GuliSons.com/DigiProw.in - SEO spammers, hosted by OVH [UPDATED]
As we've detailed in the past, French hosting provider OVH has become one of the Internet's largest single sources of spam, blurring the lines between a true "bulletproof" host that deliberately allows their systems to be used maliciously as a matter of policy - and cheap hosts that depend a quantity-over-quality where hiring a competent abuse department would cut into their razor-thin profit margins. In the last 2-3 years, I don't think there's been a single day where we haven't received at least one spam EMail that either originated from OVH's servers, or advertised a site hosted by OVH - or both. So we don't report on most of it, but I decided to make exception for some spam we received today, as it's an intersection between two of my least favourite things: spam-friendly hosting providers, and SEO spammers.
SEO/web development spam is both my least favourite & most favourite type of spam. Least favourite, because those spammers are often using our own systems (mail servers) to try to poach our clients - and that's when they're not stupid enough to try to sell us the very same services that we provide. But it's also my most favourite, because those spam messages usually have valid from/reply-to address, and the senders will often even reply, providing more spam messages that can be reported to their provider. Typically, this type of spam comes from free EMail services - until a few years ago, that was mainly GMail, though those spammers seem to have migrated en masse to Hotmail/Outlook.com back in 2016. The spam from GuliSons.com/DigiProw.in jumped out me because it came from an actual company domain name, and included a link to their website.
To explain why that is notable, I'll first need to explain why SEO/web dev spammers normally use freemail services & don't initially include links to their websites. In a nutshell, it's done for the purposes of keeping their spamming operations at arm's length from the company providing the services advertised in the spam. If you have time & patience to lead on a SEO/web dev spammer, eventually most will provide you with a link to their actual website and/or contact you from their real company EMail address - but they typically won't do that until they believe they have a "live one" on the hook. Otherwise, if they spammed from their company domain name - and/or included a link to their website - then people could report the spammers to their providers, and there's a good chance their primary EMail and/or web hosting would get shut down. But as long as they only use freemail accounts for the actual spamming & don't initially mention their real website address or company name, then even if GMail/Hotmail shuts down one account, the worst-case is that they're out 5 minutes of effort to register a new account & resume spamming.
In that context, it seems odd for GuliSons.com to send out spam that not only comes from their company domain name, but also includes a link to their website - which is hosted by the same provider as their EMail (OVH), meaning that a single spam complaint could conceivably result in the suspension/termination of both their official website & EMail. Putting so many eggs in one basket seems like a fairly big risk, unless GuliSons.com/DigiProw.in have some reason to believe that, even if they are reported, OVH won't take any action against their account...
But, we'll see. The spam EMail, and the links in it, have all been reported to OVH as of 12:58PM today (July 8th, 2017) and it's such a blatant, obvious example of spamming that even OVH's abuse department should be capable of dealing with it. It will certainly be interesting to see how long it takes OVH to address the issue (if they address it all), feel free to comment with your prediction - but my advice is to aim high (weeks or months, rather than hours or days).
UPDATE JULY 09, 2017: unsurprisingly, no actions appear to have been taken (yet?) against the latest OVH-hosted spammers that we reported - BUT it looks like the persistent Kijiji-impersonating spam that we reported on earlier has resumed. After nearly 5 months without receiving any (the previous spam for that site was received on Feb. 14th, 2017), we received another one overnight - less than 24 hours after this post was originallyy published. Very interesting timing! And, of course, the Kijiji-impersonating spam is still advertising the site Classifieds-news[dot]com, which is still hosted by OVH - despite it being an obvious spam support site, which we've reported to OVH at least 100 times over the past two and a half years.
UPDATE JULY 17, 2017: it appears that OVH has finally acted on the report we sent... sort of. The GuliSons.com website no longer loads, and in its place is the generic CPanel "Default Web Site Page"/error - however, the two other sites owned by the same spammers (GuliMart.com & DigiProw.in) are both still online. And that's despite both of the other sites resolving to the same IP address as GuliSons.com (198.27.88.99) - so they appear to be on the same hosting account/VPS - and despite the fact that both of those sites were also advertised in the same EMail that we reported to OVH. So it's taken OVH around nine days to address one third of the problem, and sadly even that's still an improvement over their previous turnaround time for addressing spam reports.
UPDATE JULY 25, 2017: apparently we spoke too soon & overestimated the competence of OVH's abuse department, because the GuliSons.com website is online once again - still hosted by OVH, and still hosted on the exact IP address (198.27.88.99). So half a month later, not only has OVH failed to address the entire issue - they still haven't addressed ANY part of the issue.
UPDATE AUGUST 01, 2017: almost a month later, and OVH has apparently done nothing about the spam-support site that they are hosting - because we're still receiving spam advertising the spam-support site GuliSons.com, which is still hosted by OVH. For those keeping count, that's now 23 days (and counting) - at this point, regardless of whether it's deliberate or just due to incompetence, I think it's safe to say that OVH is a spam-friendly provider.
