Spam campaign impersonating us targets T-Online users in Germany

Have you received an email advertising some cyber security subscription or a smart ring that seems to come from GSMArena.com? We didn't send that email – it comes from a spam service that is pretending to be us. A number of T-online.de users have reached out to us to report the spam emails, which prompted us to track down the issue. To be clear, we have nothing to do with the emails or the cyber security thing that they advertise. Here is what some of the spam emails look like: This is what some of the spam emails look like

If you have received a spam email like the ones seen above, you should contact your email provider’s support team and tell them about the issue. The spammers are spoofing our email address – this means they are falsely setting GSMArena.com as the sender of the email. Specifically, it looks like the email came from [email protected], but that’s not an active account on our server (that random jumble of letters is clearly randomly generated). Instead the emails are coming from a IP addresses belonging to Microsoft's and Oracle's cloud networks (52.103.140.27 and 92.5.13.127), and neither is part of our infrastructure. These are most likely cloud hosts that are used by the spammers. This is an old trick and modern spam filters should normally block emails like this. We tried contacting the provider to explain the situation, but we are yet to receive adequate response. There isn't much we can do on our end to prevent this spam, as it's enabled by the indadequate policies of the email providers. There are established tools to fight the domain spoofing that the spammers are using. Without getting into too many technical details, areverse DNS checkwill discover that the sender’s IP address is not authorized to send emails on behalf of GSMArena.com, which is a major red flag. Additional tools likeSPF,DKIMandDMARCcan similarly identify spam email that employs spoofing. On our end, we have set our SPF policy to "hardfail," which signals email providers that any email not sent from our servers should be treated as fraudulent.”.