Sign in to follow this  
Followers 0
knightshade

reports to amazonaws

16 posts in this topic

I'm seeing that one of my pet spammers has adopted using a redirect via an amazonaws web page, presumably because it adds another level of obsfucation to hide/protect their target URL (https & the URL in the spam uses POST to pass a name & id string if the recipient is unwise enough to click through)...

This raised a couple of questions/observations:

Currently, SC reports to ec2-abuse#amazon.com[at]devnull.spamcop.net (apparently devnulls at amazon's request) & email-abuse[at]amazon.com.

Looking at amazon's own reporting page at portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse , this references abuse[at]amazonaws.com - I'm wondering if the latter email address is equivalent to email-abuse[at]amazon.com, or ought to be used instead of/as well as?

The reporting form on that same page indicates that, if used, amazon forward the complaint details to the EC2 customer (aka the spammer), which 'aint such a good idea - *sighs*...

Is there a way to safely follow the redirect (in order to try to manually report the destination URL)? The usual techniques (urlquery etc) don't work as that target URL is protected by whatever scripting sits behind the amazonaws URL in the spam...

Here's the SC tracking URL for any folks so inclined to have poke around:

spamcop.net/sc?id=z6139877106z19ab51f56290487899361dbdef5efc87z

Edited by knightshade

Share this post


Link to post
Share on other sites

<snip>

Currently, SC reports to ec2-abuse#amazon.com[at]devnull.spamcop.net (apparently devnulls at amazon's request) & email-abuse[at]amazon.com.

Looking at amazon's own reporting page at portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse , this references abuse[at]amazonaws.com - I'm wondering if the latter email address is equivalent to email-abuse[at]amazon.com,

&nbsp &nbsp&nbsp&nbsp&nbsp Not exactly; please see SC FAQ article "Reports sent to SpamCop addresses". Note that, as you suggest may be true in this case, SC may do this by request of the abuse address owner but it may also be, as you also hypothesize may be the case here, because the abuse address owner forwards the reports to the spammer.

or ought to be used instead of/as well as?

&nbsp &nbsp&nbsp&nbsp&nbsp SC won't but you may do that manually.

Share this post


Link to post
Share on other sites

       Not exactly; please see SC FAQ article "Reports sent to SpamCop addresses". Note that, as you suggest may be true in this case, SC may do this by request of the abuse address owner but it may also be, as you also hypothesize may be the case here, because the abuse address owner forwards the reports to the spammer.

I was going by Don's comment in this thread, which indicated it was Amazon's choice:

http://forum.spamcop.net/forums/topic/14731-ec2-abuse-amazoncomatdevnullspamcopnet-email-abuse-amazoncomatdevnullspamcopnet/#entry91712

But forwarding to the spammer remains a good reason.

       SC won't but you may do that manually.

Well, part of the reason for posting that detail was as a possible suggestion aimed at any SC admin that may come across the thread.

I already do much outside of SC - it's only 1 tool in the arsenal... ;) However, reporting within SC is still preferable, because doing so eliminates both a manual forward & any need to repeat the obscuring of trackable stuff like email addresses, which SC already does a reasonable job of.

Edited by knightshade

Share this post


Link to post
Share on other sites

<snip>

However, reporting within SC is still preferable, because doing so eliminates both a manual forward & any need to repeat the obscuring of trackable stuff like email addresses, which SC already does a reasonable job of.

&nbsp &nbsp&nbsp&nbsp&nbsp True, that! You could add abuse[at]amazonaws.com (or any other address, for that matter) to your Preferences | "Report Handling Options" | "Public standard report recipients" so you can easily send a report using SC's parser/ reporting mechanism.

Share this post


Link to post
Share on other sites

       True, that! You could add abuse[at]amazonaws.com (or any other address, for that matter) to your Preferences | "Report Handling Options" | "Public standard report recipients" so you can easily send a report using SC's parser/ reporting mechanism.

Is there a way to add a recipient to individual spam reports?

I already use the report handling functions to automatically forward a copy of every spam to knujon, but not every spam I get is connected to amazonaws - it would be nice if specfic email addresses could be included for individual spam reports (and even better if SC could offer a drop-down menu of previously selected addresses).

Does SC have a suggestion box? :)

Edited by knightshade

Share this post


Link to post
Share on other sites

Is there a way to add a recipient to individual spam reports?

&nbsp &nbsp&nbsp&nbsp&nbsp Preferences | "Report Handling Options" | "Public standard report recipients." The SC parser then adds to each parse an option to send to this receipient; you simply uncheck it for those spam that do not come from amazonaws and turn the check mark on for those that do!

<snip>

Does SC have a suggestion box? :)

&nbsp &nbsp&nbsp&nbsp&nbsp This Topic will do but the "official" place for feature requests is the "New Feature Request" SC Forum.

Share this post


Link to post
Share on other sites

Is there a way to add a recipient to individual spam reports?

I pay for SpamCop reporting and when I submit a report via web it has this?

Check the "Show technical details" box not sure if this feature is available in free reporting?

Share this post


Link to post
Share on other sites

I pay for SpamCop reporting and when I submit a report via web it has this?

Check the "Show technical details" box not sure if this feature is available in free reporting?

Yes, it is (I do not pay and I have this option set), but I don't believe this helps knightshade accomplish the goal to "add a recipient to individual spam reports."

Share this post


Link to post
Share on other sites

Yes, it is (I do not pay and I have this option set), but I don't believe this helps knightshade accomplish the goal to "add a recipient to individual spam reports."

Under "Preferences" click

"Report Handling Options"

look at

Personal copies of outgoing reports

or

Public standard report recipients

Share this post


Link to post
Share on other sites

       Preferences | "Report Handling Options" | "Public standard report recipients." The SC parser then adds to each parse an option to send to this receipient; you simply uncheck it for those spam that do not come from amazonaws and turn the check mark on for those that do!

Thanks! I did not realize that addresses added to this field would then be offered as optional (defaulted off) copy-to forwards - I thought they'd just automatically be always forwarded, or that I'd have to keep clicking them off when not required. This option effectively achieves the goal, though (note for interested parties reading in the future) it requires a comma separated email address list, not a space separated one.

I pay for SpamCop reporting and when I submit a report via web it has this?

Check the "Show technical details" box not sure if this feature is available in free reporting?

It shows up on the cut'n'paste reporting form, but not on the form you get when you click on 'Use links to finish spam reporting' in the email from SC. I always use the link in the SC emails, so I've never messed with 'Show Technical Details' - what exactly does this provide? (Just sating my curiousity now - turetzr's suggestion does what was required.)

Share this post


Link to post
Share on other sites

<snip>

(note for interested parties reading in the future) it requires a comma separated email address list, not a space separated one

&nbsp &nbsp&nbsp&nbsp&nbsp The field also has an undocumented 100 character limit, including spaces and commas.

<snip>

It shows up on the cut'n'paste reporting form, but not on the form you get when you click on 'Use links to finish spam reporting' in the email from SC. I always use the link in the SC emails, so I've never messed with 'Show Technical Details' - what exactly does this provide? (Just sating my curiousity now - turetzr's suggestion does what was required.)

&nbsp &nbsp&nbsp&nbsp&nbsp The easiest way to see is to turn on the feature. You do this with a different option under Preferences | "Report Handling Options" -- "Show Technical Details during reporting."

Share this post


Link to post
Share on other sites

       The field also has an undocumented 100 character limit, including spaces and commas.

Useful to know - thanks.

       The easiest way to see is to turn on the feature. You do this with a different option under Preferences | "Report Handling Options" -- "Show Technical Details during reporting."

Gotcha. Actually, I think I may have played with that in the past.

Share this post


Link to post
Share on other sites

       Not exactly; please see SC FAQ article "Reports sent to SpamCop addresses". Note that, as you suggest may be true in this case, SC may do this by request of the abuse address owner but it may also be, as you also hypothesize may be the case here, because the abuse address owner forwards the reports to the spammer.

       SC won't but you may do that manually.

Thanks! I did not realize that addresses added to this field would then be offered as optional (defaulted off) copy-to forwards - I thought they'd just automatically be always forwarded, or that I'd have to keep clicking them off when not required. This option effectively achieves the goal, though (note for interested parties reading in the future) it requires a comma separated email address list, not a space separated one.

It shows up on the cut'n'paste reporting form, but not on the form you get when you click on 'Use links to finish spam reporting' in the email from SC. I always use the link in the SC emails, so I've never messed with 'Show Technical Details' - what exactly does this provide? (Just sating my curiousity now - turetzr's suggestion does what was required.)

Use link to finish spam reporting? How does that work?

Share this post


Link to post
Share on other sites

Hi, klappa,

&nbsp &nbsp&nbsp&nbsp&nbsp If I understand correctly, knightshade was referring to a feature of submitting spam via e-mail. For more information about this, please see SC Forum Topic "How do I submit spam via email?"

Share this post


Link to post
Share on other sites

Has anyone ever seen Amazon shut down a spammer? I have a fairly persistent one called "trueventus.com" whom I keep reporting and whom Amazon keep ignoring.

I cannot say for certain that they quietly promote the ability to spam without fear of being blocked as one of the advantages of their cloud services. It is certain that I have quite a few reports of the various spammers, with "trueventus.com" and "localcounselcollective.com" being the most noteworthy, all ignored by Amazon.

[paid spamcop user for a decade or so]

Edited by tanner

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0