For years I’ve been tracking spam from Argentina that is using yopmail.com / yopmail.net disposable sender addresses.

Unlike a lot of spam sent from other countries, the advertised companies are mostly legitimate businesses, some of whom may be clueless that mail is being sent to unwilling recipients all over the globe who may not even speak Spanish.

The sender IPs tend to be on cablevision.com.ar, for example from the 190.188.0.0/15, 190.190.0.0/15 and 181.164.0.0/14 ranges.

The spamming company owns several domains, but these don’t normally show up in sender addresses or links, e.g.:

mktnegocios.net:

Domain name: mktnegocios.net
Registry Domain ID: 186887
Registrar WHOIS Server: whois.dattatec.com
Registrar URL: http://dattatec.com
Updated Date: 2017-09-20T01:00:53Z
Creation Date: 2011-09-19T11:24:51Z
Registrar Registration Expiration Date: 2018-09-19
Registrar: dattatec.com SRL
Registrar IANA ID: 1388
Registrar Abuse Contact Email: abuse@dattatec.com
Registrar Abuse Contact Phone: +54.3415169000
Domain Status: OK
Registry Registrant ID: DC282919DTT
Registrant Name: Cid Ricardo Ernesto
Registrant Organization: Cid Ricardo Ernesto
Registrant Street: Islandia 4393
Registrant City: Lanus Oeste
Registrant State/Province: Buenos Aires
Registrant Postal Code: 1824
Registrant Country: ar
Registrant Phone: +54.42679611
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: ricardocid@hotmail.com

mktnegocios.info:

Domain Name: MKTNEGOCIOS.INFO
Registry Domain ID: D42311407-LRMS
Registrar WHOIS Server:
Registrar URL: http://dattatec.com
Updated Date: 2017-09-19T22:22:35Z
Creation Date: 2011-09-19T11:25:09Z
Registry Expiry Date: 2018-09-19T11:25:09Z
Registrar Registration Expiration Date:
Registrar: Dattatec.com SRL
Registrar IANA ID: 1388
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: ok https://icann.org/epp#ok
Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod
Registry Registrant ID: C114356985-LRMS
Registrant Name: Cid Ricardo Ernesto
Registrant Organization: Cid Ricardo Ernesto
Registrant Street: Islandia 4393
Registrant City: Lanus Oeste
Registrant State/Province: Buenos Aires
Registrant Postal Code: 1824
Registrant Country: AR
Registrant Phone: +000.42679611
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: ricardocid@hotmail.com
Registry Admin ID: C114356985-LRMS
Admin Name: Cid Ricardo Ernesto
Admin Organization: Cid Ricardo Ernesto
Admin Street: Islandia 4393
Admin City: Lanus Oeste
Admin State/Province: Buenos Aires
Admin Postal Code: 1824
Admin Country: AR
Admin Phone: +000.42679611
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: ricardocid@hotmail.com
Registry Tech ID: C114356985-LRMS
Tech Name: Cid Ricardo Ernesto
Tech Organization: Cid Ricardo Ernesto
Tech Street: Islandia 4393
Tech City: Lanus Oeste
Tech State/Province: Buenos Aires
Tech Postal Code: 1824
Tech Country: AR
Tech Phone: +000.42679611
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: ricardocid@hotmail.com
Registry Billing ID: C114356985-LRMS
Billing Name: Cid Ricardo Ernesto
Billing Organization: Cid Ricardo Ernesto
Billing Street: Islandia 4393
Billing City: Lanus Oeste
Billing State/Province: Buenos Aires
Billing Postal Code: 1824
Billing Country: AR
Billing Phone: +000.42679611
Billing Phone Ext:
Billing Fax:
Billing Fax Ext:
Billing Email: ricardocid@hotmail.com
Name Server: NS21.DATTATEC.COM
Name Server: NS22.DATTATEC.COM
Name Server: NS3.HOSTMAR.COM
Name Server: NS4.HOSTMAR.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

mktnegocios.com.ar:

Datos del dominio
Nombre y Apellido: DALLAVIA FERNANDO LUCIANO VICTOR LUCIANO VIVTOR
CUIT/CUIL/ID: 20220483895
Fecha de Alta: 23/01/2017
Fecha de última Actualización: 24/01/2017
Fecha de vencimiento: 23/01/2018

On their website they explain to their prospective customers that they will spam to harvested addresses:

BASE DE DATOS :

Contamos con bases de datos argentinas y del exterior validadas la totalidad de las mismas cada 15 dias, asegurandonos asi la completa funcionalidad y validez de los emails. Los datos se obtienen a traves de extracciones de emails por medio de software en la web.

Translation:

Databases

We have Argentine and foreign databases completely validated every 15 days, thus ensuring the full functionality and validity of emails. The data is obtained through extraction of emails through software on the web.

Owners of harvested addresses have by definition not signed up to receive bulk mail. Their various mailing package go as high as 16,000,000 emails…

See also:

• Spam Gang Argentina
• Spam Gang Argentina (Blogspot)

If you’re a business in Argentina trying to decide on online advertising, hiring a spammer like this will damage your reputation and may end up getting your domains blacklisted.