, came via sendgrid.com, not Mailchimp.
Same (scammy email provider) for me. ;-)

Sorry, should had double checked.

[...]
Post by David Ritz
Post by Andreas Kohlbach
Suppose I don't need to say I never signed up for their service.
'Tis the season for ignoring all best practices. This, however, appears
to be a frequent issue for Twilio/SendGrid senders.
https://www.spamhaus.org/sbl/listings/sendgrid.com
Still odd I got this, assuming planeslive are kosher. But they failed
executing a confirmed opt-in.

Also getting quite some real order confirmations from companies of India,
like ICICI bank. Sent by them, no fraudulent links or anything suspicious.

Or a company managing condos there. Sometimes I see "Ankish", so I
suppose the guy made a spello and used my email address by accident.

Even the real Government of India once had me in their mailing list once...
--
Andreas
Loading...