Have you received an email advertising some cyber security subscription or a smart ring that seems to come from GSMArena.com? We didn’t send that email – it comes from a spam service that is pretending to be us.

A number of T-online.de users have reached out to us to report the spam emails, which prompted us to track down the issue. To be clear, we have nothing to do with the emails or the cyber security thing that they advertise. Here is what some of the spam emails look like:

This is what some of the spam emails look like

If you have received a spam email like the ones seen above, you should contact your email provider’s support team and tell them about the issue.

The spammers are spoofing our email address – this means they are falsely setting GSMArena.com as the sender of the email. Specifically, it looks like the email came from tpjdlgcj@gsmarena.com, but that’s not an active account on our server (that random jumble of letters is clearly randomly generated). Instead the emails are coming from a server owned by Microsoft (52.103.140.27) and one owned by Oracle (92.5.13.127), neither of which is part of our infrastructure. These are most likely cloud hosts that are used by the spammers.

This is an old trick and your email provider should have blocked these emails. We have contacted the provider to explain the situation and it is taking steps to improve its spam filtering. We are also working on our end to make spoofing harder in the future.

There are established tools to fight the domain spoofing that the spammers are using. Without getting into too many technical details, a reverse DNS check will discover that the sender’s IP address does not match the GSMArena.com IP address, which is a major red flag. Additional tools like SPF, DKIM and DMARC can similarly identify spam email that employs spoofing. On our end, we have set our SPF policy to “hardfail”, which will tell email providers to block emails that did not originate from our servers.