HOW GEEK!

geek notes for advice seekers

emicro.fr / emicro.eu / rambaud maurice / air-email.eu spam

If you’re a system admin, this guy may have broken your balls. After being kicked from several hostings, his sites are still alive.

http://spamnation.info/go/domain/emicro.eu

Name    E.Micro
Domain    emicro.eu
Type    bulkmailer or list vendor
Count    37
First sent    09.10.2007
Last sent    10.12.2008

Name      Domain     Count
E.Micro    emicro.eu    37
lesmails1.net    lesmails1.net    0
lesmails5.fr    lesmails5.fr    0
lesmails8.fr    lesmails8.fr    0
novembre08.net    novembre08.net    0
serveur07.net    serveur07.net    0
serveur331.net    serveur331.net    0
serveur332.net    serveur332.net    0
serveur361.net    serveur361.net    0
serveur371.net    serveur371.net    0
serveur372.net    serveur372.net    0
serveurtq1151.net    serveurtq1151.net    0
Air Email    air-email.eu    22
communication04.com    communication04.com    0
E.Micro    emicro.fr    5
envois-de-mails.com    envois-de-mails.com    1
les-mels.com    les-mels.com    1
Total     (17 sites)     66

You can also add those to the list:

lesmails1.info

lesmails11.info

lesmails4.fr

decembre08.net

Interestingly, lesmails1.info/Pages/ and other sites redirect to:

http://81.56.175.112/Pages/

Which is the site of his Mac reselling company emicro.fr .

81.56.175.112 is also his home or work dsl, but his ISP Free.fr refused to disable his account claiming the spams aren’t sent directly from his dsl connection.

His email marketing company is air-email.eu, do NOT buy from him, his emails are NOT opt-in even if he claims so, this will get your domain blacklisted and less than 1% of the mails will be read.

After exchanging mails with the dedibox.fr abuse, where he sent spams for some days, they deleted his account, but he now sends them from Turkey:

Received: from server58.mediaon.info (unknown [195.5.168.58]).

Here is more info about him:

SARL au capital de 1000 € – RCS Grenoble 504213521 – Siège social : Les Barillats – 38160 Saint Romans (France)

person:      Maurice Rambaud
address:     E . MICRO
address:     les Barillats
address:     38160 Saint-Romans
country:     FR
phone:       +33 4 76 38 84 09
fax-no:      +33 4 76 38 84 09
e-mail:      mrambaud@emicro.fr
liste-r:     N
nic-hdl:     MR643-FRNIC
mnt-by:      OVH-MAINTAINER01
changed:     04/08/2004
source:      FRNIC

Feel free to spam him at mrambaud@emicro.fr or mail@air-email.eu .

For the record, here’s the latest spam i got from them:

Received: from server58.mediaon.info (unknown [195.5.168.58])
by *********** (Postfix) with ESMTPS id D899A33100A7
for <***********>; Wed, 21 Jan 2009 00:54:06 +0100 (CET)
Received: from serveur95 (unknown [195.154.90.97])
by server58.mediaon.info (Postfix) with ESMTP id C6AC215187
for <***********>; Wed, 21 Jan 2009 01:05:34 +0100 (CET)
Received: from workstation ([192.168.0.1])
by (Merak 8.0.3) with SMTP id UB106958
From:”Communication” <postmaster@lesmails1.info>
To: ***********
Subject: Energie solaire, c’est le moment !
Message-ID: <***********@lesmails1.info>
Date: Wed, 21 Jan 2009 00:58:40 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_000_0001_29C34C2E.3663F848″
X-Priority: 3
X-Mailer: Office Outlook 12.0

This is a multi-part message in MIME format.

——=_NextPart_000_0001_29C34C2E.3663F848
Content-Type: text/plain;
charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

Si vous ne visualisez pas correctement ce message, Cliquez ici=0D=0A =0D=
=0ASi vous ne souhaitez plus recevoir d’email de notre part, =
nous nous excusons de la g=C3=AAne occasionn=C3=A9e,=0D=0Aet =
nous vous proposons de vous supprimer de notre liste de diffusion.=0D=0A=
Pour d=C3=A9sinscrire *********** de notre NewsLetter =
: Cliquez ici

——=_NextPart_000_0001_29C34C2E.3663F848
Content-Type: text/html;
charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>=0D=0A<H=
TML><HEAD>=0D=0A<META http-equiv=3DContent-Type content=3D”text/html; =
charset=3Diso-8859-1″>=0D=0A<META content=3D”MSHTML 6.00.2900.2180″ =
name=3DGENERATOR></HEAD>=0D=0A<BODY style=3D”TEXT-ALIGN: center”><FONT=
size=3D-1>Si vous ne visualisez pas correctement ce message, =
<A href=3D”http://www.lesmails4.fr/693_4454.jpg”>Cliquez ici=0D=0A<P><=
/P></A></FONT><IMG height=3D842 alt=3D”” src=3D”http://www.lesmails4.f=
r/693_4454.jpg” width=3D593 useMap=3D#Map border=3D0> <MAP name=3DMap>=
<AREA shape=3DRECT coords=3D119,812,473,838 href=3D”http://www.lesmail=
s4.fr/Pages/4044454.lasso?email=3D***********&amp;clic1=3DClic1&=
amp;client=3D4454″><AREA shape=3DRECT coords=3D234,653,355,670 =
href=3D”http://www.lesmails4.fr/Pages/4044454m1.lasso?email=3D***********&amp;clic2=3DClic2&amp;client=3D4454″><AREA shape=3DRECT =
coords=3D232,391,355,408 href=3D”http://www.lesmails4.fr/Pages/4044454=
m1-1.lasso?email=3D***********&amp;clic3=3DClic3&amp;client=3D44=
54″><FONT face=3DGeneva,Arial,Helvetica,sans-serif color=3D#666666 =
size=3D2>=0D=0A<P></P>Si vous ne souhaitez plus recevoir d’email =
de notre part, nous nous excusons de la g=C3=AAne occasionn=C3=A9e,=0D=
=0A<P></P>et nous vous proposons de vous supprimer de notre =
liste de diffusion.<FONT size=3D-2></FONT>=0D=0A<P></P><FONT =
face=3DGeneva,Arial,Helvetica,sans-serif color=3D#666666 size=3D2>Pour=
d=C3=A9sinscrire *********** de notre NewsLetter : </FONT><FONT=
size=3D2><A href=3D”http://www.lesmails4.fr/Pages/1004454.lasso?nosub=
scribehide=***********”>Cliquez ici=0D=0A<P></P>=0D=0A<P></P></FO=
NT></A></FONT></MAP></BODY></HTML>

——=_NextPart_000_0001_29C34C2E.3663F848–

UPDATE: 17/02/2009

Still spamming! I will update below the list of the (new) servers/domains he is using, and his customers:

  • Servers sending spam:

123.179.154.195.alicepro.te-dns.org [195.154.179.123]

server58.mediaon.info (195.5.168.58)

server201.mediaon.info (unknown [195.5.168.201])

  • Servers hosting the spam images:

lesmails27.info (78.40.37.210) redirects to lesmails64.info

lesmails5.info (78.40.37.210) redirects to lesmails64.info

lesmails64.info which resolves to: 72.167.232.203 (secureserver.net/GoDaddy)

lesmails9.info (78.40.37.210) redirecting to lesmails64.info

lesmails20.info

redirect104.info

  • Servers hosting the pages to unsubscribe:

redirect0.info resolves to 81.56.175.112 (Free/Proxad), same IP as before.

  • His customers:

amprod.fr

air-email.eu (yes he spams for himself)

animopassion.com

UPDATE: May 2009

No more spam from him and all his servers, sites including the free.fr hosting space and emicro.fr are dead!

UPDATE: 8 June 2009

Still spamming, according to a comment on the blog: aamels-1.info

UPDATE: 10 June 2009

New domain: les-mels6.net.

7 Responses to “emicro.fr / emicro.eu / rambaud maurice / air-email.eu spam”

Leave a Reply to plouf le chien Cancel reply

Your email address will not be published.