On Jan 13, 2021, at 4:28 PM, Sabri Berisha <sabri@cluecentral.net> wrote:
----- On Jan 13, 2021, at 2:22 PM, Bryan Fields Bryan@bryanfields.net wrote:
Hi Bryan,What you can do is when you notice these, email geeks@nanog with the fullemail including headers immediately. We can then cross check it against newsignups. I wish there was a more scientific way to process it.
The first time I got it, I sent this to support@donotpay.com:I received this email in, what appears to be, reply to a post I made on NANOG.Needless to say, I never signed up for this. I did not even know you existed.Since you do add "support@donotpay.com" in your email, I assume this is ahonest mistake, and you'll be happy that I'm contacting you and will be fixingit immediately.Obviously, further unsolicited emails will result in ... a different approachtaken.
A few days later, I got the same again, and contacted their hosting provider,
Mailgun (while CCing support@donotpay.com), with the following:I've received, multiple times, email such as below after posting to the NorthAmerican Network Operators Group (NANOG) email list. I've tried contactingsupport@donotpay.com (ticket #13202), but they seem oblivious to the issueand asked me to unsubscribe.Please educate your customer. Alternatively, I will contact Amazon, who seemto advertise your IP space.161.38.200.0/22 *[BGP/170] 00:51:18, localpref 150AS path: 53356 60011 3356 16509 I, validation-state: unverifiedto 195.16.87.249 via ge-0/0/6.0Headers are as follows:
[snip]
I did not even get a reply on that. So, as promised, the third time I was
spammed, I took the liberty of contacting AWS. They responded with:This is a follow up regarding the abusive content or activity report that yousubmitted to AWS. We have investigated this report, and have taken steps tomitigate the reported abusive content or activity.
But of course, nothing changed.
This goes a lot further than someone accidentally subscribing. So, it seems
that there are few options other than to simply block mail from that /22.
Thanks,
Sabri