Mihail Fortis is a B2B marketer who spams on behalf of small business customers in Estonia, the Baltics, Finland, and the Scandinavian peninsula. He manages to send a great deal of unsolicited bulk email to our spamtraps for somebody who spams in languages spoken by only a few million people.
Fortis currently does business under the name Maili.ee, using the business name Saiake OÜ. This is the name that his customers know him by and the domain/website that they use to sign up for service.
Fortis uses a variety of names and contact information to sign up for IP space. Many of the names are Russian, and he favors Russian ISPs as of April 2016. He often pays using the Russia-based Webmoney service (wmtransfer.com), which is commonly used in Russia. (It has been compared to Russia's Paypal.)
Fortis registers the domains that he uses to spam under a large number of names. Initially he used the name "Mihail Fortis" for domain registrations, but in late 2015 he started using other names that might be aliases or might be actual persons that register domains on his behalf. Most Fortis spam is sent under a personal name rather than a business name, although certain "fronts" used to register domains recently have had businesses associated with them.
In the past this spam organization's nameservers as shown in Whois records for were often stale or did not exist, and IP ranges that sent spam did not have rDNS, but in January 2016 the Fortis operation changed some of its methods, probably because email from these IPs and domains was widely blocked due to Fortis' carelessness. Now IPs and domains usually have proper configuration for sending email.
The name "Mihail Fortis" shares a postal address with one "Alexei Petrov" (a Russian name), sometimes known of as "Aleksejs Burovs" (the Latvian equivalent). We are not certain whether Petrov/Burovs is an alternate identity or a different person. Fortis is associated with at least two business names found in the Estonian Business Registry: Euro Marketing OÜ and Scanman Grupp OÜ. Both of these businesses appear to have poor or no reputations, but we have found no direct link between them and his spamming activities.
Fortis normally uses hosting in Russia, although he has been known to use German, Czech, and Swedish hosting as well. In the past few months, he has been abusing the free bit.ly and ow.ly redirector services to mask the links in his spam URIs. He seems to go back and forth between spamming very dirty lists and attempting to listwash so that he doesn't hit as many spamtraps.
What we have not seen is any indication that he has ever attempted to gain permission from the recipients of his bulk email.
MAIN BUSINESS INFORMATION:
Raua tn 1
Eesti Vabariik (Estonia)
MOST COMMON DOMAIN REGISTRATION INFORMATION:
firstname.lastname@example.org (domain registration)
email@example.com (forum posts)
Euro Marketing OÜ (contact email: firstname.lastname@example.org):
Scanman Grupp OÜ (contact email: email@example.com):
ALIASES USED FOR DOMAIN REGISTRATIONS OR TO OBTAIN SERVICE:
Kangelaste prospekt 5-3
Slavjanskii bulvar 12-4
Daniil Alexandrovich Malinkov
Данил Александрович Маликов
74637 Allika kula
Vikerlase tanav 13
AAA Omnikum LCC
Jaan Korti 15-3
"Alexei Petrov" posts job for translator to translate letters from
Latvian to Russian:
"Aleksejs Burovs" businesses listing:
Photo of Flats at Fortis' postal address:
The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.