![[DIR]](/icons/back.gif){kind=icon}
Back to ProjectsEdit 2012-04-24: Last night I had another look in to my mail logs and it seems that in the last month I had a couple more connection attempts from this operation, this time from xlhost. I hope this means Rackspace has finished with this operation permanently and that xlhost aren't far behind.
Brendan Battles and his company Image Marketing Group are notorious spammers of both e-mail and SMS. He's listed on ROKSO, being sought by the NZ Department of Internal Affairs and is widely reviled for his activies.
In November of 2011 I started recieving spam containing a New Zealand postal address (Mates Rate, PO Box 303-348, North Harbour, North Shore 0751) so naturally I complained about this to the DIA.
Fairly swiftly the servers serving the spamvertised sites and indeed the mail server and DNS servers for the domains were shut down, so commendations to the responsible operator behind that action. It was around this time that news of the high court injunction and court proceedings broke (as above), so I thought that perhaps finally Brendan Battles would have his day in court.
Unfortunately, he seems to have absconded to the USA (his spam now claims to be from Image Marketing Group Ltd, 5944 Coral Ridge Dr. 243 - Coral Springs, FL 33076 US) before the court proceedings could happen.
The worst part? He's still spamming. And now he's doing it from inside the Rackspace network. His spam messages have variously come from 50.57.141.30 and 50.57.156.44. I have sent at least 5 e-mails to the designated Rackspace abuse contact and recieved their standard form letter reply each time:
From: abuse@rackspace.com To: michael@finch.am Subject: Spam originating from AS19994 (Rackspace / Slicehost) matesratesmail .com [50.57.156.44] getthematesrates .com [50.57.156.44] [AB-C17931691E] Date: Wed, 28 Dec 2011 22:45:16 +0000 THIS IS AN AUTOMATED-RESPONSE Please read carefully! This may be the only response we send you. Thank you for writing the Rackspace AUP Department. We will make every effort to investigate all reports of abusive activity in a timely manner. The information that you have submitted will be used to investigate the incident for violations of our Acceptable Use Policy, which you can view at: http://www.rackspace.com/aboutus/acceptable_use.php ** When reporting unsolicited commercial/bulk email (UCE/UBE/spam), please forward the entire message, including full headers, leaving the original subject line intact. [snipped stuff about port scans] Thank you! Rackspace AUP Department
And yet the spam keeps coming! I even e-mailed Slicehost support on the 12th of January (as Slicehost is now a part of Rackspace) since I know that it is manned by actual humans who might be able to help, but since then I have had a steady stream of delivery attempts:
Jan 13 19:58:05 mail postfix/smtpd[11935]: NOQUEUE: reject: RCPT from 50-57-141-30.static.cloud-ips.com[50.57.141.30]: 554 5.7.1 <nzdataoffer@getthematesrates.com>: Sender address rejected: 521 Fuck off.; from=<nzdataoffer@getthematesrates.com> to=<example@example.com> proto=ESMTP helo=<getthematesrates.com> Jan 13 19:58:05 mail postfix/smtpd[12102]: NOQUEUE: reject: RCPT from 50-57-141-30.static.cloud-ips.com[50.57.141.30]: 554 5.7.1 <nzdataoffer@getthematesrates.com>: Sender address rejected: 521 Fuck off.; from=<nzdataoffer@getthematesrates.com> to=<example@example.com> proto=ESMTP helo=<getthematesrates.com> Jan 13 20:53:21 mail postfix/smtpd[12427]: NOQUEUE: reject: RCPT from 50-57-141-30.static.cloud-ips.com[50.57.141.30]: 554 5.7.1 <nzdataoffer@getthematesrates.com>: Sender address rejected: 521 Fuck off.; from=<nzdataoffer@getthematesrates.com> to=<example@example.com> proto=ESMTP helo=<getthematesrates.com> Jan 14 00:15:36 mail postfix/smtpd[13763]: NOQUEUE: reject: RCPT from 50-57-141-30.static.cloud-ips.com[50.57.141.30]: 554 5.7.1 <nzdataoffer@getthematesrates.com>: Sender address rejected: 521 Fuck off.; from=<nzdataoffer@getthematesrates.com> to=<example@example.com> proto=ESMTP helo=<getthematesrates.com>
So, Rackspace's abuse@ contact can probably be considered pointless. I've been e-mailing it for months and they've done zip.
Rackspace, this problem is easy to solve: all you have to do is terminate Image Marketing Group's account and refuse to deal with them. They are spammers. This is against your AUP. You need an abuse@ contact that actually works. Sending a boilerplate reply then ignoring the e-mail (which is clearly what is happening here) isn't good enough.
--Michael Fincham <michael@finch.am> 2012-01-16