ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
The Register of Known Spam Operations
Davi Junior / Email-Master

Evidence Menu:

Davi Junior / Email-Master Index

Country: Brazil
Brazilian snowshoe spam operation: many domains, many IPs, many IDs, many excuses ("customer of a customer" is a favorite), lots and lots of spam.

Davi Junior / Email-Master SBL Listings History
Current SBL Listings
Archived SBL Listings

Main Info

Among the Internet security community, the term "BRIC" is widely used to refer to Brazil, Russia, India and China. The number, size and scope of spam, abuse and security problems tracing back to those countries are huge, widespread and infamous. Governments and legitimate businesses in those countries are well advised to take effective measures to stop such abuses which heap reputational damage across their entire country's Internet and market space. This spammer is precisely such an example of how Brazil has become the "B" in "BRIC."

"Davi Junior / Email-Master" is a classic snowshoe spam operation in Brazil. He (she?) uses many names, companies, addresses, domains, and IPs to send huge volumes of spam. His lists are extremely dirty. He will mail for most any business except porn and drugs. He uses Interspire Mailer for his spam cannons, sometimes emitting through Postfix servers.

Account information for this spammer appears to be valid in most cases, however it is different for nearly every account. That implies the spam operator is hiring "mules" to purchase accounts under their own identity for the spam operation's use. That sort of evasive account acquisition is proof in itself of the spammer's ill intent, and a classic "snowshoe" type of move intended to shed negative reputation.

As of June/July 2014, when Spamhaus turned up the heat and turned over some of this spammer's rocks, he has changed from using a few "keeper" domains, sometimes seen in earlier whois records or in account sign-ups, to using an ever-changing array of freemail addresses, presently

Portuguese is this spammer's mother tongue. He uses a Portuguese ISP. Some of his spam is in Portuguese, including UTF-8 encoded Subjects. Product prices are displayed in images as "R$," meaning Brazilian reals (unit of currency).

His spam contains several URLs in each message, often five to eight URLs per spam, for content (usually .jpg), payload, 'open' indicators (web bugs), and unsubscribe forms. There are also URLs from affiliate programs in some of his spam, so he does spam runs on behalf of affiliate programs as well as direct-for-hire spamming. The "open" and "unsubscribe" URLs contain complex encoding to track messages on a per-recipient basis.

He uses a variety of domains including .com, .net, .info, .br, .in, .pl and other TLDs. Some are new, others appear to have been aged, possibly purchased through a broker or spam service specialist.

Related URLs

Definition: Snowshoe spamming

The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is:

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy