Jump to content

abuse@cloudflare.com ignoring spam reports


ewv

Recommended Posts

What is a practical reporting address for cloudflare.com?  My reports to abuse@cloudflare.com, the standard spamcop address, are ignored.

In particular the infamous "Eric Jones" talkwithlead.com web formmail spammer has been hosted by cloudflare for years despite systematic reports several times a month.  The spam routinely breaks through captcha deterrents and is recently connecting with a blank IP address to prevent reporting to the hosts it has always cycled through to avoid blocking.

This spam is also found on web forums internationally.  It has rotated among several different spamvertized domain names,  including talkwithwebvisitor.com, talkwithwebvisitorS.com, talkwithwebcustomer, talkwithcustomer.com, and talkwithwebtraffic.com.  It is a big spam operation which I once traced to the Trade World Corporation in Canada, with an 'F' Better Business Bureau rating and numerous complaints of credit card fraud.

Why would an organization like Cloudflare continue to ignore spam reports about hosting an operation like this?

Link to comment
Share on other sites

3 hours ago, ewv said:

What is a practical reporting address for cloudflare.com?  My reports to abuse@cloudflare.com, the standard spamcop address, are ignored.

That is a good question.  I did find an abuse form at https: //www.cloudflare.com/abuse/form, but I also searched and found some articles saying that the abuse email doesn't work for some time.  It maybe that they have abandoned the abuse email.

Link to comment
Share on other sites

  • 9 months later...

There are a lot of articles denouncing cloudflare for this.  Cloudflare deliberately ignores abuse reports, with the sophistry that it is a "content delivery network" (CDN) that does not "host" the spam.  Cloudflare's CDN is a "reverse proxy" that hides hosts, including spamvertized hosts and other malware, behind its own IP addresses in the name of security.  It publicly identifies itself as the host then denies that it is the host to avoid accountability.  Spamcop should be blacklisting Cloudflare IP addresses that are claimed to both host and not host spam.

Cloudflare also has a record of passing complaints directly to the source, exposing personal information that has resulted in harassment and threats.  And so we have a "security" company that fronts for and protects spammers and worse.

Clourflare bought Captcha, which has become progressively more of a nuisance and an obstacle to legitimate connections.  It claims this is "security" protecting websites, while protecting the very same spammers who know how to get past Captcha to attack web formmail and forums.  Cloudflare's security business model, a.k.a. racket, is to play both sides at the same time.

The CEO is some kind of ideological anarchist who repeatedly insists publicly that he is protecting and passing through spam and more as "free speech" -- threats, harassment, and invasion of private property (your computer) are now "free speech".   That sophistry defending spammers was rejected a long time ago for good reason, but Cloudflare gets away with it because it is big and has contracts with other large companies.  It has become "too big to fail" as the excuse for not reining it in.

 

Link to comment
Share on other sites

On 3/16/2021 at 5:23 AM, gnarlymarley said:

That is a good question.  I did find an abuse form at https: //www.cloudflare.com/abuse/form, but I also searched and found some articles saying that the abuse email doesn't work for some time.  It maybe that they have abandoned the abuse email.

found those above accepting abuse reports don't ignore registrar reports, were getting some spammer using Twitter (twitterdoesntcareaboutspamreports[AT]devnull.spamcop.net) as a URL relay, did respond/act to including abuse reports to their registrar!

Edited by petzl
Link to comment
Share on other sites

Another one is 109.237.96.59. In fact when I send a report it responds by sending a massive amount of spam to me. So much so that I'm canceling that email. I went silent for awhile and it's spam died down. Then I reported one spam and In 10 minutes got 23 spams sent to me. As far as I can see this service isns't working very well. I need to cancel an email and start with a new one.

JOhn

Link to comment
Share on other sites

51 minutes ago, john6528 said:

Another one is 109.237.96.59. In fact when I send a report it responds by sending a massive amount of spam to me. So much so that I'm canceling that email. I went silent for awhile and it's spam died down. Then I reported one spam and In 10 minutes got 23 spams sent to me. As far as I can see this service isns't working very well. I need to cancel an email and start with a new one.

JOhn

Send a spam report tracking URL
Cloudfare are not where to send abuse reports for 109.237.96.59?
SpamCop sends correctly to abuse[AT]hostglobal[DOT]plus
Go here for government reporting authorities
https://www.first.org/members/teams/

Edited by petzl
Link to comment
Share on other sites

On 1/14/2022 at 7:59 PM, john6528 said:

In fact when I send a report it responds by sending a massive amount of spam to me. So much so that I'm canceling that email. I went silent for awhile and it's spam died down. Then I reported one spam and In 10 minutes got 23 spams sent to me.

When they would do that to me I would report all 23.  They soon realized the only way to stop the reports was to stop spamming me.  At times I have temporarily abandoned some accounts, but I still have most of my accounts so I can report the one spam each account gets every week.

Link to comment
Share on other sites

I find that when I get spam that goes to cloudlfare it's ALWAYS connected to namecheap. So I end up reporting to abuse@namecheap.com which spamcop doesn't. I do it myself and namecheap doesn't play games. They've deleted every domain. I have no idea why the two are connected on my end, but it's fun to get the emails from namecheap saying "We see the domain is blacklisted and we have taken action against the domain owner." It's gotten to the point I don't even do the whois. I just automatically send it to namecheap. It's as though they are linked or set in stone in the spammer handbook. So if you are sick of clouflare ignoring the reports like I was, don't give up reporting them on spamcop. That adds the domain to the blacklist, reporting it to namecheap too, they see that spamcop blacklisted it and close the domain. I wish spamcop would report to namecheap too but whatever. I kind of think they don't do it because of the replies they would be bombed with from namecheap. 
 

Link to comment
Share on other sites

  • 4 months later...
On 1/23/2022 at 11:17 AM, AmyLynn said:

…I kind of think they don't do it because of the replies they would be bombed with from namecheap. 
 

Exactly. Especially the replies that are as frustrating as hell. The replies that there is nothing they can do as it is not blacklisted by any reliable blacklist so contacts the host instead.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...