The everyone.net case

Dear users, mail server administrators and affected people,

For quite some time now (spanning over more then a year), spam is being relayed through lists hosted by everyone.net:

  • The abuser always uses a /24 network sending out spam containing 1 line of text with an attachment.
  • After a while when I detected the behaviour and tried to contact everyone.net about it through their website, nothing happened, nothing got fixed, nothing got replied.
  • So after some time, I decided to add 1 of their MX's to the list in order to finally trigger there attention.
  • It took some time, but finally 'Elvin Carbonel' decided to contact me through the removal system. He claims they update their signatures regularry and no spam would be sent, which is simply untrue.
  • A basic SpamAssassin setup gives those mails a score of at least 5, while their Proofpoint solution (which is also owned and sold by them) rates it at no spam at all.
  • As soon as I tell them about the situation and the /24 being abused they do block it, however, the abuser simply buys/moves to  another /24 and the game continues. Which is something I also told Elvin about.
  • A few months later, the situation did not improve at all and the regular flow of spam continues. So I warned them again through the site.
  • Getting no reply at all again for more then a week, I kind of had enough of the ignorant attitute from their site and decided to add ALL MX servers I have received spam through (216.200.145.35, 216.200.145.36, 216.200.145.37 and 216.200.145.38), so if your mail goes through these servers, you might be affected.
  • Again, Elvin Carbonel contacted me about it, again pasting his default text of having all spam signatures updated etc. etc.
  • I replied him with the fact that this is NOT the case, and the same spam flow situation that was present since the last time still continues, and that I will NOT remove the listing, until they finally fix the issue. I also gave them the challenge to proof this by mentioning at least one of the /24's being abused (as we have them listed in our database as well).
  • Elvin Carbonel has not replied to this mail, the only thing he did was requesting delistings for 2 of the other 3 ip's using the same standard default excuse, where I replied telling him, he should read the reply on his first request.
  • Until this day, I have not received ANY reply on that mail from Elvin Carbonel at all.

I do realize this action affects the operation of everyone.net, but I think this is a neccessary step to protect users against this form of spam, and the ignorant blind behaviour of everyone.net has tremendously contributed to this situation.

outsider / May-13-2016 05:57:59 GMT

Comments for The everyone.net case

These are the 5 (0 hidden) comments for the above post. You may add your own comment below!

Milton Kessler said on Sep-09-2016 16:20:20 GMT :

My IP address has shown up on 3 Black lists tih the following comment"comment made by[1286128] Elvin Carbonel at 2015-11-17 18:41:06.642917+00
I have no idea why I am being blacklisted or how to get this lifted. Any Idea welcomed


Bob Burnett said on Oct-05-2016 22:05:33 GMT :

Something very strange here, I am a everyone.net user and am having trouble with only one email addresses. No other emails get rejected.

Alexander Maassen said on Oct-10-2016 08:24:04 GMT :

@Milton Kessler
As you can see, they do now, although the comment entry is older

@Bob Burnett
It depends on the receiver if he accepts mails or not in case he utilizes our list or not. It could also be the case that they shifted the IP's of the outgoing MX servers to NOT use these.
You can test this by sending a mail from your everyone.net based account to any other mail account you might monitor and check it's headers.

Alexander Maassen said on Dec-20-2016 17:10:14 GMT :

Update (finally), based on this we disabled the listings for now:

Hello Alexander,

For Everyone.net, we have attempted to remediate several issues on our side in regards to items and have discontinued our free email service due to this now.

Are you still seeing any further issues from our network?

Elvin Carbonel l Senior Technical Support Engineer Proofpoint, Inc.
E: ecarbonel@proofpoint.com
threat protection l compliance l archiving & governance l secure communication

Alexander Maassen said on May-14-2016 10:27:58 GMT :

Update: received mail from elvin today, pointed him to this blog entry. This also clearly shows he has not read any replies from his request, nor does he even seem to remember the last time he was in this situation.

Subject: Everyone.net IPs
From: "Elvin Carbonel" ecarbonel@proofpoint.com
Date: Fri, May 13, 2016 10:53 pm
To: "outsider@scarynet.org" outsider@scarynet.org
Cc: "Jaren Angerbauer" ...@proofpoint.com
Priority: Normal

Hello,

I have submitted requests for 4 IPs:
216.200.145.35
216.200.145.36
216.200.145.37
216.200.145.38

I am just following up as this is now being problematic for us. Our customers are
getting more irritated on this.

Thank you,
-Elvin Carbonel



Add your own comment

Your name
Captcha
Your comment
You can use markdown syntax here for formatting.