Why does abuse@amazonaws.com get /dev/null?

[simbalion]

I understand that sometimes reports are sent to /dev/null because the abuse@ address has requested they not be sent any longer, but is that not an abdication of their responsibilities?

For a hosting company in particular, keeping on top of which systems are sending spam is vital to ensuring the security of their network, since spam most often originates from compromised servers. The abuse@ person should not be permitted to hide from the reports.

Is this the reason abuse@amazonaws.com gets /dev/nulled or is it some other reason? And when a network provider has decided to neglect it's obligation to police it's own infrastructure, does that reflect negatively on their reputation?

[Lking]

Quote

I understand that sometimes reports are sent to /dev/null because the abuse@ address has requested they not be sent any longer, but is that not an abdication of their responsibilities?

Yes, obviously.  But SpamCop can not force an email hosting company to accept help.

Quote

For a hosting company in particular, keeping on top of which systems are sending spam is vital to ensuring the security of their network, since spam most often originates from compromised servers. The abuse@ person should not be permitted to hide from the reports.

If abuse{AT} has requested not to receive spam reports, sending them unwanted report email(s), fits the definition of spam. SpamCop does not want contribute to the volume spam in the system.

Quote

Is this the reason abuse@amazonaws.com gets /dev/nulled or is it some other reason? And when a network provider has decided to neglect it's obligation to police it's own infrastructure, does that reflect negatively on their reputation?

Yes, and Yes.

[simbalion]

59 minutes ago, Lking said:

If abuse{AT} has requested not to receive spam reports, sending them unwanted report email(s), fits the definition of spam. SpamCop does not want contribute to the volume spam in the system.

Respectfully, I disagree. That does not even fit the definition on the SpamCop website.

spam is unsolicited bulk email.

While abuse reports are certainly unsolicited, they aren't bulk. And therefore they aren't spam. Further, why should the negligent administrators get a free pass from having to deal with the headaches caused by spammers they are permitting to operate? For every 1 email their spammers send, they should have to read at least 1 email themselves, preferably more, until the problem is dealt with.

Regarding reputation, if Amazon AWS, a gigantic hosting company, has been doing nothing about spam on it's network, then surely there must be a ton of spam coming from it's network, why aren't they blacklisted by now?

Sendgrid is another company I've noticed that is being /dev/nulled. They're a bulk email company, so it seems even more despicable that they should somehow not have to take responsibility for their actions. In the case of Sendgrid, the spam I've received from them has unsubscribe links but they do not function, which is a violation of the CAN-spam act and should be getting reported to them, but because of the /dev/null policy requires I send them a unique email every time which is a _huge_ inconvenience and probably ensures that they receive far fewer reports than the problems justify.

I understand SpamCop doesn't want to be seen as hostile or troublesome, but where is the harm in shaking things up a little? spam is a problem because of negligent administrators, more than any other reason. I don't think those administrators should be given a pass, no matter how large their employing organizations are.

[Lking]

You are correct, I misspoke. A spam report is not bulk email. However, there is no purpose to sending an email that can easily be filtered out.  Why spend the cpu resources/bandwidth to send an email that will be ignored/deleted without being read?  Having received 182,861 reported spam in the last 24hrs (when I looked) from users/spam traps, SpamCop has other things to do; Look at the "New Feature Request" forum.

As posted here several times, the priorities set by SpamCop are:

1. Correctly identify the IP address of the source of spam to support the SpamCop Blocklist used by others to divert suspected spam from client inbox to a "spam" folder for later review.
2. As a service to those reporting spam to SpamCop, send spam Reports to the admin of the source of the offending email. If the policies implemented in this service don't meet a submitter's needs they are free to send the reports to others.
3. Identify links in the body of the spam and send spam Reports to the admin of the "spamvertised" domains.

Another motivation for administrators is money.  Depending on the economics there are not enough spam Reports to cause a change in action.  JMHO as a volunteer here.

Thank you for your contribution to the spam fight.  It can be frustrating. We all do want we have the motivation and resources to do.

[simbalion]

I understand your counter and I agree with you, when resources are considered, and when the company is going to /dev/null them anyway, then it does make sense.

At least in the case of SendGrid, I believe the /dev/null practice should be stopped. This email I received from their abuse department suggests not only do they "Take seriously" reports of spam from their customers, but encourages me to continue sending reports of unsolicited email from their network. That sounds like they want to receive SC reports. Can we end the /dev/null on their emails?

I've quoted the email I received below.

Hello,

Thank you for taking the time to report this spam message to the SendGrid Compliance team. Reports like yours allow us to be aware of users who are not following our terms of service, and we greatly appreciate them so that we may take action on your behalf in order to ensure that our services are not being used for the sending of unrequested email. We take user complaints very seriously and do not tolerate spamming, and as such we are moving forward by investigating the practices and email policies of this user.

Thanks again for sending us this report, and please continue to do so in the future with other unsolicited messages you may receive from SendGrid so that we may work to keep our services free from this type of activity.

Kind regards,
SendGrid Compliance

[Lking]

Things may have changed sense the /dev/null setting was set. I would suggest posting, including IP addresses, abuse{AT} email, example of SendGrid's response, to the <SpamCop Reporting Help> <Routing / Reporting Address Issues> sub forum. 

[simbalion]

I will do that. One last question, is the reputation score change finalized from when the emails are forwarded, or only after I click the 'send report' button?

I am tired of sending reports when many of them get /dev/nulled, and if that part of the process isn't necessary for the core function of spamcop then I might lower it on my priority list.

[Lking]

When you click "send report."  The person submitting the spam should be reviewing where the reports are going and "un-check" any reports that are not appropriate. For example, if a The New York Times article was referenced in the body of the spam there would be no point in sending a report to the Times, or to be sure a reconfiguration of you mail server doesn't result in you reporting yourself.  The "Checked" /dev/null reports are not sent but retained for statistical analysis.

[klappa]

On den 26 september 2016 at 4:42 PM, Lking said:

Yes, obviously.  But SpamCop can not force an email hosting company to accept help.

If abuse{AT} has requested not to receive spam reports, sending them unwanted report email(s), fits the definition of spam. SpamCop does not want contribute to the volume spam in the system.

Yes, and Yes.

Could you not report the network host to ICANN or someone else?

 

On den 26 september 2016 at 7:49 PM, Lking said:

You are correct, I misspoke. A spam report is not bulk email. However, there is no purpose to sending an email that can easily be filtered out.  Why spend the cpu resources/bandwidth to send an email that will be ignored/deleted without being read?  Having received 182,861 reported spam in the last 24hrs (when I looked) from users/spam traps, SpamCop has other things to do; Look at the "New Feature Request" forum.

As posted here several times, the priorities set by SpamCop are:

1. Correctly identify the IP address of the source of spam to support the SpamCop Blocklist used by others to divert suspected spam from client inbox to a "spam" folder for later review.
2. As a service to those reporting spam to SpamCop, send spam Reports to the admin of the source of the offending email. If the policies implemented in this service don't meet a submitter's needs they are free to send the reports to others.
3. Identify links in the body of the spam and send spam Reports to the admin of the "spamvertised" domains.

Another motivation for administrators is money.  Depending on the economics there are not enough spam Reports to cause a change in action.  JMHO as a volunteer here.

Thank you for your contribution to the spam fight.  It can be frustrating. We all do want we have the motivation and resources to do.

Regarding 3) plenty of spam use URL shorteners services and redirection links. One have to manually report to the network provider for the destination domain since Spamcop can't recognize such spam. And those webhost companies providers often neglect any responsibility if their domain isn't explicit visible in the body of the e-mail. Not even if doing it through their abuse form will they care.

Edited September 29, 2016 by klappa

[Lking]

1 hour ago, klappa said:

Could you not report the network host to ICANN or someone else?

See the work of KnujOn for an opinion of the effectiveness of ICANN compliance.  In paticular "ICANN and your spam" page 5

[klappa]

On den 29 september 2016 at 4:37 PM, Lking said:

See the work of KnujOn for an opinion of the effectiveness of ICANN compliance.  In paticular "ICANN and your spam" page 5

That's unfortunate. Had problems with both Cloudflare and Name.com ignoring my requests recently and now i have nowhere to complain.

[Lking]

This is a situation where despair is all to easy to overcome you.  I submit all my spam to SpamCop, KnujOn and acma.gov.au.  This supports the work of KnujOn to change the effectiveness of ICANN (the long game) and help build the SpamCop block list to protect email users now (the short game).

'Hang in there' is all I can suggest.

[klappa]

18 hours ago, Lking said:

This is a situation where despair is all to easy to overcome you.  I submit all my spam to SpamCop, KnujOn and acma.gov.au.  This supports the work of KnujOn to change the effectiveness of ICANN (the long game) and help build the SpamCop block list to protect email users now (the short game).

'Hang in there' is all I can suggest.

Thank you for you compassion I contacted the law enforcement in that country where the spam originates from. Hopefully they will do something about it. Those damn web domain hosts that ignores my spamcop and even their own abuse form reports can go to hell!

Edited October 2, 2016 by klappa

[Lking]

6 hours ago, klappa said:

Those damn web domain hosts that ignores my spamcop and even their own abuse form reports can go to hell!

I will bring the grease to help them on their way!

[klappa]

On den 2 oktober 2016 at 6:15 PM, Lking said:

I will bring the grease to help them on their way!

Haha! That will hopefully let them out of their arse!

Edited October 4, 2016 by klappa

[mrfrench]

amazonaws should be blacklisted at as many places as possible.  Email to abuse@amazonaws.com does go through - I've done it myself.  They even respond.  But, even when they are sent full headers of a message they claim: "Thank you for your abuse report. We were unable to identify the customer responsible for the reported activity. Due to the frequency with which AWS public IP addresses can change ownership, we will need additional information in order to identify the responsible customer(s)."

To me, this means that they are either running an open relay that anyone can use... or they are unable to view the logs to find the account logins to relate them back to the customer.  Or, alternatively, they simply don't care.  A significant portion of the spam I now receive comes from an amazonaws site.  And it doesn't look like it will stop because it's the same spam over and over... and amazonaws either refuses or is incapable of doing anything about it even when sent a complaint with full headers.

IMO, sites like this should be blacklisted with no way off that blacklist until they agree to take measures to stop the spam.

[lisati]

A popular response I've had from places like Yahoo is "The most effective way of reporting spam is to use the report button" - I do, thanks to the Habul plugin for Thunerbird, and off go the reports to Spamcop, Knujon, and a couple of other places.

[Steve]

On 10/1/2016 at 10:41 AM, Lking said:

This is a situation where despair is all to easy to overcome you.  I submit all my spam to SpamCop, KnujOn and acma.gov.au.  This supports the work of KnujOn to change the effectiveness of ICANN (the long game) and help build the SpamCop block list to protect email users now (the short game).

'Hang in there' is all I can suggest.

 

Unfortunately, you can no longer use KnujOn to submit spam:

 

Quote

Dear KnujOn members, friends and visitors, 

This project will cease accepting samples from the public on 22 May 2018. The knujon.net will stop accepting email samples and the server will be shut down. The servers at coldrain.net will stop forwarding email. knujon.org will cease accepting new memberships and donations as of 8 March 2018. knujon.com will remain active to maintain historical information about the project but no sample data will be accepted. All currently held samples and all samples accepted up until 22 May 2018 will be processed. 

This research was started by Dr. Robert Bruen and Garth Bruen in 2003. After 15 years we have reached clear fundamental conclusions concerning the management of the Internet, findings which are neither pleasing nor surprising. We have taken this work as far as we can at this stage. A final comprehensive report of KnujOn findings will be published and maintained at knujon.com. 

We thank everyone for their dedication and participation in this project and hope you will join us when we start our next project which will be based on KnujOn findings. The details of this further research will be announced on knujon.com.

 

[showker]

On 1/21/2017 at 4:43 PM, mrfrench said:

amazonaws should be blacklisted at as many places as possible. 

"Thank you for your abuse report. We were unable to identify the customer responsible for the reported activity. Due to the frequency with which AWS public IP addresses can change ownership, we will need additional information in order to identify the responsible customer(s)."

 

This is a canned response to say "forget you, we're actually doing nothing"

Cloudflare has a similar "boilerplate" reply when you catch them red-handed in a direct lie. 

Give up. 

Yes, I agree, EVERYONE should block amazonaws, but nobody's listening.  We're such a tiny spec on the butt of the internet we have no power what so ever up against Amazon, Google, Cloudflare and a dozen others who are making millions by exploiting the cyber crime industry.  

Welcome to the world of Crimazon.com

and if you don't believe me, or want a real eye-opener, read

Future Crimes by Marc Goodman http://amzn.to/2irHG0T

(ironically available at Amazon!)

 

[gnarlymarley]

On 9/26/2016 at 9:48 AM, simbalion said:

While abuse reports are certainly unsolicited, they aren't bulk. And therefore they aren't spam. Further, why should the negligent administrators get a free pass from having to deal with the headaches caused by spammers they are permitting to operate? For every 1 email their spammers send, they should have to read at least 1 email themselves, preferably more, until the problem is dealt with.

I can agree on this, however my recent troubleshooting appears that the person/people that are managing the abuse mailbox do not seem capable of clicking on the tracking URL.  Also, they do not accept attachments either.  I found that I have to copy out the spam email to the body of a message when I manually send to the abuse mailbox.  It would be nice if this could be automated such as appears with the level3, but amazon seems to keep changing the reporting rules.

[Keats]

While amazonaws are certainly slime for refusing to accept reports from SpamCop, and refusing to act on spam reported directly to them, Google are no better: all the amazonaws spam I receive is coming from the same sender, with their scams being hosted on either storage.googleapis.com/wadrari , storage.googleapis.com/wadraritest or variants thereof - I report each one to Google, and have never received any sort of response.

[gnarlymarley]

26 minutes ago, Keats said:

While amazonaws are certainly slime for refusing to accept reports from SpamCop, and refusing to act on spam reported directly to them, Google are no better: all the amazonaws spam I receive is coming from the same sender

Agreed.  As for action, I believe all we can do at this point is to feed the Blocking List and if capable, use the Blocking List on your email server.

Also, from what I can tell, the directory in the googleapis URL seems to be unique to the receiver email account.  I have two email addresses that are getting the spam and each account seems to have their own google links.