Jump to content
Sign in to follow this  
GeoffL

Facebook - no valid abuse addresses

Recommended Posts

Not strictly Spamcop-related, but they are bouncing mail to their registered abuse addresses...

I'm on the committee of a local community group and have set up an e-mail distribution list for the committee to be able to communicate between meetings. The committee e-mail address is closed (i.e. only list members may post to it). Somebody has created a Facebook account for that email address, so I'm now getting a trickle of messages from Facebook about the account and also people asking to become "Facebook Friends". Since I've no idea who created the account, and the person who did hasn't 'fessed up, I can't access the account name or password to be able to delete it. So the only thing I could think of was to write to the abuse addresses for Facebook.com, explain the issue, and ask that they delete the account.

Using "whois -h whois.abuse.net" to obtain abuse addresses for facebook.com and for facebookmail.com returns two addresses: abuse[at]facebook.com and postmaster[at]facebook.com. So that's where I sent my message. Several days later I got replies back stating that those addresses are no longer available. The reply contained several links, but I can't use them as they all redirect to Facebook's logon page and I don't have a Facebook account. However, the reply came from abuse+0cjj0rn[at]support.facebook.com, so I resent my message to that address together with an explanation of why I was writing to them. Today I got another message from abuse+0cjj0rn[at]support.facebook.com saying that address was also no longer available with the same set of useless links.

Using whois, it seems that Facebook's registrars are markmonitor.com - but I don't know if that's their upstream providers and thus whether e-mailing them would do any good. Also, I don't know whether having a valid abuse address is an ICANN requirement and so whether I have just cause to complain to them.

It seems ridiculous that such an organisation, who by their very nature would be a likely vector for abuse, don't have valid abuse addresses. So I'd like to pursue this further and hence would appreciate advice on how to proceed.

TIA,

Geoff

Share this post


Link to post
Share on other sites

Using the Help link at the bottom of the Facebook login page I was able to find several links dealing with abuse, impostor accounts, etc. Of those, a few pertain to reporting when the reporter does not have a Facebook account of their own. There was also an entry that mentioned that a confirmation email for a new account is sent to, and has to be accepted/confirmed from the registered address before an account would be established.

You can try the form to report an impostor account at: http://www.facebook.com/help/contact.php?s...mpostor_profile

...or choose another help category there as needed. I wasn't aware of any external user email system when I last used the site. There may not be a normal abuse reporting address, as the only email sent should be system generated. Good luck.

Share this post


Link to post
Share on other sites

Many thanks. The best I could do was search for "abuse" and find the FAQ article that gave a link which it claimed you can use to report abuse should you not have a facebook account. However, the link in that FAQ took me straight back to the logon page!

The form to which your link took me requires me to identify the Facebook profile of the imposter. Unfortunately, to do that seems to require me to be logged on as I can't apparently use the search otherwise.

For info, I've just gone back through the messages that I've been receiving (attached to the notifications that my mail server generates) and found an unsubscribe link that didn't ask me to log on to the unauthorised account. So at least I hope I've been able to unsubscribe from notifications. Nonetheless, it irks me that somehow someone's managed to sign up a "closed" mailing list when no "click here to activate" message was received at that address.

Geoff

Share this post


Link to post
Share on other sites

I believe if you just click on the forgot password link on facebook, it will send the password to the registered email address. Then you should be able to login and delete the account without any problems. However, keep in mind that a lot of the "facebook friend request" type emails are not really from facebook and are nothing more than phishing scams.

Share this post


Link to post
Share on other sites

Thanks. There was a slight hiccough in deleting the Facebook account in that my mail server bounced the confirmation message they sent to reset the password, but I managed to recover the message from my server logs. The account has been deactivated and will be permanently deleted in 14 days. While this should resolve my particular case, it doesn't solve the general problem of invalid abuse addresses - but I guess that's a battle I won't be able to win!

WRT the phishing scams apparently from Facebook, I've received a lot of those. The links in phishing attempts go to somewhere other than facebook.com. So I'm confident that the messages to which I referred up-thread are from Facebook.

Thanks again

Share this post


Link to post
Share on other sites

Well, it looks like facebook.com is already listed at rfc-ignorant.org for invalid abuse address and bad whois data. I know several mail admins that use rfc-ignorant.org listings as part of a weighted spam filter, so maybe they will eventually work to resolve them (though I doubt it, it seems that many larger internet companies seem to be of the opinion that RFCs do not apply to them).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×