If you have received an email promoting a cybersecurity subscription or a smart ring that appears to originate from GSMArena.com, please be aware that we did not send it. This email is part of a spam campaign masquerading as our brand.
Several T-Online users have contacted us regarding these spam emails, which prompted our investigation into the matter. To clarify, we are not associated with these emails or the cybersecurity products they promote. Below is an example of some of the spam emails:
This is what some of the spam emails look like
If you receive a spam email similar to the examples displayed above, we advise you to reach out to your email provider's support team for assistance.
The spammers are spoofing our email address, making it appear as if the emails are sent from GSMArena.com. Specifically, one of the addresses seen is tpjdlgcj@gsmarena.com, which is not an active account on our server (the random string of letters indicates it is generated). In reality, the emails are being transmitted from IP addresses belonging to Microsoft and Oracle's cloud networks (52.103.140.27 and 92.5.13.127), neither of which are part of our operations. These IPs are highly likely to be utilized by the spammers.
This tactic is an old one, and although modern spam filters should typically reject such emails, we have reached out to the provider for assistance without receiving a satisfactory response. Unfortunately, there is little we can do on our end to halt this spam, as it is made possible by the insufficient policies of email providers.
There are recognized tools for combating the domain spoofing employed by these spammers. Without delving into technical jargon, a reverse DNS check will reveal that the sender's IP address is not authorized to send emails on behalf of GSMArena.com, which serves as a significant red flag. Additional mechanisms, such as SPF, DKIM, and DMARC, can also help detect spam emails that utilize spoofing techniques. On our part, we have implemented a stringent SPF policy set to 'hardfail,' signaling to email providers that any email not sent from our servers should be considered fraudulent.
