SPAMCOP HOME · SPAMCOP FAQ · NEWSGROUPS · FORUM FAQ · WEBMAIL · SSL WEBMAIL · SPAMCOPWIKI


 Other words, data, places -->  SpamCop Pages V  FAQs & Words V  Newsgroups V  WebMail V  News-Recent Stuff V   Poll on menu

------>------> Latest and Current Announcements <------<------

Welcome Guest ( Log In | Register )

> This is a User to User Support Forum

The primary mode of support here is peer-to-peer, meaning users helping other users. (please remember this at all times!)
Another try:
This forum is composed of people who have used spamcop and those who are learning about anti-spam efforts.

 
Reply to this topicStart new topic
> How do you report scams from @live.com ??, getting a lot of phishing scams from @live.com
epgeek
post Aug 27 2008, 04:18 PM
Post #1


Member
**

Group: Members
Posts: 30
Joined: 31-August 06
Member No.: 6498



I seem to be getting a lot of phishing spam with a return address back to "phishing scam"@live.com ... When I try to report the scam to abuse[at]live.com I get back "mailbox unavailable". The same reply comes back when I try to send to info[at]live.com ... I understand that Microsoft is offering these "free mailboxes" , but they are not supporting any address to report back spams and scams.? That would seem to be an open invitation to the most vile kind of phishing scam. It would appear that Microsoft is grossly irresponsible, if not criminally irresponsible?
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
rconner
post Aug 27 2008, 04:31 PM
Post #2


Been There
Group Icon

Group: Memberp
Posts: 1058
Joined: 23-January 07
From: Maryland, USA
Member No.: 7388



QUOTE(epgeek @ Aug 27 2008, 05:18 PM) *
I seem to be getting a lot of phishing spam with a return address back to "phishing scam"@live.com ... When I try to report the scam to abuse[at]live.com I get back "mailbox unavailable". (...) It would appear that Microsoft is grossly irresponsible, if not criminally irresponsible?
It might appear that way, but in reality it probably isn't.

The problem is that spammers (and phishers) simply forge the return addresses in their messages. These are not the proper return addresses for the phishers who sent you the mail (and worse, they may belong to innocent parties who would be the ones getting any replies you might send to them). Furthermore, the fact that these addresses are "@live.com" does not mean that the messages were sent through live.com facilities, or had any contact whatsoever with live.com.

More than likely what live.com is telling you with "mailbox unavailable" is that these addresses don't exist at live.com (i.e., because they were made up out of whole cloth by the phisher).

Here's a page that might be of use: http://www.rickconner.net/spamweb/notmyaddress.html

If you want to report such a message, you need to find out the IP address from which it was sent, and report the abuse of that address (and not the return e-mail address) to the provider responsible for the address. For this task, you need to pore over the headers of the message yourself, or else submit the message through the SpamCop parser (I assume you are registered with SC for this purpose); this will prepare accurate reports for you to file if you wish.

-- rick

This post has been edited by rconner: Aug 27 2008, 04:41 PM


--------------------
Richard C. Conner, P.E.
http://www.rickconner.net/spamweb/
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Telarin
post Aug 27 2008, 04:40 PM
Post #3


Advanced Member
Group Icon

Group: Memberp
Posts: 814
Joined: 30-November 05
Member No.: 4882



Rick, I believe he means that abuse[at]live.com is undeliverable.

To answer your question, epgeek, yes, not providing these RFC required role addresses is grossly irresponsible on Microsoft's part. It has been my experience that most mail providers don't seem to care if their free mailboxes are used as a drop for scam and phishing emails. I assume that is what you meant. You received a typical scam/phishing email with a note not to reply, but to instead send email correspendence to scammer[at]live.com?


--------------------
Will Russell, MCP
IT Specialist
Galveston Insurance Associates
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
rconner
post Aug 27 2008, 04:50 PM
Post #4


Been There
Group Icon

Group: Memberp
Posts: 1058
Joined: 23-January 07
From: Maryland, USA
Member No.: 7388



QUOTE(Telarin @ Aug 27 2008, 05:40 PM) *
Rick, I believe he means that abuse[at]live.com is undeliverable.
Yes, that occurred to me, but I'd already done too many edits for grammar to change this. I agree that the failure to use the proper role address is a bad idea; I suppose that MS wants to deflect a lot of pointless reports, instead requiring the complainers to do a proper WHOIS lookup.

For the record:

CODE
rconner$ whois -h whois.abuse.net live.com
abuse[at]hotmail.com (for live.com)
report_spam[at]hotmail.com (for live.com)


-- rick


--------------------
Richard C. Conner, P.E.
http://www.rickconner.net/spamweb/
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Aug 27 2008, 05:18 PM
Post #5


What Life?
Group Icon

Group: Membersph
Posts: 6527
Joined: 23-February 04
From: Western Australia
Member No.: 491



QUOTE(rconner @ Aug 28 2008, 05:50 AM) *
...For the record:
CODE
rconner$ whois -h whois.abuse.net live.com
abuse[at]hotmail.com (for live.com)
report_spam[at]hotmail.com (for live.com)
Or for those preferring the web-based interface:
http://www.abuse.net/ -> http://www.abuse.net/lookup.phtml?domain=live.com

[on edit] Not to mention the SC members page (the all-in-one paste-in submission form). spammer[at]live.com (using '@') ->
QUOTE(http://members.spamcop.net/)
Parsing input: spammer[at]live.com
65.54.244.8 is an MX ( 5 ) for live.com
Routing details for 65.54.244.8
[refresh/show] Cached whois for 65.54.244.8 : abuse[at]microsoft.com
abuse[at]hotmail.com redirects to report_spam[at]hotmail.com
Using best contacts report_spam[at]hotmail.com
...
No, no, this is not a new feature - it's a very old one. And no, adding spamvertized eMail addresses to the standard reports won't be happening (already tried, back in the dreamtime, with unhappy results by all accounts). But the tool is there to find the reporting address in support of a manual report about the 'payload' eMail address used in phishing, advance fee scams, etc. - or the adventurous combination of the two, like this one:
http://www.spamcop.net/sc?id=z2193493578z0...577cad07a9f8e1z

Following sent to network-abuse[at]cc.yahoo-inc.com in consequence of that one:
QUOTE
Dear Sirs,
The following phish and/or advance fee scam received at this address appears to use the eMail address woode.charles[at]yahoo.com as a mailbox in the execution of criminal activity. Please investigate and enforce your AUP/TOS/CRA as appropriate.
------------------------------Original message------------------------------
...
Various statutory authorities and anti-phishing organizations could be added to the addressing - What other sites should I visit to help learn about, fight, handle spam?


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
btech
post Aug 28 2008, 01:54 PM
Post #6


Advanced Member
Group Icon

Group: Memberp
Posts: 447
Joined: 17-June 04
From: Texas
Member No.: 1895



What's weird is how SC will sometimes pick up the hand-off IPs on 419 scams and other times it won't. I find that scammers from Gmail addresses only resolve to Gmail, but there's usually 2 more IPs in there.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
rconner
post Aug 28 2008, 03:45 PM
Post #7


Been There
Group Icon

Group: Memberp
Posts: 1058
Joined: 23-January 07
From: Maryland, USA
Member No.: 7388



QUOTE(btech @ Aug 28 2008, 02:54 PM) *
What's weird is how SC will sometimes pick up the hand-off IPs on 419 scams and other times it won't. I find that scammers from Gmail addresses only resolve to Gmail, but there's usually 2 more IPs in there.
If I recall from previous posts here, Gmail does some internal relaying of outgoing mail among unrouteable IP addresses (172.*, I think). That might be why SpamCop can't track them all the way back within Google space. My ISP used to relay incoming mail in this fashion, I think this was quite the rage a couple years back (one reason why we had to start doing Mail Host Configuration in SC).

Also, the terminology is beginning to spin out of control on me here -- the original poster mentioned "phishing" mail, which to me is when the scammer tries to pretend to be your bank. To me, "419" is the usual african loot type scam. The difference is crucial, of course: in the former case, the return address is an irrelevant detail, while in the latter, the scammer MUST supply a working reply address (often in the body of the message, not in the From: field).

Obviously, you'd want to report the latter kinds of addresses, and certainly if they are hotmail/live.com/msn.com or whatever.

-- rick


--------------------
Richard C. Conner, P.E.
http://www.rickconner.net/spamweb/
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
btech
post Aug 28 2008, 03:48 PM
Post #8


Advanced Member
Group Icon

Group: Memberp
Posts: 447
Joined: 17-June 04
From: Texas
Member No.: 1895



Oh, I know.. I was talking about the 419s... I get at least 50 a day.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Miss Betsy
post Aug 28 2008, 09:17 PM
Post #9


T-shirt wearing out
Group Icon

Group: Membersph
Posts: 3336
Joined: 2-February 04
Member No.: 174



I hope the OP understands that if the scam email (phish or 419) seems to come from an address @ one of the free email services, it is forged. The only way to know what abuse address to use is to find the IP address it actually came from. Spamcop parser usually picks the correct abuse address for the correct IP address. OTOH, if there is an email address within the body of the spam, that, if you are gullible, you will respond to hoping either to correct a mistake (phish) or help someone out and you get a piece of the action (419), that's another story. Spamcop does not attempt any longer to offer abuse addresses for those email addresses within the spam body in the regular parse. You can get information by entering just the address, but no report is sent.

Usually, the free email services are very prompt to shut down an email address that is used within the body of the spam as a 'drop box' (in technical language) or at least, that's what they say they do. And, from anecdotal evidence, Hotmail does shut down first and investigate later.

Who knows why MS changed their abuse address? At any rate, they have and the new one has been around a long time.

Miss Betsy


--------------------
an almost new internet user
if you don't think your post has been answered sufficiently, please email service[at]admin.spamcop.net
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
epgeek
post Aug 29 2008, 11:17 AM
Post #10


Member
**

Group: Members
Posts: 30
Joined: 31-August 06
Member No.: 6498



QUOTE(Telarin @ Aug 27 2008, 04:40 PM) *
Rick, I believe he means that abuse[at]live.com is undeliverable.

To answer your question, epgeek, yes, not providing these RFC required role addresses is grossly irresponsible on Microsoft's part. It has been my experience that most mail providers don't seem to care if their free mailboxes are used as a drop for scam and phishing emails. I assume that is what you meant. You received a typical scam/phishing email with a note not to reply, but to instead send email correspendence to scammer[at]live.com?

In my original post I was referring to the "respond to address" that was contained within the body of the email as opposed to the "return address" on the email, which I assumed to be bogus. When I tried to send all relevant info to abuse[at]live.com (including Internet Header, body, attached copy of the original, etc.) I received the dreaded mailbox not found. It took some tracking on my part to find that I could forward this info to abuse[at]hotmail.com and that Microsoft was responsible. Stupid me, I would of thought that mighty and righteous Microsoft would have kept this up to date?? Also I was referring to a "419" scam which I guess wrongly assumed was just another form of phishing scam. I just received a couple more of these emails today offering free money if I would respond to somecrook[at]live.com ... I also get these scams from gmail, yahoo, etc. but these others all seem to support an abuse address.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Aug 29 2008, 11:53 AM
Post #11


What Life?
Group Icon

Group: Membersph
Posts: 6527
Joined: 23-February 04
From: Western Australia
Member No.: 491



QUOTE(epgeek @ Aug 30 2008, 12:17 AM) *
...It took some tracking on my part to find that I could forward this info to abuse[at]hotmail.com and that Microsoft was responsible. Stupid me, I would of thought that mighty and righteous Microsoft would have kept this up to date?? ...
The bigger they are, the less they seem to feel bound by rules. Anyway, three tools pointed to above all show report_spam[at]hotmail.com for live.com abuse and, sure, abuse[at]hotmail.com should be OK too. Or at least not reject.


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
jongrose
post Nov 10 2008, 05:55 AM
Post #12


Advanced Member
***

Group: Membera
Posts: 187
Joined: 23-February 04
Member No.: 480



It appears that report_spam[at]hotmail.com is now bouncing my reports of 419/lotto email reports. They are now filtering that address to prevent spam (?!@). Here is the report URL http://www.spamcop.net/sc?id=z2402230779ze...aaccde7bb89198z

This is the 2nd bounce I have gotten from this address w/in a couple weeks, so I know it is not an error/coincidence. I'm not sure if they have any alternative reporting addresses.

QUOTE
Return-Path: <spamcop[at]devnull.spamcop.net>
Delivered-To: spamcop-net-XXXX[at]spamcop.net
Received: (qmail 3014 invoked from network); 10 Nov 2008 10:34:29 -0000
X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7
X-spam-Level:
X-spam-Status: hits=-96.3 tests=CONFIRMED_FORGED,LOTTERY_PH_004470,
SARE_FRAUD_X3,USER_IN_WHITELIST_TO version=3.2.4
Received: from unknown (192.168.1.88)
by filter7.cesmail.net with QMQP; 10 Nov 2008 10:34:29 -0000
Received: from sc-smtp4-bulkmx.soma.ironport.com (204.15.82.126)
by mxin1.cesmail.net with SMTP; 10 Nov 2008 10:33:42 -0000
Received: from sc-app2.spamcop.net ([204.15.82.21])
by sc-smtp-vip.soma.ironport.com with SMTP; 10 Nov 2008 02:34:28 -0800
X-SpamCop-Reply-Ids: 3663211778
X-Spamcop-Return-Path: <MAILER-DAEMON>
Received: from sc-smtp4-bulkmx.soma.ironport.com (sc-smtp4-bulkmx.soma.ironport.com [204.15.82.126])
by sc-app2.soma.ironport.com (Postfix) with ESMTP id 850251C300B
for <3663211778[at]reports.spamcop.net>; Mon, 10 Nov 2008 02:33:39 -0800 (PST)
Received: from bay0-xmr-011.hotmail.com (HELO BAY0-XMR-011.phx.gbl) ([65.54.241.163])
by vmx2.spamcop.net with ESMTP; 10 Nov 2008 02:33:39 -0800
From: postmaster[at]BAY0-XMR-011.phx.gbl
To: 3663211778[at]reports.spamcop.net
Date: Mon, 10 Nov 2008 02:33:39 -0800
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx"
X-DSNContext: 7ce717b1 - 1196 - 00000002 - 00000000
Message-ID: <fyz5b6KZm00000690[at]BAY0-XMR-011.phx.gbl>
Subject: Delivery Status Notification (Failure)
X-SpamCop-Checked: 204.15.82.126 204.15.82.21 65.54.241.163

This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx
Content-Type: text/plain; charset=unicode-1-1-utf-7

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com




--9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx
Content-Type: message/delivery-status

Reporting-MTA: dns;BAY0-XMR-011.phx.gbl
Received-From-MTA: dns;BAY0-XMR-011.phx.gbl
Arrival-Date: Mon, 10 Nov 2008 02:33:33 -0800

Final-Recipient: rfc822;HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;550 5.7.1 <Your e-mail was rejected by an anti-spam content filter on gateway (131.107.115.214). Reasons for rejection may be: obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.>

--9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx
Content-Type: message/rfc822

Received: from mail pickup service by BAY0-XMR-011.phx.gbl with Microsoft SMTPSVC;
Mon, 10 Nov 2008 02:33:33 -0800
X-Message-Status: n:0
X-SID-PRA: Jonathan <3663211778[at]reports.spamcop.net>
X-SID-Result: Pass
X-Message-Info: 6sSXyD95QpU7Q6ojyRNIJvEVhlMWO5aw1wNOU8Wnw8+atKVZoWaaI2/atCdxu9d6u8NyL8XYRESn968Okz07Epl4zD0v8LDk
Received: from sc-smtp1-bulkmx.soma.ironport.com ([204.15.82.123]) by bay0-mc1-f23.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Mon, 10 Nov 2008 02:33:33 -0800
Received: from 204-15-82-98.ironport.com (HELO sc-app11.spamcop.net) ([204.15.82.98])
by sc-smtp-vip.soma.ironport.com with SMTP; 10 Nov 2008 02:33:33 -0800
Received: from [66.139.199.209] by spamcop.net
with HTTP; Mon, 10 Nov 2008 10:33:33 GMT
From: "Jonathan" <3663211778[at]reports.spamcop.net>
To: report_spam[at]hotmail.com
Subject: [SpamCop (Forwarded spam) id:3663211778]YOU HAVE BEEN AWARDED
Precedence: list
Message-ID: <rid_3663211778[at]msgid.spamcop.net>
Date: 9 Nov 2008 23:10:09 -0000
X-SpamCop-sourceip: 146.229.5.58
X-Mailer: http://www.spamcop.net/ v2
Return-Path: 3663211778.1df848bb[at]bounces.spamcop.net
X-OriginalArrivalTime: 10 Nov 2008 10:33:33.0713 (UTC) FILETIME=[C81C8810:01C9431F]

[ SpamCop V2 ]
This message is brief for your comfort. Please use links below for details.

User-targeted report, see notes, if any.
http://www.spamcop.net/w3m?i=z3663211778z1...2c85027673e720z
[ Comments from recipient regarding Forwarded spam ]
> Hello, the user sending this lotto/419 spam is using a Live email address (bmwgroup023[at]live.com) as a contact address. Please close this users account to prevent individuals from falling prey to this scam. Thank you.

[ Offending message ]
Return-Path: <info[at]bmw.co.uk>
Delivered-To: x
Received: (qmail 17319 invoked from network); 9 Nov 2008 23:12:00 -0000
X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade5
X-spam-Level: *****
X-spam-Status: hits=5.4 tests=LOTTERY_PH_004470,MISSING_HEADERS,SUBJ_ALL_CAPS
version=3.2.4
Received: from unknown (192.168.1.86)
by blade5.cesmail.net with QMQP; 9 Nov 2008 23:12:00 -0000
Received: from email.uah.edu (146.229.5.58)
by mxin2.cesmail.net with SMTP; 9 Nov 2008 23:10:09 -0000
Received: from chargermail.uah.edu (chargermail.uah.edu [146.229.5.82])
(authenticated bits=0)
by email.uah.edu (8.13.8/8.13.8) with ESMTP id mA9M5vAZ022685;
Sun, 9 Nov 2008 16:05:57 -0600 (CST)
Received: from 75-3.vgccl.net ([41.220.75.3])
(SquirrelMail authenticated user obriens)
by chargermail.uah.edu with HTTP;
Sun, 9 Nov 2008 16:06:13 -0600 (CST)
Message-ID: <2913_____________________________rrel[at]chargermail.uah.edu>
Date: Sun, 9 Nov 2008 16:06:13 -0600 (CST)
Subject: YOU HAVE BEEN AWARDED
From: =?iso-8859-1?Q?BMW=AE_Company_Awards?= <info[at]bmw.co.uk>
Reply-To: bmwgroup023[at]live.com
User-Agent: SquirrelMail/1.4.13
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Scanned-By: MIMEDefang 2.51 on 146.229.5.58
X-SpamCop-Checked:
X-SpamCop-Disposition: Blocked SpamAssassin=5




BMW� HQ Germany Plant:Heidemannstr. 164 DE-80939 MUNCHEN Germany.

From:THE BMW� (UK) Ltd Registered Office:
Ellesfield Avenue, Bracknell,
Berkshire, RG12 8TA.
United Kingdom.

Congratulations,

The Board of Directors,Members of staff and the International Awareness
Promotion Department of the BMW Automobile Company, Wishes to congratulate
you on your success as one of our TEN(10) STAR PRIZE WINNER in this year's
BMW Automobile International Awareness Promotion (IAP) held on Friday 7th
of November,2008 in Berkshire.

This makes you the proud owner of a brand new BMW 7 Series,730d Sports
Saloon car and a cash prize of 750,000.00 GBPs (Seven Hundred and Fifty
Thousand Great British pounds).

In order to redeem your prizes contact Mr.Thomas Peters R ,Bmw Claims
Manager of the Claims Department with the verification form below duely
Filled and sent through email to:

Mr.Thomas Peters R,
DIRECT EMAIL:bmwgroup023[at]live.com
Tel:+44(0) 7031925534.

VERIFICATION FORM:
1.)Full Name: 2.)Current Address: 3.)Country: 4.)Age: 5.)Sex:
6.)Occupation: 7.)Phone Number: 8.)REFERENCE NUMBER:BMW:25515500DS




--9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx--


--------------------
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Nov 10 2008, 09:43 AM
Post #13


What Life?
Group Icon

Group: Membersph
Posts: 6527
Joined: 23-February 04
From: Western Australia
Member No.: 491



QUOTE(jongrose @ Nov 10 2008, 07:55 PM) *
It appears that report_spam[at]hotmail.com is now bouncing my reports of 419/lotto email reports. They are now filtering that address to prevent spam (?!@). ... I'm not sure if they have any alternative reporting addresses.
Aagh! Yes, always has been difficult to get them to take responsibility for enforcing their own AUP/TOS/CRA.

http://hexillion.com/asp/samples/ValidateEmail.asp
Address parts
local part: bmwgroup023
domain: live.com
extra text:
MX records
preference exchange IP address (if included)
5 mx4.hotmail.com [65.54.244.104]
5 mx1.hotmail.com [65.54.244.8]
5 mx2.hotmail.com [65.54.245.40]
5 mx3.hotmail.com [65.54.245.72]
SMTP session

[Contacting mx4.hotmail.com [65.54.244.104]...]
[Connected]
220 bay0-mc4-f18.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Mon, 10 Nov 2008 06:30:46 -0800
EHLO hexillion.com
250-bay0-mc4-f18.bay0.hotmail.com (3.7.0.89) Hello [70.84.211.98]
250-SIZE 29696000
250-PIPELINING
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-AUTH LOGIN
250-AUTH=LOGIN
250 OK
NOOP *** See <http://www.hexillion.com/MailAdmin/> for an explanation of this session
250 OK
NOOP *** HexValidEmail COM 1.4.12 <5c31a8fa73d35685c3baa1e0430da151bdc52a85>
250 OK
RSET
250 Resetting
MAIL FROM:<HexValidEmail[at]hexillion.com>
250 HexValidEmail[at]hexillion.com....Sender OK
RCPT TO:<hextest6818[at]live.com>
550 Requested action not taken: mailbox unavailable
RCPT TO:<bmwgroup023[at]live.com>
250 bmwgroup023[at]live.com
RSET
554 Transaction failed
QUIT

So, 'drop box' still 'live', 'scuse the pun.

Microsoft Windows XP [Version 5.1.2600]
Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Steve>whosip 65.54.244.232

WHOIS Source: ARIN
IP Address: 65.54.244.232
Country: USA - Washington
Network Name: MICROSOFT-1BLK
Owner Name: Microsoft Corp
From IP: 65.52.0.0
To IP: 65.55.255.255
Allocated: Yes
Contact Name: Microsoft Corp
Address: One Microsoft Way, Redmond
Email: iprrms[at]microsoft.com
Abuse Email: abuse[at]msn.com
Phone: +1-425-882-8080
Fax:

C:\Documents and Settings\Steve>

So, ARIN record says abuse[at]msn.com FWIW (probably very little - they can't even get their 'stern warning' right. you may have noticed:
"220 ... Violations will result in use of equipment located in California and other states. ..."
Whiskey Tango Foxtrot? - as we used to ask.

Oh yes - hextest on abuse[at]msn.com says it is accepted, for whatever that is worth.


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
StevenUnderwood
post Nov 10 2008, 12:28 PM
Post #14


What Life?
Group Icon

Group: Membersph
Posts: 5208
Joined: 20-January 04
From: Whitinsville, MA USA
Member No.: 12



QUOTE(Farelf @ Nov 10 2008, 09:43 AM) *
they can't even get their 'stern warning' right. you may have noticed:
"220 ... Violations will result in use of equipment located in California and other states. ..."
Whiskey Tango Foxtrot? - as we used to ask.

Sounds like a remote DOS attack. You violate their rules and they will begin using machines in CA and other states (IMG:style_emoticons/default/smile.gif)


--------------------
Steven P. Underwood, DNRC
Whitinsville, MA
underwood+forum[at]spamcop.net

-No trees were killed in the sending of this message. However, a large number of electrons were terribly inconvenienced.-
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Nov 10 2008, 04:14 PM
Post #15


What Life?
Group Icon

Group: Membersph
Posts: 6527
Joined: 23-February 04
From: Western Australia
Member No.: 491



QUOTE(StevenUnderwood @ Nov 11 2008, 02:28 AM) *
Sounds like a remote DOS attack. You violate their rules and they will begin using machines in CA and other states (IMG:style_emoticons/default/smile.gif)
(IMG:style_emoticons/default/laugh.gif) Nothing is inconceivable - that may be right.


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Nov 10 2008, 06:50 PM
Post #16


What Life?
Group Icon

Group: Membersph
Posts: 6527
Joined: 23-February 04
From: Western Australia
Member No.: 491



And, noting once more *, feeding the drop box address into the parser produces two abuse-handler addresses:
http://www.spamcop.net/sc?track=bmwgroup023%40live.com
QUOTE
Parsing input: bmwgroup023[at]live.com
Reporting addresses:
abuse[at]msn.com
report_spam[at]msn.com
Maybe they will reject on 'spam content' too - nothing about M$ should surprise. But, more addresses to try.


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
neviller
post Nov 13 2008, 03:51 AM
Post #17


Member
**

Group: Members
Posts: 11
Joined: 6-January 08
Member No.: 8404



For months, I have been reporting spams with live.com (etc) reply-to addresses to report_spam[at]live.com or, as appropriate, Report_spam[at]hotmail.com or
report_spam[at]msn.com. I just used to get an auto-acknowledgement.

However, since 29 October I receive 2 emails each time: one acknowledgment and one rejection. I don't know which to believe.

The acknowledgement says:

QUOTE
Thank you for reporting spam to the MSN Hotmail Support Team. This is an auto-generated response to inform you that we have received your submission. MSN Hotmail makes ongoing efforts to stop spam. Appropriate actions will be taken. Please note that you will not receive a reply if you respond directly to this message.

Report_spam[at]hotmail.com and report_spam[at]msn.com are accounts set up specifically to process spam reports and punish spammers. This account is NOT intended for reporting of other forms of abusive e-mails.

If you have received an abusive e-mail which falls under but is not limited to the below categories, please resubmit your report to abuse[at]hotmail.com or abuse[at]msn.com depending on the spammer’s domain (MSN or Hotmail).

Abusive e-mail includes but is not limited to:

• Child exploitation/pornography threats
• Harassment
• Impersonation of an institution (such as a bank or government agency or charity), also known as Phishing
• Issues relating to account credentials being compromised (hacked)


Then the rejection notice say:

QUOTE
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com



Reporting-MTA: dns;BAY0-XMR-004.phx.gbl
Received-From-MTA: dns;BAY0-XMR-004.phx.gbl
Arrival-Date: Wed, 12 Nov 2008 23:49:03 -0800

Final-Recipient: rfc822;HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;550 5.7.1 <Your e-mail was rejected by an anti-spam content filter on gateway (131.107.115.214). Reasons for rejection may be: obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.>


I tried re-submitting and deleting the spam indicators set by my ISP in the headers, and even "Dear Sir/Madam" from the text of the spam, but I still get a rejection notice as well as an acknowledgement.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
turetzsr
post Nov 13 2008, 09:32 PM
Post #18


What Life?
Group Icon

Group: Membersph
Posts: 5110
Joined: 26-January 04
From: Michigan USA
Member No.: 59



QUOTE(neviller @ Nov 13 2008, 03:51 AM) *
<snip>
I receive 2 emails each time: one acknowledgment and one rejection. I don't know which to believe.
<snip>
...Not being an expert, I'm taking a guess here: the Microsoft incoming e-mail system is first seeing your e-mail coming into their system, then generating an acknowledgement, then filtering your e-mail and rejecting it as "spammy" and sending you the rejection notice. My tentative conclusion would be that it is not getting to the appropriate party and that you should therefore seek an alternate mode of communication.
...Good luck!


--------------------
..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Devilwolf
post Nov 17 2008, 05:10 PM
Post #19


Member
**

Group: Members
Posts: 93
Joined: 28-August 05
Member No.: 4499



I've been getting a ton of African/UK/ChiCom 419 and lottery spam that wants me to email all my banking and personal info to a msn, live, or hotmail acct, and I often get those bounces also.

One alternate if you just want to be snarky... file a compliant with the Washington State DA against M$ for false advertising - they advertise they don't support spam - but they refuse to take complaints about the spammers.... Fax a copy of your complaint to their corporate lawyer (IMG:style_emoticons/default/biggrin.gif)

I find it really annoying when ISP put spam filters on their spam reporting addresses.

So is most of your phishing spam being sent thru godaddy's email servers?
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

- Lo-Fi Version Time is now: 20th August 2014 - 07:21 PM