Jump to content
Sign in to follow this  
Rusty_H

Gmail accounts being used as "Reply to" in spam.

Recommended Posts

I frequently receive spam in which a Gmail address is used as the Reply to address. Spamcop doesn't filter for this, apparently.

So I manually go to the Gmail spam reporting site, https://support.google.com/mail/contact/abuse?rd=1 , and manually paste the headers, names and body into their form.

In the comments section I paste the Spamcop URL.

Is it reasonable to ask SpamCop and Google to work together? Spamcop has many arrangements with other vendors.

TIA

Share this post


Link to post
Share on other sites

Rusty,

SpamCop does not send reports to the Reply-To: address in spam because it is not a verifiable address and is often/always forged by spammers.

SpamCop does use the verifiable parts of the Received: header to trace back to the source of the spam.

A large part of the spam I receive has my address in the Reply-To: or Return-Path: thinking that this may be a way to get past any filters.

Share this post


Link to post
Share on other sites

Rusty,

SpamCop does not send reports to the Reply-To: address in spam because it is not a verifiable address and is often/always forged by spammers.

SpamCop does use the verifiable parts of the Received: header to trace back to the source of the spam.

A large part of the spam I receive has my address in the Reply-To: or Return-Path: thinking that this may be a way to get past any filters.

Thanks. This all I know. My position is this. The spammers, usually 419 or phish, need an avenue to complete their ruse. They are not so stupid to spam w/o a way to complete their mission.

So I conclude the Gmail addresses, sometime in the Reply To: or in the body, are valid Gmail accounts. Gmail has a way to report them. All I ask is an agreement between SC and Google to report.

Here's an example where SC has done this: [fbl-spamcop[at]ext.godaddy.com].

Thanks again.

Share this post


Link to post
Share on other sites

There is noting to keep you from adding Google to the list of where reports are sent with a note as to why you are sending the report.

Currently SpamCop has three objectives as stated here many times.

1) building a SC block list that can be used by ISP's to filter out probable spammers from their clients email. All the spam you submit adds (negatively) to the reputation of the IP source of the email spam.

Secondly 2) SpamCop tries to identify a valid abuse address for the source ISP of the spam and other upstream nodes and send them a copy of the spam report. Optimistically the objective is to provide responsible service providers with the information necessary to protect their reputation, the reputation of the IP's they control and maintain quality service for their clients that are good internet citizens. Sometimes a) a viable abuse address can not be identified. Or b ) it is known that the ISP gives the spam report to the spammer or c) the abuse address has ask SpamCop NOT to send them spam reports. In these cased SpamCop does not send the report but instead sends the report to devnull.spamcop.net, the bit bucket.

Although not part of your question, thirdly 3) if processor time is available SpamCop tries to identify the websites referenced in the spam and send reports to their service providers/host. Again optimistically hoping the ISP is a responsible member of the internet and will take appropriate action.

What you are suggesting is a forth task: sending reports to service providers of unverifiable email addresses, that may or may not link back to the source of the spam. Past experience (at least mine) indicates the Reply-To: and/or Return-Path: addresses, though valid addresses, are forged. This would put SC in the position of frequently falsely accusing some innocent party. SC does, as in its three task, try to error of the conservative side to minimize false positives.

That of course is JMHO

There is a forum here New Feature Request designed to send suggestions to the powers that be. That would be more direct that here in the Lounge.

Share this post


Link to post
Share on other sites

There is noting to keep you from adding Google to the list of where reports are sent with a note as to why you are sending the report. <snip>

Thanks so much. I've used SpamCop for ages but never got past [√ ] spam[at]uce.gov. I would love to add such an address for Google without needing to cut/paste on their site. Sort of [ ] x[at]google com.

I appreciate your suggestion for the new features.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×