Arendame OÜ (Maili.ee) is a B2B marketer who spams on behalf of small business customers primarily in Estonia and Finland, with significant spam activity also in Latvia, Lithuania, and the Scandinavian peninsula. Arendame manages to send a great deal of unsolicited bulk email to our spamtraps for an organization that spams primarily in languages spoken by only a few million people.
Arendame was formerly called "Mihail Fortis" in this ROKSO record, a name taken from one of many names used in domain registrations. It formerly operated under the business name Saiake OÜ, and has also used a number of other business and personal names in its activities.
Arendame uses a variety of names and contact information to sign up for IP space. Many of the names are Russian, and he favors Russian ISPs as of April 2016. It often pays using the Russia-based Webmoney service (wmtransfer.com), often called Russia's Paypal.
Arendame registers the domains that he uses to spam under a large number of names. Initially it used the name "Mihail Fortis" for domain registrations (an alias), and later used a number of other names. In late 2015 it started using other names, some aliases and some belonging to actual persons that register domains on Arendame's behalf. Most Arendame spam is sent under a personal name rather than a business name, although certain "fronts" used to register domains recently have had businesses associated with them.
In the past this spam organization's nameservers as shown in Whois records for were often stale or did not exist, and IP ranges that sent spam did not have rDNS. In January 2016 Arendame changed some of its methods, probably because email from these IPs and domains was widely blocked. Now IPs and domains usually have proper configuration for sending email.
The name "Mihail Fortis" shares a postal address with one "Alexei Petrov" (a Russian name), sometimes known of as "Aleksejs Burovs" (the Latvian equivalent). We are not certain whether Petrov/Burovs is an alternate identity or a different person. The name "Mihail Fortis" is associated with at least two business names found in the Estonian Business Registry: Euro Marketing OÜ and Scanman Grupp OÜ. Both of these businesses appear to have poor or no reputations, but we have found no direct link between them and his spamming activities.
Arendame normally uses hosting in Russia, although he has been known to use hosting in Latvia, Byleorussia, Germany, the Czech Republic, and Swedish as well. It sometimes abuses free redirectors (among them bit.do, bit.ly, and ow.ly) to mask the links in his spam URIs. He seems to go back and forth between spamming very dirty lists and attempting to listwash so that he doesn't hit as many spamtraps.
What Spamhaus have not seen is any indication that Arendame has ever attempted to gain permission from the recipients of its bulk email.
MAIN BUSINESS INFORMATION:
tammsaare tee 59-66,
Eesti Vabariik (Estonia)
Raua tn 1
Eesti Vabariik (Estonia)
MOST COMMON DOMAIN REGISTRATION INFORMATION:
firstname.lastname@example.org (domain registration)
email@example.com (forum posts)
Euro Marketing OÜ (contact email: firstname.lastname@example.org):
Scanman Grupp OÜ (contact email: email@example.com):
ALIASES USED FOR DOMAIN REGISTRATIONS OR TO OBTAIN SERVICE:
Kangelaste prospekt 5-3
Slavjanskii bulvar 12-4
Daniil Alexandrovich Malinkov
Данил Александрович Маликов
74637 Allika kula
Vikerlase tanav 13
AAA Omnikum LCC
Jaan Korti 15-3
"Alexei Petrov" posts job for translator to translate letters from
Latvian to Russian:
"Aleksejs Burovs" businesses listing:
Photo of Flats at Fortis' postal address:
The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.