simbalion

Why does abuse@amazonaws.com get /dev/null?

17 posts in this topic

I understand that sometimes reports are sent to /dev/null because the abuse@ address has requested they not be sent any longer, but is that not an abdication of their responsibilities?

For a hosting company in particular, keeping on top of which systems are sending spam is vital to ensuring the security of their network, since spam most often originates from compromised servers. The abuse@ person should not be permitted to hide from the reports.

Is this the reason abuse@amazonaws.com gets /dev/nulled or is it some other reason? And when a network provider has decided to neglect it's obligation to police it's own infrastructure, does that reflect negatively on their reputation?

Share this post


Link to post
Share on other sites
Quote

I understand that sometimes reports are sent to /dev/null because the abuse@ address has requested they not be sent any longer, but is that not an abdication of their responsibilities?

Yes, obviously.  But SpamCop can not force an email hosting company to accept help.

Quote

For a hosting company in particular, keeping on top of which systems are sending spam is vital to ensuring the security of their network, since spam most often originates from compromised servers. The abuse@ person should not be permitted to hide from the reports.

If abuse{AT} has requested not to receive spam reports, sending them unwanted report email(s), fits the definition of spam. SpamCop does not want contribute to the volume spam in the system.

Quote

Is this the reason abuse@amazonaws.com gets /dev/nulled or is it some other reason? And when a network provider has decided to neglect it's obligation to police it's own infrastructure, does that reflect negatively on their reputation?

Yes, and Yes.

Share this post


Link to post
Share on other sites
59 minutes ago, Lking said:

If abuse{AT} has requested not to receive spam reports, sending them unwanted report email(s), fits the definition of spam. SpamCop does not want contribute to the volume spam in the system.

Respectfully, I disagree. That does not even fit the definition on the SpamCop website.

spam is unsolicited bulk email.

While abuse reports are certainly unsolicited, they aren't bulk. And therefore they aren't spam. Further, why should the negligent administrators get a free pass from having to deal with the headaches caused by spammers they are permitting to operate? For every 1 email their spammers send, they should have to read at least 1 email themselves, preferably more, until the problem is dealt with.

Regarding reputation, if Amazon AWS, a gigantic hosting company, has been doing nothing about spam on it's network, then surely there must be a ton of spam coming from it's network, why aren't they blacklisted by now?

Sendgrid is another company I've noticed that is being /dev/nulled. They're a bulk email company, so it seems even more despicable that they should somehow not have to take responsibility for their actions. In the case of Sendgrid, the spam I've received from them has unsubscribe links but they do not function, which is a violation of the CAN-spam act and should be getting reported to them, but because of the /dev/null policy requires I send them a unique email every time which is a _huge_ inconvenience and probably ensures that they receive far fewer reports than the problems justify.

I understand SpamCop doesn't want to be seen as hostile or troublesome, but where is the harm in shaking things up a little? spam is a problem because of negligent administrators, more than any other reason. I don't think those administrators should be given a pass, no matter how large their employing organizations are.

Share this post


Link to post
Share on other sites

You are correct, I misspoke. A spam report is not bulk email. However, there is no purpose to sending an email that can easily be filtered out.  Why spend the cpu resources/bandwidth to send an email that will be ignored/deleted without being read?  Having received 182,861 reported spam in the last 24hrs (when I looked) from users/spam traps, SpamCop has other things to do; Look at the "New Feature Request" forum.

As posted here several times, the priorities set by SpamCop are:

  1. Correctly identify the IP address of the source of spam to support the SpamCop Blocklist used by others to divert suspected spam from client inbox to a "spam" folder for later review.
  2. As a service to those reporting spam to SpamCop, send spam Reports to the admin of the source of the offending email. If the policies implemented in this service don't meet a submitter's needs they are free to send the reports to others.
  3. Identify links in the body of the spam and send spam Reports to the admin of the "spamvertised" domains.

Another motivation for administrators is money.  Depending on the economics there are not enough spam Reports to cause a change in action.  JMHO as a volunteer here.

Thank you for your contribution to the spam fight.  It can be frustrating. We all do want we have the motivation and resources to do.

Share this post


Link to post
Share on other sites

I understand your counter and I agree with you, when resources are considered, and when the company is going to /dev/null them anyway, then it does make sense.

At least in the case of SendGrid, I believe the /dev/null practice should be stopped. This email I received from their abuse department suggests not only do they "Take seriously" reports of spam from their customers, but encourages me to continue sending reports of unsolicited email from their network. That sounds like they want to receive SC reports. Can we end the /dev/null on their emails?

I've quoted the email I received below.

Hello,

Thank you for taking the time to report this spam message to the SendGrid Compliance team. Reports like yours allow us to be aware of users who are not following our terms of service, and we greatly appreciate them so that we may take action on your behalf in order to ensure that our services are not being used for the sending of unrequested email. We take user complaints very seriously and do not tolerate spamming, and as such we are moving forward by investigating the practices and email policies of this user.

Thanks again for sending us this report, and please continue to do so in the future with other unsolicited messages you may receive from SendGrid so that we may work to keep our services free from this type of activity.

Kind regards,
SendGrid Compliance

Share this post


Link to post
Share on other sites

Things may have changed sense the /dev/null setting was set. I would suggest posting, including IP addresses, abuse{AT} email, example of SendGrid's response, to the <SpamCop Reporting Help> <Routing / Reporting Address Issues> sub forum. 

Share this post


Link to post
Share on other sites

I will do that. One last question, is the reputation score change finalized from when the emails are forwarded, or only after I click the 'send report' button?

I am tired of sending reports when many of them get /dev/nulled, and if that part of the process isn't necessary for the core function of spamcop then I might lower it on my priority list.

Share this post


Link to post
Share on other sites

When you click "send report."  The person submitting the spam should be reviewing where the reports are going and "un-check" any reports that are not appropriate. For example, if a The New York Times article was referenced in the body of the spam there would be no point in sending a report to the Times, or to be sure a reconfiguration of you mail server doesn't result in you reporting yourself.  The "Checked" /dev/null reports are not sent but retained for statistical analysis.

Share this post


Link to post
Share on other sites
On den 26 september 2016 at 4:42 PM, Lking said:

Yes, obviously.  But SpamCop can not force an email hosting company to accept help.

If abuse{AT} has requested not to receive spam reports, sending them unwanted report email(s), fits the definition of spam. SpamCop does not want contribute to the volume spam in the system.

Yes, and Yes.

Could you not report the network host to ICANN or someone else?

 

On den 26 september 2016 at 7:49 PM, Lking said:

You are correct, I misspoke. A spam report is not bulk email. However, there is no purpose to sending an email that can easily be filtered out.  Why spend the cpu resources/bandwidth to send an email that will be ignored/deleted without being read?  Having received 182,861 reported spam in the last 24hrs (when I looked) from users/spam traps, SpamCop has other things to do; Look at the "New Feature Request" forum.

As posted here several times, the priorities set by SpamCop are:

  1. Correctly identify the IP address of the source of spam to support the SpamCop Blocklist used by others to divert suspected spam from client inbox to a "spam" folder for later review.
  2. As a service to those reporting spam to SpamCop, send spam Reports to the admin of the source of the offending email. If the policies implemented in this service don't meet a submitter's needs they are free to send the reports to others.
  3. Identify links in the body of the spam and send spam Reports to the admin of the "spamvertised" domains.

Another motivation for administrators is money.  Depending on the economics there are not enough spam Reports to cause a change in action.  JMHO as a volunteer here.

Thank you for your contribution to the spam fight.  It can be frustrating. We all do want we have the motivation and resources to do.

Regarding 3) plenty of spam use URL shorteners services and redirection links. One have to manually report to the network provider for the destination domain since Spamcop can't recognize such spam. And those webhost companies providers often neglect any responsibility if their domain isn't explicit visible in the body of the e-mail. Not even if doing it through their abuse form will they care.

Edited by klappa

Share this post


Link to post
Share on other sites
1 hour ago, klappa said:

Could you not report the network host to ICANN or someone else?

See the work of KnujOn for an opinion of the effectiveness of ICANN compliance.  In paticular "ICANN and your spam" page 5

Share this post


Link to post
Share on other sites
On den 29 september 2016 at 4:37 PM, Lking said:

See the work of KnujOn for an opinion of the effectiveness of ICANN compliance.  In paticular "ICANN and your spam" page 5

That's unfortunate. Had problems with both Cloudflare and Name.com ignoring my requests recently and now i have nowhere to complain.

Share this post


Link to post
Share on other sites

This is a situation where despair is all to easy to overcome you.  I submit all my spam to SpamCop, KnujOn and acma.gov.au.  This supports the work of KnujOn to change the effectiveness of ICANN (the long game) and help build the SpamCop block list to protect email users now (the short game).

'Hang in there' is all I can suggest.

Share this post


Link to post
Share on other sites
18 hours ago, Lking said:

This is a situation where despair is all to easy to overcome you.  I submit all my spam to SpamCop, KnujOn and acma.gov.au.  This supports the work of KnujOn to change the effectiveness of ICANN (the long game) and help build the SpamCop block list to protect email users now (the short game).

'Hang in there' is all I can suggest.

Thank you for you compassion ;) I contacted the law enforcement in that country where the spam originates from. Hopefully they will do something about it. Those damn web domain hosts that ignores my spamcop and even their own abuse form reports can go to hell!

Edited by klappa

Share this post


Link to post
Share on other sites
6 hours ago, klappa said:

Those damn web domain hosts that ignores my spamcop and even their own abuse form reports can go to hell!

I will bring the grease to help them on their way!

Share this post


Link to post
Share on other sites
On den 2 oktober 2016 at 6:15 PM, Lking said:

I will bring the grease to help them on their way!

Haha! That will hopefully let them out of their arse!

Edited by klappa

Share this post


Link to post
Share on other sites

amazonaws should be blacklisted at as many places as possible.  Email to abuse@amazonaws.com does go through - I've done it myself.  They even respond.  But, even when they are sent full headers of a message they claim: "Thank you for your abuse report. We were unable to identify the customer responsible for the reported activity. Due to the frequency with which AWS public IP addresses can change ownership, we will need additional information in order to identify the responsible customer(s)."

To me, this means that they are either running an open relay that anyone can use... or they are unable to view the logs to find the account logins to relate them back to the customer.  Or, alternatively, they simply don't care.  A significant portion of the spam I now receive comes from an amazonaws site.  And it doesn't look like it will stop because it's the same spam over and over... and amazonaws either refuses or is incapable of doing anything about it even when sent a complaint with full headers.

IMO, sites like this should be blacklisted with no way off that blacklist until they agree to take measures to stop the spam.

Share this post


Link to post
Share on other sites

A popular response I've had from places like Yahoo is "The most effective way of reporting spam is to use the report button" - I do, thanks to the Habul plugin for Thunerbird, and off go the reports to Spamcop, Knujon, and a couple of other places.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now