Jump to content

Nigerian and United States of American

Lking

By Lking
in SpamCop Lounge

Recommended Posts

Farelf What Life?

Farelf

Posted
Posted
...There was an other posting here where the "FBI" is using gmail to contact "victoms" but I can't find it right now. ...
Plenty of FBI impersonations going back for years but I'm not sure which might have gmail dropbox(es). Heck, this latest gmail address - at least - is still functional. I would like to think that is an ominous sign for the scammer.
Link to comment
Share on other sites
epgeek Member

epgeek

Posted
Posted
Plenty of FBI impersonations going back for years but I'm not sure which might have gmail dropbox(es). Heck, this latest gmail address - at least - is still functional. I would like to think that is an ominous sign for the scammer.

How can you tell if a gmail address is still functional w/o actually sending a message to that address? I'm getting a ton of 419 scam email, and I report them when they are gmail, live, or another semi responsible email outfit. However I am never sure if they really close the account, and would like to know a simple/safe way to check on it to see if its still "functional"???

Link to comment
Share on other sites
Miss Betsy T-shirt wearing out

Miss Betsy

Posted
Posted

I don't know how to check safely if they are still 'functional' but I suspect that yahoo, hotmail, gmail really do close drop boxes. Also, I did get a confirmation from an .edu that they appreciated the report.

So I think it is worth it 'to protect the gullible.'

Miss Betsy

Link to comment
Share on other sites
rconner Been There

rconner

Posted
Posted
How can you tell if a gmail address is still functional w/o actually sending a message to that address?
The best you could do is to try an SMTP session with the Google MX server. If the server rejects the attempt due to undeliverable address, you have your answer. If it does not reject, you can't really be sure (the address may or may not be delivered, you have no way to know).

There is a web service that will help you do this, I don't remember where it is at the moment (Farelf?). If you can speak SMTP, you can put together a scri_pt to do this, and then cancel before the DATA step (by which time you should have your answer).

The question arises, however, of what you would do with this information. Seems to me that once you notify Google, you've done about all you can do. The rest is up to Google. Bear in mind that it might take awhile for them to follow through.

-- rick

Link to comment
Share on other sites
Farelf What Life?

Farelf

Posted
Posted
...There is a web service that will help you do this, I don't remember where it is at the moment (Farelf?). ...
Hey, sorry people, especially epgeek, I totally missed that follow-up query. Yes, I use http://hexillion.com/asp/samples/ValidateEmail.asp which gives the SMTP session log and allows for the testing of 'catch-all' on the exchange, confirmation of the exchange IP address, etc.

[on edit - it is not inconceivable that authorities might request drop-boxes with a major provider be tapped and left open for the collection of evidence, setting up 'stings', whatever lawful enforcement activities they might wish to use. Certainly *that* one remains functional at the time of posting. At the very least, it would be great if the 419-ers have to worry about the possibility.]

Link to comment
Share on other sites
Miss Betsy T-shirt wearing out

Miss Betsy

Posted
Posted

Sometimes abuse desks will tell you that the email address has been deleted per TOS. Other times, they just say that the matter has been dealt with 'appropriately' - which can mean that their investigation found no wrongdoing or that the client has been denied access per TOS or, as Farelf (Stephen) mentioned, it might be left open as part of a 'sting' so that they, or others, can collect evidence on the perpetuater.

Without a great deal of investigative work, there is little chance that you will change the abuse desk's decision so I have never had enough curiosity to learn how to use the tools to discover what they have done or whether they have done what they said they would do.

Hotmail filters seem to have discovered the IP addresses of the botnet that was delivering 419 scams because they have abated again. Either that or the drop boxes were not closed in time and the scammer is now reeling in his phishes. Now that does pique my curiosity - why does spam seem to run in cycles? I'd like to know which of my guesses is correct. But the only way to know would be to ask a spammer and so far I don't have enough courage to infiltrate their haunts. Maybe one of my 'old age' hobbies - learn the skills to be confident.

Miss Betsy

Link to comment
Share on other sites
rconner Been There

rconner

Posted
Posted
Yes, I use http://hexillion.com/asp/samples/ValidateEmail.asp which gives the SMTP session log and allows for the testing of 'catch-all' on the exchange, confirmation of the exchange IP address, etc.
That was the one I had in mind, I shall have to bookmark it. I actually used it earlier today for a 419 address ([at] Yahoo), and it works in the way I described above -- going through the SMTP process and then bailing out (with a RSET command) before actually delivering the body of the message. In this case, Yahoo did not explicitly reject the address -- but we don't know whether the message would have been delivered or not. As we know, many mail operators prefer to punt the duty of determining deliverability to a host inside the domain (i.e., an MDA), a practice that often leads to the dreaded delay-bounce. If we did send a message to the offending address, we might get a delay bounce, or we might get a reply from the crook, or we might get nothing at all (for reasons we will be unable to determine).

-- rick

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...