Like many people, I have more than one email address. One of my addresses has gotten out in the wild and become completely useless for actual correspondence. As a side benefit, I can now use it as a canary account to see trends in spam in near real time. The latest trend is coming in the form of robotically created sending servers and email addresses. There are still some recurring telltale patterns that give them away.
The messages are consistently coming from a “newslettter@” address. They have information in the from name and subject lines. The message body is typically an image bundled with the email. They include a block of text at the bottom to “unsubscribe”. Inspection of that unsubscribe link shows another recurring pattern in the URL: /u/d/. That is indicative of a processing engine that will take whatever comes afterward and be able to track which campaign yielded results. The actual domains look like they were created using random word generators. They have all been registered recently and are doing everything “right” to not run afoul of any legal issues. They are hiding the actual servers behind CloudFlare but we can assume they are running on Amazon or Alibaba — the most cost effective options.
If you were going to set up a legitimate newsletter, there would be a checklist of things to do to make your email messages get through the spam filters to the destination targets. These bad actors are doing all of those things. When you look at the message headers you can see “Received-SPF: pass” and “Authentication-Results: dkim=pass”. This alone would be enough to fool an independent email service. The only thing that is keeping these messages from my inbox is that my email provider sees the same pattern and is putting these messages in my Junk folder. Still it is annoying to get 100-200 new spam messages per day. So what can be done? Unfortunately, not a whole lot. The cost of sending a single email is so low that it just takes one sale to fund 100,000 more spam messages. It is a self perpetuating engine without a clear solution (that people are actually willing to implement).