MIG Posted April 12, 2019 Share Posted April 12, 2019 (edited) 5 hours ago, Lking said: I don't see a suggestion to also send reports/forward spam to stop-spoofing[AT}amazon.com.I add that address to all spam that I quickly identify as relating to Amazon or often amazon.uk Hey Master, Very interesting. I previously raised (with SC Admin) "Request to add" stop-spoofingATamazonDOTcom, as so many amazon / SC reports resulted in /dev/null. SCA replied: quote Adding an address just because it looks like it might be a good idea, isn't a good idea. Stop-spoofingATamazonDOTcom is a specific address with a specific use. spam from Amazon's IP space is not the purpose of that address. It likely wouldn't take them long to start rejecting all SpamCop reports, even ones about spoofing, if we were to start throwing everything Amazon their way. unquote As a result of receiving that advice, I stopped manually adding stop-spoofingATamazonDOTcom, Amazon spam continued, when I add stop-spoofingATamazonDOTcom, spam reduces to an occasional, 1 a month, to none... Your thoughts? (would be very much appreciated) Cheers! Edited April 13, 2019 by Lking I stand corrected Quote Link to comment Share on other sites More sharing options...
Lking Posted April 13, 2019 Share Posted April 13, 2019 5 hours ago, Lking said: I don't see a suggestion to also send reports/forward spam to stop-spoofing[AT}amazon.com I stand corrected. What I meant to say was that I add amazon[dot]com to the list of addresses when I submit said spam. So the copy of the spam comes from me not SC. I do get the obligatory auto-response "Thank you" Quote Link to comment Share on other sites More sharing options...
MIG Posted April 13, 2019 Share Posted April 13, 2019 Greetings Master, Thank you for clarifying! Much appreciated! However, 🦗 is confused, (for me) SC parser classifies Amazon (amazon[dot]com) as /dev/null, are you suggesting manually adding amazon[dot]com to https://www.spamcop.net/ [User_Notification] field, irrespective of SC's determination? Thanks in advance! Quote Link to comment Share on other sites More sharing options...
Lking Posted April 13, 2019 Share Posted April 13, 2019 2 hours ago, MIG said: are you suggesting manually adding amazon[dot]com to https://www.spamcop.net/ [User_Notification] field, irrespective of SC's determination? NO I am not. That would result in a spam Report, from SC going to amazon. I am suggesting something like this header from MY email: Quote BCC: submit.xxxxxxxxxxxxxxxx@spam.spamcop.net To: spam@uce.gov, Report@submit.spam.acma.gov.au, stop-spoofing@amazon.com Subject: [HabuL Plugin] spam Report From: XXX <x@xx.com> with an amazon related spam attached; in this case Quote ... Date: Fri, 12 Apr 2019 09:55:17 +0000 To: "bigknow@xxxxx.com" <bigknow@xxxxx.com> From: Amazon <reply@leneif.info> Reply-To: Amazon <reply@leneif.info> Subject: [Norton AntiSpam]TEXT ALERT: Winner, Winner John, is it you? >> Check Now ... Note when I "Submit" the spam I BCC the email to SC to hide my private 16 char reporting account from Amazon. Also note: Yes the FROM: is an obvious fake, but the sender is using the well known retailer's name to get "bigknow" to open the email.. I do the same for others common spam FROM UPS, American Express and others. Quote Link to comment Share on other sites More sharing options...
MIG Posted April 13, 2019 Share Posted April 13, 2019 1 hour ago, Lking said: NO I am not. That would result in a spam Report, from SC going to amazon. I am suggesting something like this header from MY email: with an amazon related spam attached; in this case Note when I "Submit" the spam I BCC the email to SC to hide my private 16 char reporting account from Amazon. Also note: Yes the FROM: is an obvious fake, but the sender is using the well known retailer's name to get "bigknow" to open the email.. I do the same for others common spam FROM UPS, American Express and others. Thank you Master! Got it! Unfortunately (for me) using my (private 16 char reporting account) has never worked. And using https://outlook.live.com/owa/?path=/mail/ does not have the functionality to forward spam as "attachments". However, your information certainly clarifies the question I had specific to spam submitted via SC parser. I'm curious about [red]: To: spam@uce.gov, Report@submit.spam.acma.gov.au, stop-spoofing@amazon.com Subject: [blah, blah, blah] spam Report From: XXX <x@xx.com> Acma spam reporting guidelines: "Forward the email spam to report@submit.spam.acma.gov.au. When forwarding an email, don't change the subject line or add additional text." Have Acma ever communicated with you regarding spam you've reported? Curious? Thanks & cheers! Quote Link to comment Share on other sites More sharing options...
Lking Posted April 13, 2019 Share Posted April 13, 2019 10 hours ago, MIG said: I'm curious about [red]: To: spam@uce.gov, Report@submit.spam.acma.gov.au, stop-spoofing@amazon.com Subject: [blah, blah, blah] spam Report From: XXX <x@xx.com> Acma spam reporting guidelines: "Forward the email spam to report@submit.spam.acma.gov.au. When forwarding an email, don't change the subject line or add additional text." Have Acma ever communicated with you regarding spam you've reported? Curious? The attached spam is forwarded without change. MY email, Subject: [blah...] spam Report, From: XXX is not what ACMA is referring to. The Attached email "Subject: [Norton AntiSpam]TEXT ALERT: Winner, Winner John, is it you? >> Check Now" "From: Amazon <reply@leneif.info>" is not changed, as required. Quote Link to comment Share on other sites More sharing options...
RobiBue Posted April 14, 2019 Share Posted April 14, 2019 On 4/12/2019 at 8:44 PM, MIG said: ..., (for me) SC parser classifies Amazon (amazon[dot]com) as /dev/null, are you suggesting manually adding amazon[dot]com to https://www.spamcop.net/ [User_Notification] field, irrespective of SC's determination? Thanks in advance! On 4/12/2019 at 11:37 PM, Lking said: NO I am not. That would result in a spam Report, from SC going to amazon. I am suggesting something like this header from MY email: with an amazon related spam attached; in this case Note when I "Submit" the spam I BCC the email to SC to hide my private 16 char reporting account from Amazon. Also note: Yes the FROM: is an obvious fake, but the sender is using the well known retailer's name to get "bigknow" to open the email.. I do the same for others common spam FROM UPS, American Express and others. If amazon[dot]com is dev/null'ed, then placing it in the [User_Notification] field wouldn't change anything. It would still dev/null the address. @Lking, question about the "Note". Do I understand this correctly, that you send (apart from sending the spam to SC as "bcc") the spam (as attachment) to the three listed entities? How do you know where to send the spam before parsing it? When I send the spam to SC, it gets parsed and /* then */ I know whom to send it as well... (Color me confused) Quote Link to comment Share on other sites More sharing options...
Lking Posted April 14, 2019 Share Posted April 14, 2019 1 hour ago, RobiBue said: How do you know where to send the spam before parsing it? When I send the spam to SC, it gets parsed and /* then */ I know whom to send it as well... (Color me confused) "Dear" Color me confused : ) The confusion is that we (you and I) are talking about two different things. You (and I) use SC to parse the spam email header to identify the source and supporting ISPs of the spam and the spamvertised links in the body of the email. I understand that you /*then*/ use the information from SC to manually expand where the spam report is sent. In addition to the basic results from SC, I also send all 'raw' spam to government databases, US and Australian (spam@uce.gov & Report@submit.spam.acma.gov.au), for archival and whatever use. When a quick visual scan of spam reveals that the name of an established company (Amazon, UPS, American Express...) is used to bate the spam receivers, I also send the raw spam to those companies as a "FYI some spamming a**hole is using your 'good' name to defraud people." In my example above: On 4/12/2019 at 10:37 PM, Lking said: ... Date: Fri, 12 Apr 2019 09:55:17 +0000 To: "bigknow@xxxxx.com" <bigknow@xxxxx.com> From: Amazon <reply@leneif.info> Reply-To: Amazon <reply@leneif.info> Subject: [Norton AntiSpam]TEXT ALERT: Winner, Winner John, is it you? >> Check Now ... I noticed the From: Amazon displayed in the "Correspondents" column in Thunderbird so I single that spam out for special handling. Depending on the time of day and other factors, I also take a quick look at the body of some spam scanning for besmirched company names. {It is another discussion, whether or not these corporations have a 'good name'. I am sure they think so and have the resources to defend it.} I have chosen this less time intensive processing because of the volume of spam sent to the several domains I use (232 spam yesterday). In addition to the domain I have had sense 1996, I also manage domains for two non-proffets. I receive all email to these domains unfiltered (note To: bigknow{at}xxxx.com above). For me I "Do not have the time" to do the hard work that @RobiBue does.We each do what we can do. As an aside I am confused by the thinking(?) of spammers. Looking at the "odd" mailboxes spam is sent to. Instead of dropping mis addressed email on the floor, I receive and report it. So I see these odd mailboxes. I can see guessing 'Bob@', 'John@' or "testemail@". I do not understand "f***you@", "A**hole@", "whore@". Who thinks someone would open an email addressed to "whore@"? Quote Link to comment Share on other sites More sharing options...
klappa Posted April 14, 2019 Author Share Posted April 14, 2019 (edited) On 4/12/2019 at 7:59 PM, klappa said: I haven't received them for a while now except very sporadic. But next spam from them i will update this thread with SC Report URLs. Just received two sex dating spams today however i haven't checked what domains the spamlinks resolve to. It could be Amazon hosted domains but i am not sure. Anyway care to inspect? https://www.spamcop.net/sc?id=z6537755702z2a6c8c73f60568b083e173773e617c28z https://www.spamcop.net/sc?id=z6537755185z923bf33a4c5c45f7af08454928e034dbz On 4/12/2019 at 8:14 PM, Lking said: I don't see a suggestion to also send reports/forward spam to stop-spoofing[AT}amazon.com I add that address to all spam that I quickly identify as relating to Amazon or often amazon.uk Thank you! But i am pretty sure the domains are resolved to Amazon hosted domains however since Spamcop don't check redirects it's impossible to know without clicking the spamlinks. I have to manually forward the spam directly to Amazon's abuse address. Also every of these Sex spam phishing mail I've got have been sent using an Outlook account. It seems Microsoft doesn't care much. I don't how many reports I've sent them. Also since i don't trust report_spam at hotmail dot com which is being used by Spamcop I also forward the spam directly to abuse at microsoft dot com. Outlook is a spam service nowadays nothing more. Edited April 14, 2019 by klappa Quote Link to comment Share on other sites More sharing options...
petzl Posted April 14, 2019 Share Posted April 14, 2019 (edited) 3 hours ago, klappa said: I've sent them. Also since i don't trust report_spam at hotmail dot com which is being used by Spamcop I also forward the spam directly to abuse at microsoft dot com. Outlook is a spam service nowadays nothing more. Spammer is using throwaway email accounts AmazonAWS is offering free web trails this clown will stick there (probably has many) till AmazonAWS bother They want full headers copy and pasted with IP's before even bothering. And they contact these criminals show your details. Always report it as Child porn spam site. That gives Amazon an obligation and expense to remove it.pictures under 18 or made to look under 18. NO PROOF OF AGE available! Include phishing-report[AT]us-cert[DOT]gov in "to field" as well AWS can see this. Edited April 14, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
klappa Posted April 15, 2019 Author Share Posted April 15, 2019 10 hours ago, petzl said: Spammer is using throwaway email accounts AmazonAWS is offering free web trails this clown will stick there (probably has many) till AmazonAWS bother They want full headers copy and pasted with IP's before even bothering. And they contact these criminals show your details. Always report it as Child porn spam site. That gives Amazon an obligation and expense to remove it.pictures under 18 or made to look under 18. NO PROOF OF AGE available! Include phishing-report[AT]us-cert[DOT]gov in "to field" as well AWS can see this. I won't give up. Any instances i could forward these sex spams to to let them know Amazon gives leeway to child porn? Quote Link to comment Share on other sites More sharing options...
petzl Posted April 16, 2019 Share Posted April 16, 2019 On 4/15/2019 at 5:31 PM, klappa said: I won't give up. Any instances i could forward these sex spams to to let them know Amazon gives leeway to child porn? That's my attitude also this is their reply with my "preamble"https://www.spamcop.net/sc?id=z6532210969z9e3601591d7bb95c694f6f8edf765dccz Thank you for submitting your report to Amazon Web Services. We have received your report and will investigate the issue. If you wish to provide additional information to us or our customer regarding this case, please reply to this email. The details of your report are as follows: 52.10.94.116 (Administrator of network where email originates) abuse[AT]amazonaws[DOT]com Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS > ****************headers******* Quote Link to comment Share on other sites More sharing options...
klappa Posted April 23, 2019 Author Share Posted April 23, 2019 (edited) On 4/16/2019 at 12:47 PM, petzl said: That's my attitude also this is their reply with my "preamble"https://www.spamcop.net/sc?id=z6532210969z9e3601591d7bb95c694f6f8edf765dccz Thank you for submitting your report to Amazon Web Services. We have received your report and will investigate the issue. If you wish to provide additional information to us or our customer regarding this case, please reply to this email. The details of your report are as follows: 52.10.94.116 (Administrator of network where email originates) abuse[AT]amazonaws[DOT]com Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS > ****************headers******* They just give me a reply that i should report missing children cybertip dot org. Really the spam doesn't show naked children but it's obvious it is stolen pictures of women from around the net. Now the spammer (if it's the same that is) sent the same spam a dozen of times. I have now completely given up since the domains i reported weeks ago still are up. American hosts can screw themselves, looks at Amazon. They don't care about anything but the money. Edited April 23, 2019 by klappa Quote Link to comment Share on other sites More sharing options...
petzl Posted April 23, 2019 Share Posted April 23, 2019 15 minutes ago, klappa said: Really the spam doesn't show naked children but it's obvious it is stolen pictures of women from around the net https://www.spamcop.net/sc?id=z6540270015zc70d32edef3720992bb7f7c766540bebz I also sent from my Gmail account to AmozonAWS and spam stopped I don't decide if they are children or not. I just report it as such let "them" show the proof 18 is the age of consent in Australia for naked photos to be shown on web or magazines/videos, under 18 is child porn afaik. US law requires proof of age also,https://www.consumer.ftc.gov/blog/2015/07/faking-it-scammers-tricks-steal-your-heart-and-money?page=3 Quote Link to comment Share on other sites More sharing options...
klappa Posted April 24, 2019 Author Share Posted April 24, 2019 12 hours ago, petzl said: https://www.spamcop.net/sc?id=z6540270015zc70d32edef3720992bb7f7c766540bebz I also sent from my Gmail account to AmozonAWS and spam stopped I don't decide if they are children or not. I just report it as such let "them" show the proof 18 is the age of consent in Australia for naked photos to be shown on web or magazines/videos, under 18 is child porn afaik. US law requires proof of age also,https://www.consumer.ftc.gov/blog/2015/07/faking-it-scammers-tricks-steal-your-heart-and-money?page=3 Trust me i have forwarded and reported with Spamcop nothing helps. Now the sex spammer have a grudge against me. Been spamming me every ten minutes or so using different Amazon servers. I can't bring me together to report everyone of them. Quote Link to comment Share on other sites More sharing options...
petzl Posted April 24, 2019 Share Posted April 24, 2019 6 minutes ago, klappa said: Trust me i have forwarded and reported with Spamcop nothing helps. Now the sex spammer have a grudge against me. Been spamming me every ten minutes or so using different Amazon servers. I can't bring me together to report everyone of them. Well they seem to be burnt from me? They always use free accounts doubt if they give AmazonAWS contact info AmazonAWS are not the only ones to stupid to fix this Google another. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted April 24, 2019 Share Posted April 24, 2019 5 hours ago, petzl said: They always use free accounts doubt if they give AmazonAWS contact info AmazonAWS are not the only ones to stupid to fix this Google another. There are a few options you have left when the adminstrator is useless if you really want to stop the spam. Keep reporting for two or three years and the spammer will give up. Block the whole IP range. (this could be a problem as the emails from this forum appear to come from amazon, so this could block legitimate email.) Implement SPF checks on the MTA and hopes that blocks it (only works if you have the ability to control the MTA.) Use greylisting to make sure that only servers can connect and send you email (again, only works if you can change the MTA behavior.) The reason most businesses offer the free accounts is it falls under the idea of advertising. If someone cannot check out the service, then they are less likely to use it. Kind of problem as it pulls in the jerks, but also pulls in paid accounts as well...... Quote Link to comment Share on other sites More sharing options...
petzl Posted April 24, 2019 Share Posted April 24, 2019 3 hours ago, gnarlymarley said: The reason most businesses offer the free accounts is it falls under the idea of advertising. If someone cannot check out the service, then they are less likely to use it. Kind of problem as it pulls in the jerks, but also pulls in paid accounts as well...... If the free account would just get a validated credit card number it would confirm identity. Dealing with spammer accounts can't be "free" Quote Link to comment Share on other sites More sharing options...
lisati Posted April 24, 2019 Share Posted April 24, 2019 1 hour ago, petzl said: If the free account would just get a validated credit card number it would confirm identity. Dealing with spammer accounts can't be "free" It better not be one of those cards that I sometimes get offered by spammers and scammers! Quote Link to comment Share on other sites More sharing options...
petzl Posted April 24, 2019 Share Posted April 24, 2019 (edited) 37 minutes ago, lisati said: It better not be one of those cards that I sometimes get offered by spammers and scammers! As long as a payment say US$2 is made should validate it and customer. This should be a mandate with Gmail Hotmail Yahoo also. Years ago I opened a account with Godaddy which was good, What I couldn't take was the harassment they try to get you to buy more and more, dumped them but the harassment continued for years. Another good product was readers digest products bought Australian road guide, the harrasment adterwards was terrible, mailbox jammed with their junk adverts. Edited April 24, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
RobiBue Posted April 25, 2019 Share Posted April 25, 2019 8 hours ago, gnarlymarley said: There are a few options you have left when the adminstrator is useless if you really want to stop the spam. Keep reporting for two or three years and the spammer will give up. Block the whole IP range. (this could be a problem as the emails from this forum appear to come from amazon, so this could block legitimate email.) Implement SPF checks on the MTA and hopes that blocks it (only works if you have the ability to control the MTA.) Use greylisting to make sure that only servers can connect and send you email (again, only works if you can change the MTA behavior.) The reason most businesses offer the free accounts is it falls under the idea of advertising. If someone cannot check out the service, then they are less likely to use it. Kind of problem as it pulls in the jerks, but also pulls in paid accounts as well...... I like Idea #2!, especially if everybody is on-board. a) it would convince amazon to clean up their act with spammers and hosting them, b) especially if they start losing legitimate clientele Quote Link to comment Share on other sites More sharing options...
HeatherReid43 Posted April 26, 2019 Share Posted April 26, 2019 In response to SPAMCOP report i got an email from <nobody@bounces.amazon.com> Quote Hello, We are sorry to hear that you received unwanted email through Amazon SES. Please note, this reporting address is only for mail sent via Amazon SES (emails originated from 54.240.0.0/18). If you have a complaint about other AWS abuse (e.g. EC2), please submit your complaint here: https://aws.amazon.com/forms/report-abuse If you did not provide the following information, please contact email-abuse@amazon.com again with: 1. The full headers of the objectionable email message. For examples of how to find email headers, see https://support.google.com/mail/answer/22454?hl=en . 2. The type of abuse you are experiencing. For example, you didn't sign up to receive emails from the sender, the sender doesn’t have an opt-out option, etc. Thank you for the report! Sincerely, The Amazon SES Team what do you make of this ? is this a generic reply they send to all reports ? Quote Link to comment Share on other sites More sharing options...
MIG Posted April 26, 2019 Share Posted April 26, 2019 (edited) 2 hours ago, HeatherReid43 said: Is this a generic reply they send to all reports ? Hello HeatherReid43, Yes, it's a generic response, just checked back thru some very old Amazon responses. Not sure about "all", if I remember correctly, I got a swathe of them before I began to (as well as processing via SC), forward every email to ec2DASHabuseATamazonDOTcom (if you're not doing this already?) From: Amazon.com <nobody@bounces.amazon.com> Sent: Thursday, 10 January 2019 05:39 Subject: Re: Fw: Your new profile is confirmed and already has video messages. Hello, We are sorry to hear that you received unwanted email through Amazon SES. Please note, this reporting address is only for mail sent via Amazon SES (emails originated from 54.240.0.0/18). If you have a complaint about other AWS abuse (e.g. EC2), please submit your complaint here: https://aws.amazon.com/forms/report-abuse Cheers! Edited April 26, 2019 by MIG Quote Link to comment Share on other sites More sharing options...
HeatherReid43 Posted April 26, 2019 Share Posted April 26, 2019 in addition to the above email i am email address that i am reporting to are generally as follows . email-abuse at amazon.com . ipmanagement at amazon.com if the content is hosted on AWS then . abuse at amazonaws.com, Quote Link to comment Share on other sites More sharing options...
MIG Posted April 26, 2019 Share Posted April 26, 2019 1 hour ago, HeatherReid43 said: in addition to the above email i am email address that i am reporting to are generally as follows email-abuse at amazon.com ipmanagement at amazon.com if the content is hosted on AWS then abuse at amazonaws.com Hey HeatherReid43, I think you've covered all bases. There's also an online but (imo) it's painful, much easier to forward the email to those address & any reporting authorities you choose... Cheers! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.