----- On Jan 13, 2021, at 2:22 PM, Bryan Fields br...@bryanfields.net wrote:
Hi Bryan, > What you can do is when you notice these, email geeks@nanog with the full > email including headers immediately. We can then cross check it against new > signups. I wish there was a more scientific way to process it. The first time I got it, I sent this to supp...@donotpay.com: > I received this email in, what appears to be, reply to a post I made on NANOG. > Needless to say, I never signed up for this. I did not even know you existed. > Since you do add "supp...@donotpay.com" in your email, I assume this is a > honest mistake, and you'll be happy that I'm contacting you and will be fixing > it immediately. > Obviously, further unsolicited emails will result in ... a different approach > taken. A few days later, I got the same again, and contacted their hosting provider, Mailgun (while CCing supp...@donotpay.com), with the following: > I've received, multiple times, email such as below after posting to the North > American Network Operators Group (NANOG) email list. I've tried contacting > supp...@donotpay.com (ticket #13202), but they seem oblivious to the issue > and asked me to unsubscribe. > Please educate your customer. Alternatively, I will contact Amazon, who seem > to advertise your IP space. > 161.38.200.0/22 *[BGP/170] 00:51:18, localpref 150 > AS path: 53356 60011 3356 16509 I, validation-state: > unverified > > to 195.16.87.249 via ge-0/0/6.0 > Headers are as follows: [snip] I did not even get a reply on that. So, as promised, the third time I was spammed, I took the liberty of contacting AWS. They responded with: > This is a follow up regarding the abusive content or activity report that you > submitted to AWS. We have investigated this report, and have taken steps to > mitigate the reported abusive content or activity. But of course, nothing changed. This goes a lot further than someone accidentally subscribing. So, it seems that there are few options other than to simply block mail from that /22. Thanks, Sabri
