Jump to content
MDMesser001

Any point in reporting spam from AMAZONAWS?

Recommended Posts

17 minutes ago, Hanco said:

I have reported 14 abuse emails to them today since this morning alone. I’ve just about had enough and canceling prime and avoiding shopping with them at all is increasingly likely what is going to happen.

I am coming to the same conclusion as you. Totally a waste of time. I don’t know if there is an email client for my Pixel phone and iPhone which allows blocking by IP ranges but that’s what I’d really like to get!!!

The sleaze running their abuse desk are not good at their job. I don't now buy anything from Amazon that alone costs them more thant they get from their resident spammer. Maybe Jeff Bezos will start noticing his billions disappear?
My Gmail address is hammered by spam coming from AWS I copy from notepad to put in forwarded spam and mark it phishing

Banning all Amazon purchases because of inept AWS abuse responses to AmazonAWS DDoS multiple IP email attacks  
Criminal phishing, bogus reply address, bogus unsubscribe(NEVER subscribed), DDoS

IP address
Text headers and body

sent to, from Gmail account
stop-spoofing[AT]amazon.com, abuse[AT]amazonaws.com, abuse[AT]amazon.com, ec2-abuse[AT]amazon.com, ipmanagement[AT] amazon.com, phishing-report[AT]us-cert.gov

Edited by petzl

Share this post


Link to post
Share on other sites

Well I just did it. Canceled Prime and Music. I’m not giving them any money any more. They surely could fix this but choose not to.

Share this post


Link to post
Share on other sites
4 minutes ago, Hanco said:

Well I just did it. Canceled Prime and Music. I’m not giving them any money any more. They surely could fix this but choose not to.

Good and tell them why. The more that do this the more this spammer costs Amazon
Spread the good word.
Were a regular buyer of goods from Amazon not anymore.

Edited by petzl

Share this post


Link to post
Share on other sites

Oh I told them! They wanted someone from fraud to call me... I said ok, so long as they’re going to actually do something that is effective. They didn’t call.

And of course the abuse emails continue to come today from Amazon IPs.

If this has been answered before, my apologies. Why do we see this:

/dev/null'ing report for Abuse#amazonaws.com@devnull.spamcop.net
/dev/null'ing report for ec2-abuse#amazon.com@devnull.spamcop.net

Share this post


Link to post
Share on other sites
2 hours ago, Hanco said:

Why do we see this:

/dev/null'ing report for Abuse#amazonaws.com@devnull.spamcop.net
/dev/null'ing report for ec2-abuse#amazon.com@devnull.spamcop.net

I forward spam from my Gmail account to Amazon, none today?
Amazon abuse have "unsubscribed" from SpamCop reports. shows how inept/uncaring they are.

Share this post


Link to post
Share on other sites
20 minutes ago, petzl said:

I forward spam from my Gmail account to Amazon, none today?

I wish! It’s endless.

Share this post


Link to post
Share on other sites
1 hour ago, Hanco said:

I wish! It’s endless.

I suspect it's my "preamble" in every report to them just started adding 2 days ago actually ceased yesterday so it seems Amazon do know this criminal and are cooperating in the attack. |

Banning all Amazon purchases because of inept AWS abuse responses to AmazonAWS DDoS multiple IP email attacks  
Criminal phishing, bogus reply address, bogus unsubscribe(NEVER subscribed), DDoS

I will never buy anything from amazon or it's subsidiaries EVER!
 

Share this post


Link to post
Share on other sites

The torture never ends. The depth of my hatred for everything associated with Amazon and the Amazonaws nightmare is complete.

Amazon will never suck one more penny from my bank account. F*ck Amazon. And f*ck bitly(dot)com, too, for enabling this nonstop spam rape. And probably Cisco Systems (the giant corporation that seems to have gobbled up Spamcop in order to render it completely useless).

The Internet is dead. All hail the Internet.

Share this post


Link to post
Share on other sites
2 hours ago, Art101 said:

Amazon will never suck one more penny from my bank account.

Get the move going
Amazon have a security problem and are just annoying customers 

Share this post


Link to post
Share on other sites

Various posters have expressed their frustration at receiving seemingly endless spam from Amazon AWS servers, as I have been.  I was also fed up at SpamCop's simply "devnulling" our Amazon AWS spam.  Instead, I have reported, and gone on reporting, Amazon AWS spam to various Amazon mail addresses.  I get the automated replies from Amazon, but I could be persuaded that the volume of spam from Amazon AWS has tailed off.

I could be wrong, but I think the way forward is to go on reporting Amazon AWS spam; "devnulling" by SpamCop is not going to do any good.

Share this post


Link to post
Share on other sites
20 minutes ago, ScotchJohn said:

Various posters have expressed their frustration at receiving seemingly endless spam from Amazon AWS servers, as I have been.  I was also fed up at SpamCop's simply "devnulling" our Amazon AWS spam.  Instead, I have reported, and gone on reporting, Amazon AWS spam to various Amazon mail addresses.  I get the automated replies from Amazon, but I could be persuaded that the volume of spam from Amazon AWS has tailed off.

I could be wrong, but I think the way forward is to go on reporting Amazon AWS spam; "devnulling" by SpamCop is not going to do any good.

Amazon are incompetent and won't accept SpamCop reports 
The only way to attempt to report directly from your Gmail WEB account to abuse[AT]amazonaws.com
And Mark it phishing (so-far I have only seen Gmail accounts attacked?)

Amazon replied to me that I didn't do this, which I did send all headers and body in text listed the IP (3.134.0.217) it came from


    * Complete, accurate timestamps of the activity including: (one email per report, please)
        - Date
        - Time
        - Time Zone
    * All source IPs
    * All source port(s) & protocol(s)
    * Destination IP(s)
    * Destination port(s) and protocol(s)
    
    * Full e-mail header and HTML content of the spam message
    

I sent/parsed it through SpamCop 
https://www.spamcop.net/sc?id=z6588724520zeaff576385f38c9a53fea8a2da697254z
replied 
Seems you don't know your job very well?
 all headers, time stamps were sent
Your IP 3.134.0.217  is listed as a Botnet
see and have machine scanned 

https://www.abuseat.org/lookup.cgi?ip=3.134.0.217
This IP is infected (or NATting for a computer that is infected) with an botnet that is emitting email spam. The infection is probably auto.

Edited by petzl

Share this post


Link to post
Share on other sites
On 11/6/2019 at 2:01 PM, ScotchJohn said:

 Instead, I have reported, and gone on reporting, Amazon AWS spam to various Amazon mail addresses.

...

 I could be persuaded that the volume of spam from Amazon AWS has tailed off.

Me too:

abuse@amazonaws.com, ec2-abuse@amazon.com, ipmanagement@amazon.com, abuse@amazon.com 

I add those to my Amazon reports on SpamCop now. Two get devnulled.

volume has not tailed off for me. In August it ramped up. 20-30 per day is normal now. Nearly all of them with links (or short URL redirects) to VPSVILLE.RU hosted sites. Nearly all use free “now-dns.com” services too.

Share this post


Link to post
Share on other sites
8 hours ago, Hanco said:

volume has not tailed off for me.

AWS don't care and lie or don't know their job sending me 
"We were unable to identify the customer responsible for the reported activity. Due to the frequency with which AWS public IP addresses can change ownership, we will need additional information in order to identify the responsible customers"
Which is rubbish. the only port their  IP's have open is port 53, none are email servers, They need to block port 25 on machines that are NOT email servers
I replied (as above) and spam has dropped to around 3 a day at present, instead of the 20 daily or so, it was before

Edited by petzl

Share this post


Link to post
Share on other sites

Interesting. I imagine the idiots who spend their time sending abuse emails might look at this forum and others like it sometimes... I’ve sent you a pm here. I’m not technically fully aware of how all this works, so I would appreciate your indulging my curiosity if you have time.

Share this post


Link to post
Share on other sites
5 hours ago, Hanco said:

so I would appreciate your indulging my curiosity

port 53 is open normal, connects to your DNS.

Share this post


Link to post
Share on other sites

OK. Take a deep, healing breath.

The internet was the most important advance in human communication since the invention of the printing press. It was highjacked by money-grubbing spammers and corporate interests that don't give a flying f*ck about you or me.

I give up. I'm done with this sh*t. I will no longer offer reports to SpamCop. Doing so is pointless. Amazonaws is evil. Amazonaws rapes my inbox with crap I did not ask for and do not want.

Have a nice day,

    

Share this post


Link to post
Share on other sites
17 minutes ago, Art101 said:

Amazonaws is evil. Amazonaws rapes my inbox with crap I did not ask for and do not want.

By dropping Amazon and their subsidiaries from purchases forever  will cost them more than the free spamming accounts from their "Free email accounts" that we are being hammered with.
 https://sendgrid.com/marketing/sendgrid-services-cro/
Try it out! Send 40,000 emails for 30 days, then 100/day forever.
Sign up for free. No credit card required.

Share this post


Link to post
Share on other sites
On 11/2/2019 at 3:29 PM, Art101 said:

The internet was the most important advance in human communication since the invention of the printing press. It's hijacked by spammers, phishers, massive money-grubbing corporate interests, governments that leverage it to keep us stupid and scared, and related nightmares.

 

🙂 and don't forget social media 🙂

Share this post


Link to post
Share on other sites

It seems to me that spamming is the same thing as harassment.  Isn't harassment by any other means illegal in the US?  Why isn't it illegal for email?  What I found in looking at message sources is that all of these IP addresses are long disabled by the time I get them.  I use nslookup to find who owns the IP address.  Then I ping the address, and every time get no response.  Of course, they can simply prevent their servers from being pinged, which I suppose is the case.  I was thinking that they simply assign single-use IP addresses to each email, since all of the IP addresses are unique to one and only one email.  

I collected over 500 emails, message headers and nonsense responses from ec2-abuse@amazon.com. and hoped to get the attention of a real, live person FBI or FCC.  I contacted my US Representative and asked if they would help me contact them. No response after several days.  And then, a nonsense generic response.  

I wonder if there is any law firm that would be willing to do a class action suit against amazon aws harassment?  

I just don't know where to start.  

Share this post


Link to post
Share on other sites
51 minutes ago, stan55 said:

I collected over 500 emails, message headers and nonsense responses from ec2-abuse{}amazon.com

The last spam I received today
email server
167.89.8.98 abuse[]sendgrid.com
injection
13.114.162.17 abuse[]amazonaws.com

I just forward spam to the abuse addresses from my Gmail WebMail.
Seems to have a effect in reducing the attack. SpamCop won't send reports. so I forward them directly

old track
https://www.spamcop.net/sc?id=z6588724520zeaff576385f38c9a53fea8a2da697254z
email server (look for yelp in headers name of server)
167.89.8.98 abuse[]sendgrid.com
injection (look for AWS in headers)
3.134.0.217 abuse[]amazonaws.com

Share this post


Link to post
Share on other sites

Most of my spam is from Amazonaws but it has gone down with a determinant attitude to reporting. However I don’t consider the reporting to Amazon useful. It did not have a material effect on volume. Actually, reporting direct to SpamCop has probably been more useful. It SEEMS like most of my spam comes via other third parties with Amazonaws being the driver... Often Hotmail.com (that appears to be quite possible)

 

Share this post


Link to post
Share on other sites

I am also a victim of the AmazonAWS spam.  I'm guessing most of what we are all seeing is from the same group.  They use forged headers and put tons of lines of hidden text in the message body which poses as everything from Enterprise Rental car to IBM cloud to Event Temple church.  This is all from the same person. 
They also use bitly and twitter redirects to mask the real links in the spams.  I have a list of about 10 Twitter accounts they use as link farms.

They also use a ton of domains registered through Namecheap as Namecheap refuses to take any action on any of their clients no matter how severe the crime is.  I've even busted them for fake Warren Buffet phishing spams and Namecheap still would not disable the domain which is registered though their client with WHOIS privacy protection.

The best luck that I have found so far is the ec2-abuse@amazon.com address as far as getting replies.

But if you want direct action then you have to go here: https://support.aws.amazon.com/#/contacts/report-abuse and submit a ticket.  It's a pain because you have to enter the spam into SpamCop to get the IP address and then copy it all over here once again along with timestamp data and other useless info.

They eventually shut down the account but the spammer just keeps opening up new ones.

I have filed a complaint with the Attorney General against Namecheap for providing a base of operations for this AmazonAWS spam group.  Many of the spams being sent though AmazonAWS that fall into this same footprint of redirects, forged headers, and the same hidden text in the message body are advertising websites owned by Jared Forbush, aka 4Bush Holdings LLC out of Kaysville, UT

But try the https://support.aws.amazon.com/#/contacts/report-abuse link - it at least gets a response.

 

Share this post


Link to post
Share on other sites
5 hours ago, goodnerd said:

They eventually shut down the account but the spammer just keeps opening up new ones.

Slow the criminal down though 
old track

https://www.spamcop.net/sc?id=z6588724520zeaff576385f38c9a53fea8a2da697254z
email server (look for yelp in headers name of server)
167.89.8.98 abuse[]sendgrid.com
injection (look for AWS in headers)
3.134.0.217 abuse[]amazonaws.com

Share this post


Link to post
Share on other sites

Yep - they always have Yelp references in the headers.  Same spammer, exact same email fingerprints.

When I helped the feds a while back with the Robert Soloway case I had purchased one of the domains Soloway was forging the sender email address of (just as in these Amazonaws spams).  I then set up a mail server and captured all the bounces of returned spams and within a day or two I collected around 175,000 bounced spams that was presented in the trial showing Soloway's methods.  This Amazonaws clown is doing the same thing as the sender's email address in the spams are from domains that don't even exist.

Example:This header shows the sender's email address to come from the domain bagfczfpyelp.com - which is an unregistered domain name and does not exist.

sender) smtp.mailfrom=BJpAJGNR@3otnx---3otnx----us-west-2.compute.amazonaws.com
Received: from o1.923yelp (o1.923yelp [167.89.8.98])
        mx.google.com with ESMTPS id i126si10064712ybi.415.2019.02.13.07.44.33
        for <hjKcv.bPwV@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 13 Feb 2019 07:44:34 -0800 (PST)
Received: from smtp-sendgrid.yelpcorp.com (ec2-52-34-255-49.us-west-2.compute.amazonaws.com )
  ismtpd0011p1las1.sendgrid.net (SG) with ESMTP id jxq4wpsYRtSCL30cEOF67Q for <hjKcv.bPwV@gmail.com>; Wed, 13 Feb 2019 15:44:32.244 +0000 (UTC)
Content-Type: text/html; charset=utf-8
MIME-Version: 1.0
From: Improve Your Memory Today <EoZcDmolk@bagfczfpyelp.com>
Subject: Improve your memory and brain
To: ***************(my email address)**********
Date: Sun, 10 Nov 2019 00:11:48 +0100
Errors-To: returnto@yelp.com


Does this look familiar to yours?  I've tracked down two names within the US that these spams are associated with.  One is a company out of Texas called One Technologies (credit card and loan spams) - who has already been slapped down by the FTC once.  The other was the 4Bush Holdings out of Utah (various drugs and hemp oil spams).

I received another wave of Amazonaws spams last night and sent a copy of one of them to ec2-abuse@amazon.com in a reply to an earlier complaint.  I then received a reply after only a few hours:

 

Quote

 

Hi there,

We see you have received another spam originating from another an AWS Ip.

Request you to kindly open a new abuse case so we can find the owner behind the spam and take appropriate action as this case is tagged to the old report that was sent.

AWS Abuse team.


How can I contact a member of the Amazon EC2 abuse team?
Send an e-mail to ec2-abuse@amazon.com; remember to include your case number.

Amazon Web Services

Amazon Web Services LLC is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message produced and distributed by Amazon Web Services, LLC, 410 Terry Avenue North, Seattle, WA 98109-5210.

 

When I file the spams on SpamCop I also manually add in the address ec2-abuse@amazon.com so they receive a copy as well.  The other amazon addresses just appear to be a black hole.

Share this post


Link to post
Share on other sites
5 hours ago, goodnerd said:

Does this look familiar to yours

email server
167.89.8.98  abuse[AT]sendgrid.com
need to put in abuse report to them as well, they are brainless stinkers
this is what is said on sendgrid site spammers paradise
 https://sendgrid.com/marketing/sendgrid-services-cro/
Try it out! Send 40,000 emails for 30 days, then 100/day forever.
Sign up for free. No credit card required.
Always spam injected from a AWS IP?

https://www.spamcop.net/sc?id=z6592985188z08df2a03ce1e990bfb81847501172823z 
Notes 
Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS 
injection
44.228.105.175  abuseXamazonaws.com
email server 
167.89.8.98 abuseXsendgrid.com

Edited by petzl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×