emanmb

Curious about amazonaws .com

24 posts in this topic

Just curious.

Given the huge amount of sites seemingly associated with amazonaws. com in the spam I am reporting, I'm wondering why they don't accept SC reports?

Share this post


Link to post
Share on other sites
  • Reports are bounced
  • They have requested SC not send reports, for whatever reason
  • There is evidence that the reports are passed on to the spammer

 

Share this post


Link to post
Share on other sites

Thanks

Well that's unfortunate!  Just did a little googling and the answer seems apparent from what the domain is associated with.

 

Share this post


Link to post
Share on other sites

Keep in mind the distinction between building the SCBL and sending courtesy spam reports to ISPs.

Share this post


Link to post
Share on other sites

One could always send it directly to them but since @Lking says reports bounce, that's probably what will happen.  My guess is the building of the SCBL is of more importance than reporting to a company's supposed abuse dept.

Share this post


Link to post
Share on other sites

I get several spams per week from senders hosted by hostex [dot] lt, and the reporting address is shown as pagalba [at] hostex [dot] lt
They all spamvertise sites hosted by amazonaws [dot] com and the reporting address is shown as abuse [at] amazonaws [dot] com

It's not a lot of trouble reporting them, (I only get 1 or 2 per day, on average), but these spams have been continuing to arrive for many months, and reporting them seems to make no difference at all.

Now, not all the spams originate from hostex [dot] lt and SpamCop sometimes shows the reporting address as <I-can't-quite-remember-the-exact-name. [at] microsoft [dot] com

However, all the emails contain links to spamvertised websites that are hosted by amazonaws [dot] com

As an aside, I have noticed that a spamvertising campaign usually drops off, (for me, at least), after maybe two or three months, but these amazonaws spams have been going on for almost a year, now, and show no signs of stopping.  In fact, I have already reported 2 such spams this morning.

As for Yahoo-based spammers, my email account seems mostly to receive 419 spams from them.  419 spams don't usually contain links, but mostly they seem to originate from large web-based email services such as Yahoo, Outlook [dot] com and gmail [dot] com.  These campaigns usually last about 2 to 3 months and then drop off for a few months before resuming their onslaught.

I should also add that I think I may well have brought these amazonaws spams upon myself, because I actually opened the first one that I ever received, (it was almost a year ago, I think), as it looked genuine, and was purporting to be associated with an online account that I really do have with Woolworths, a large Australian supermarket chain.  Not only that, but there was a large button AT THE VERY TOP OF THE MESSAGE, NO LESS(!), marked "Report spam or unsolicited email!" Thinking that this button was a genuine, legitimate unsubscribe link, fool that I am, I clicked on it, which would have well and truly confirmed the validity of my email address to the spammers.

I use MS Outlook 2010, (correctly configured with the appropriate registry settings to save the full message source, not only the headers), but my Outlook filtering settings mostly seem to fail, (even though the spams are shown by SpamCop to have originated from the same sender), and so I now have my inbox set up without a preview window.  I can now right-click on the subject line and choose "block sender," and Outlook will move it to my Junk folder, with all links and images disabled, but the full source is still available for SpamCop reporting.

I know that 10 or 12 spams a week is far from any kind of a big deal, but it's really frustrating that this particular campaign just seems to go on and on and on...

Edited by csouter
Corrected a typographical error.

Share this post


Link to post
Share on other sites
2 hours ago, csouter said:

I get several spams per week from senders hosted by hostex [dot] lt, and the reporting address is shown as pagalba [at] hostex [dot] lt
They all spamvertise sites hosted by amazonaws [dot] com and the reporting address is shown as abuse [at] amazonaws [dot] com

Try their reporting page (still report via SpamCop)
https://aws.amazon.com/forms/report-abuse

Share this post


Link to post
Share on other sites
16 minutes ago, petzl said:

Try their reporting page (still report via SpamCop)
https://aws.amazon.com/forms/report-abuse

Next time I get one, I'll give it a try.

Share this post


Link to post
Share on other sites
2 hours ago, csouter said:

Next time I get one, I'll give it a try.

Also in SpamCop notes copy and past (example ) then enter a couple of times putting ">" this makes the above stand out makes it easy for abuse to work out

"114.112.95.178 (Administrator of network where email originates)"

>
SpamCop just send complete headers otherwise

Share this post


Link to post
Share on other sites
19 hours ago, petzl said:

Also in SpamCop notes copy and past (example ) then enter a couple of times putting ">"

I just received another spam with a URL pointing to the same website administered by Amazon Web Services.

I followed your suggestions, reporting to SpamCop, and I was able successfully to submit an abuse report to Amazon Web Services, but only after considerably truncating the email source.

I had to trawl through the source to find the spamvertised URL, and I made sure that it was still there after I had stripped out all the HTML formatting code.

As far as I can make out, it seems that Amazon Web Services don't need the full email source.

BTW, the SpamCop reporting URL for this message is: https://www.spamcop.net/sc?id=z6430220543z9c15449883f426c8a3dc680c9ae70c46z

We'll see what happens. ;)

Share this post


Link to post
Share on other sites
18 hours ago, csouter said:

We'll see what happens. ;)

Got the following reply from Amazon:

 

Quote

"Thank you for submitting your report to Amazon Web Services.
We have received your report and will investigate the issue.  If you wish to provide additional information to us or our customer regarding this case, please reply to this email."

(Bold text emphasis added by me, because I think this proves that the spammers are receiving the reports and using them to harvest known valid email addresses).

It makes me wonder wny I should even bother reporting to Amazon Web Services at all, if the spammers are just using the reports to send more spam.

BTW, I have just this minute received another such spam, pointing to not quite the same site, (the beginning of the link is the same, but it ends slightly differently).

SpamCop reporting URL for this message is: https://www.spamcop.net/sc?id=z6430456086z1fbf0bab202104b59115db70b74a2770z

These messages seem to work in very much the same way as the popup ads that accompany so-called "free" mobile apps:  if the hapless user taps the ad, he/she is taken to some bogus website, asked to provide his/her mobile number and told that he/she is in a draw for a free iPad, or some such thing, and if the user is silly enough to provide the number, he/she will start receivng a barrage of spam SMS messages, to which the standard reply of STOP has absolutely no effect.

The exact spamvertised URLs are constantly changing, and as soon as the network admin shuts one down, they simply create a replacement.  I suspect that the entire process is fully automated.

Anyway, that's my 2¢ worth. ;)

 

 

Edited by csouter
Corrected a typo and altered some formatting.

Share this post


Link to post
Share on other sites
20 minutes ago, csouter said:

(Bold text emphasis added by me, because I think this proves that the spammers are receiving the reports and using them to harvest known valid email addresses).

Conformation of a known valid email address (that reports their spam).  Just confirms Russell's Corollary to Spammer Rules #3

Share this post


Link to post
Share on other sites
19 hours ago, csouter said:

BTW, the SpamCop reporting URL for this message is: https://www.spamcop.net/sc?id=z6430220543z9c15449883f426c8a3dc680c9ae70c46z

That tells a lot. The USA do not consider this spam  *IF* it has a WORKING "unsubscribe" link in it.
As spammers have your email address  "unsubscribe" may work if it doesn't you can include that in your complaint

A lot of times you may get a "survey" to ask what you think of a online company (Woolworths, ebay and others) never fill these in as they are mostly operated by outsourced companies that pass your contact details on (value adding)!

Share this post


Link to post
Share on other sites

It has been a while sense I have read the CANSPAM act, but I seem to remember the "unsubscribe" as necessary but not sufficient.  Can't find my reference.

Share this post


Link to post
Share on other sites
1 hour ago, Lking said:

It has been a while sense I have read the CANSPAM act, but I seem to remember the "unsubscribe" as necessary but not sufficient.  Can't find my reference.

Read your nip of red cordial here if you like a pointy head

https://www.acma.gov.au/Industry/Marketers/Anti-spam/Ensuring-you-dont-spam/mandatory-unsubscribe-ability-ensuring-you-dont-spam-i-acma

Under the spam Act 2003, every commercial electronic message must contain a functional and legitimate 'unsubscribe' facility. This is an electronic address the recipient can use to tell the sender they do not wish to receive messages. Businesses must make it easy for people to unsubscribe from electronic mailing lists.Apr 16, 2015

Edited by petzl

Share this post


Link to post
Share on other sites
2 hours ago, Lking said:

The business MUST also have consent.

https://www.acma.gov.au/Industry/Marketers/Anti-spam/Ensuring-you-dont-spam/spam-consent-ensuring-you-dont-spam-i-acma

Need more aged grape juice to read further.  Thanks for the link.

csouter's spam came from Italy with a USA weblink, America and other countries run by red cordial nipping pointy heads, are only referring to their "fact" that all spam comes only from same  pointy headed run non-Christian countries like USA, Australia, UK (etc) and don't recognize inter-action with other "oligarchies" who allow spam like china/Russia/Ukraine/etc 

 

Edited by petzl

Share this post


Link to post
Share on other sites
2 hours ago, petzl said:

csouter's spam came from Italy with a USA weblink

FYI, my spam came from Latvia, not Italy. The TLD is .lt, not .it.

Edited by csouter
Shortened quoted text.

Share this post


Link to post
Share on other sites
6 hours ago, petzl said:

That tells a lot. The USA do not consider this spam  *IF* it has a WORKING "unsubscribe" link in it.
As spammers have your email address  "unsubscribe" may work if it doesn't you can include that in your complaint

A lot of times you may get a "survey" to ask what you think of a online company (Woolworths, ebay and others) never fill these in as they are mostly operated by outsourced companies that pass your contact details on (value adding)!

I have no idea whether or the the "unsubscribe" link works.  I did click on that link in the very first of those spams I received, but, IIRC, nothing happened - I was not taken anywhere at all - no new browser window opened, etc...  nothing...

Normally, I never respond to survey requests of any kind.

Share this post


Link to post
Share on other sites
3 hours ago, csouter said:

I have no idea whether or the the "unsubscribe" link works.  I did click on that link in the very first of those spams I received, but, IIRC, nothing happened - I was not taken anywhere at all - no new browser window opened, etc...  nothing...

Normally, I never respond to survey requests of any kind.

Don't deny this a spammer is allowed to spam because red cordial nipping pointy heads say they can but web links not always can be connected to spam sourcece

https://www.spamcop.net/sc?id=z6430456086z1fbf0bab202104b59115db70b74a2770z gives "it" for abuse address?

Edited by petzl

Share this post


Link to post
Share on other sites
1 hour ago, petzl said:

Don't deny this a spammer is allowed to spam because red cordial nipping pointy heads say they can but web links not always can be connected to spam sourcece

https://www.spamcop.net/sc?id=z6430456086z1fbf0bab202104b59115db70b74a2770z gives "it" for abuse address?

Copied & pasted directly from the quoted report link:

Reportid: 6758583785 To: hostmaster@hostex.lt
Reportid: 6758583786 To: abuse@hostex.lt

It's .it (.LT), not .it (IT)

I also thought initially that it was .it, but hostex.it doesn't exist, according to my browser, whereas hostex.lt does.

It's easy to mistake an "l" for an "i" because of the font used.

.lt is the TLD for Latvia.

Edited by csouter
Added a new sentence towards the end of the post.

Share this post


Link to post
Share on other sites
11 hours ago, csouter said:

It's .it (.LT), not .it (IT)

OK my eyesight is shot. Actually neither have a good reputation of doing much about spammers

Share this post


Link to post
Share on other sites
On 12/21/2017 at 7:35 AM, petzl said:

OK my eyesight is shot. Actually neither have a good reputation of doing much about spammers

You're not wrong about that, mate! :D

Anyway, having conducted those little experiments in response to your useful suggestions, I've decided that I shall no longer be contacting Amazon AWS.directly, but I shall continue reporting to KnujOn.

Cheers to all for Christmas and the New Year! :D

Edited by csouter
Corrected a typo.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now