Jump to content
jakeqz

Reply-To abuse

Recommended Posts

I get a lot of spam emails trying to sell SEO services.  (They often purport to come from email addresses at domains that are registered but not on DNS, so there is no IP address for the domain.  That’s probably irrelevant, though.)

Mostly, though, they have a `Reply-To` header with a Gmail address.  And the purpose of the emails is to solicit replies from interested parties.

But when I report these emails as spam, SpamCop does not send a report to Google.

I think it should offer the option to report to the provider of any email address listed in `Reply-To`.  If Google received enough spam reports for a specific email address, they would close down the associated accounts, and this kind of spam could be significantly reduced.

WDYT?

Share this post


Link to post
Share on other sites
16 hours ago, jakeqz said:

I think it should offer the option to report to the provider of any email address listed in `Reply-To`.  If Google received enough spam reports for a specific email address, they would close down the associated accounts, and this kind of spam could be significantly reduced.

 

WDYT?

Personally, I think any kind of spam should be easily reported to a central 'spam' clearing house. But that costs money and most giants are so micro-managed that a 25 cent cost raises flags - and the responsibility of spam-prevention is what they dump onto webmail clients -  a cost-saving to the Giants and 'free tools' for customers to embark on dealing with spam themselves. In times past we'd call that tossed to the wolves. Giants call it additional free service.

Gmail, IMHO is the hot-bed for spammers. As are most 1free webmail-wannabe real E-mail web sites.

It seems there is to much for the giants to even care about when they can just pass the buck, and the spam, to it's customers victims.

As a 'host' to 68 sites, each with a different number of email accounts, I try very hard to keep them free from spam. Yes, they have a variety of tools with which they can use to reduce spam, but no one wants to take the time to dig out the offenders addresses, take the steps to add the offender to a list, to delete the spam when it comes from that source.

Too, I am amazed at the number of clients that sport a good domain and use name@gmail.com of boss@mywebsite.com.
I often ask "Why don't to you use your own domain address and promote that instead of promoting google?" I'm met with that 'deer in the headlights stare'.

I believe that Google has already assimilated most of the roughly 10,617,060 tons of grey matter walking about so the slow demise of real email via a email client is dying or forced out by telcoms who pimp people's privacy out by profiling users via Webmail.

You asked for it - You did say "WDYT?" :) 

~o~

1 Free webail in exchange for it being scanned, analyzed, and added to your Google profile. The 'web' shows us that our 'right to privacy' is non-existent and that our privacy is open-season to those that harvest our information, and it's only seen as a value to them, not us. spam is so far down the list of telcoms interests that not even Google could find it, or want to.

 

Share this post


Link to post
Share on other sites
Quote

You asked for it - You did say "WDYT?" :) 

Thanks.  I am pretty much in agreement.  I'll try and respond more fully when I have time...

Share this post


Link to post
Share on other sites
18 hours ago, jakeqz said:

Thanks.  I am pretty much in agreement.  I'll try and respond more fully when I have time...

No need unless you want to. You did ask WDYT and my reply is what I think

Internet Stalking (stalking being the kindest word)  is a deep rabbit hole and at the bottom of most holes is usually a load of poop. And it ain't the bunny's!

Share this post


Link to post
Share on other sites
On 9/26/2020 at 7:26 PM, jakeqz said:

Mostly, though, they have a `Reply-To` header with a Gmail address.

Spammers started using Reply-To a few decades ago because they could mask the from as an invalid and prevent bounces.

On 9/26/2020 at 7:26 PM, jakeqz said:

But when I report these emails as spam, SpamCop does not send a report to Google.

Yep, and SpamCop does not send a report for the "from:" address either.  Only the source IP, any relay IPs, and the URLs are reported.

On 9/26/2020 at 7:26 PM, jakeqz said:

I think it should offer the option to report to the provider of any email address listed in `Reply-To`.

This is an interesting idea, but the from and reply-to could be spoofed to catch innocent people.  I think I almost vote to have a feature like this added, if it were not for the possible spoofing.

Share this post


Link to post
Share on other sites
On 9/29/2020 at 9:14 PM, gnarlymarley said:

This is an interesting idea, but the from and reply-to could be spoofed to catch innocent people.  I think I almost vote to have a feature like this added, if it were not for the possible spoofing.

Perhaps if there are no links (or anything that looks like a URL) in the message body, this option could be provided.  The default could also be unchecked, with some brief explanatory note, along the lines of "if this spam email is trying to solicit direct replies, rather than clicking on links, you can report it to the provider of the account that would receive such replies".

On 9/27/2020 at 8:03 PM, Outernaut said:

It seems there is to much for the giants to even care about when they can just pass the buck, and the spam, to it's customers victims. 

I'm not so sure.  About 96 hours ago I manually I sent a buch of these such emails as specimens to network-abuse@google.com.  I was getting about 2-3 a day.  I now haven't received any in almost the last 48 hours.  Fingers crossed.

On 9/27/2020 at 8:03 PM, Outernaut said:

Too, I am amazed at the number of clients that sport a good domain and use name@gmail.com of boss@mywebsite.com.  I often ask "Why don't to you use your own domain address and promote that instead of promoting google?" I'm met with that 'deer in the headlights stare'.

I know.  Often they had the Gmail address before the website, and to have two email addresses seems a complexity beyond them.  "But I can set up forwarding for you."  "Too complicated."  "An email account @yourwebsite will look more professional."  "I'm doing fine.  I just wanted a website, that's all."

Share this post


Link to post
Share on other sites
On 9/30/2020 at 3:39 PM, jakeqz said:
On 9/27/2020 at 12:03 PM, Outernaut said:

Too, I am amazed at the number of clients that sport a good domain and use name@gmail.com of boss@mywebsite.com.  I often ask "Why don't to you use your own domain address and promote that instead of promoting google?" I'm met with that 'deer in the headlights stare'.

I know.  Often they had the Gmail address before the website, and to have two email addresses seems a complexity beyond them.  "But I can set up forwarding for you."  "Too complicated."  "An email account @yourwebsite will look more professional."  "I'm doing fine.  I just wanted a website, that's all."

Yeppers.  I try not to use the term "email" when referring to Gmail, because if Gmail were Email, they'd call it 'Email', not Gmail.  Telus, a large telecom in Canada, recently sent all customers Email accounts to Gmail, but they still use their regular ****@telus.net  It's just the Google can now scan and profile Telus customer Gmails and pimp their data to peeps and perves. Europe forbade Google and fined them for spying on Gmail users, but no such law in N.A.   Mozilla sold out clients privacy to Google as well. 

I've always believed that if one can't get government or corporations to do the honest and right thing, they must embarrass them into it. Case example; it took one person to light the fire and two years hard work, but embarrassed Google and Microsoft into doing the right thing, a battle started by a person that wrote to techCrunch, which the BBC picked up and the New York Times also did a story but in much more detail .
Both Google and Microsoft took umbrage, but did the right things and made significant changes to their search algorithms. By the way, apparently, the issue had been reported to several child protection agencies - which did  nothing.

There must be a similar way to get Google to stop mining people's privacy.

~o~

Share this post


Link to post
Share on other sites
On 9/30/2020 at 4:39 PM, jakeqz said:

I know.  Often they had the Gmail address before the website, and to have two email addresses seems a complexity beyond them.  "But I can set up forwarding for you."  "Too complicated."  "An email account @yourwebsite will look more professional."  "I'm doing fine.  I just wanted a website, that's all."

That is why I either use the imap downloading offered in email client downloads, or if I have my own server, I use fetchmail.  This way, I do not abandon the old account and replies can come from the new account.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×