Handling Blowback Denials

[justauser]

Hi all.

Say that a spammer sends spam email using my email address as the return-path to [deaduser][at]supereva.it, MAILER-DAEMON[at]supereva.it bounces to me, I report the misdirected bounce using SpamCop, and abuse[at]supereva.it replies as follows:

Hello SpamCop user,

this mail in not spam, but a bouce on forged sender.

Please Remove you warning.

Regards,

Abuse Staff

DADA SPA

-----Messaggio Originale-----

Da: "me" <[Report ID][at]reports.spamcop.net>

A: abuse[at]dada.it

Data invio: [Date]

Oggetto: Fw: [[Report Subject]

[copy of SpamCop Report]

Say that this process is repeated half a dozen times over the course of two months. At what point does it become abusive enough that I can take further action? Are these ignorant and abusive replies by abuse[at]supereva.it themselves reportable?

Thanks.

[Jeff G.]

Seeing as you don't solicit such denials of responsibility, that same abuse desk has sent that exact same denial to others (despite being instructed as to why they are getting Reported), that denial is not addressed to you personally, and email to postmaster[at]supereva.it has bounced (see http://www.rfc-ignorant.org/tools/lookup.p...in=supereva.it), I'd say you have a good case.

[agsteele]

I'd say you have a good case.

35131[/snapback]

I'd agree with Jeff G. that there is a good case but also ask whether reporting this abuse desk will actually achieve anything useful?

Personally I treat ignorance and incompetence differently to UCE. So I'd delete these messages and ignore them. But that's a personal position - others will treat them as spam and report.

Andrew

[justauser]

I'd agree with Jeff G that there is a good case but also ask whether reporting this abuse desk will actually achieve anything useful?

Personally I treat ignorance and incompetence differently to UCE.  So I'd delete these messages and ignore them.  But that's a personal position - others will treat them as spam and report.

35185[/snapback]

Thanks. I've already sent a Manual Report upstream.

[Miss Betsy]

I've already sent a Manual Report upstream.

I agree. I think manual reports are more effective in certain situations than getting an address blocked by submitting spam reports. The object is to stop certain behavior. It wouldn't stop the behavior if no one received the stupid replies and complained. And the stupid replies are not 'spam' in some definitions so that it dilutes the good that blocklists do by giving an argument to opponents that 'innocents' are harmed by blocklists.

When there were still large ISPs sending email rejection notices, the scbl did not block backscatter. They were convinced by manually submitted arguments.

Miss Betsy

[SpamCopAdmin]

Are these ignorant and abusive replies by abuse[at]supereva.it themselves reportable?

No, they're not.

Responses to SpamCop complaints are solicited by definition. You sent the complaint and they get to reply.

Take the opportunity to advance our agenda of stopping misdirected bounces by replying to them with an explanation of how the bounces hurt/annoy you and give them this link:

http://www.spamcop.net/fom-serve/cache/329.html

- Don D'Minion - SpamCop Admin -

[justauser]

Take the opportunity to advance our agenda of stopping misdirected bounces by replying to them with an explanation of how the bounces hurt/annoy you and give them this link:

http://www.spamcop.net/fom-serve/cache/329.html

35209[/snapback]

Already done, thanks. They just don't get it.

[Miss Betsy]

Be patient. And keep sending the info when you have time. You just never know when the dam will break.

Miss Betsy

[terribleted]

I have actually taken this type of mail bomb abuse by spammers to extremes. At times we get flooded with spam and in the past our site had open posting for our guestbook that ultimately created havoc on the net for our users.

I call the Embassy of the country for whom I can identify either the source or a company that would benefit from either the re-direct url or advertising.

I then fax about a dozen examples to the Ambassador, call to follow up and then send to my Senator with demand to contact the FTC and their diplomatic contacts.

Until I started using Spamcop, I generally report Asian spam manually to the various IP contacts that Spamcop identifies in it's own reports.

When I can identify that the source is US based, I call the County Sherrif or the law enforcement in the area and fax or email them the spam. I have had one good result with a 419 spam outlet in Michigan.

My reports to the Korea Times and Herald and the President of Korea four years ago, helped to speed KISA into doing something.

All this is a royal pain!

This is my procedure:

Re-configure mail server (Merak Pro)

1) Turn off rbl's, set minimal trapping in global rules for country code.

2) Create trap and forward to KISA for all Korean character sets (the bulk of our spam)

3) Use either MailWasher for Spamcop forward or

4) Create manual report for ISP, FTC, etc (see above)

Results:

When the rbl's and sbl are off (spamhaus, spamcop, ordb) I can get around 1000 per day, total to all accounts.

Note: when rbl's are on, only a few 419 scams get through

[agsteele]

I have actually taken this type of mail bomb abuse by spammers to extremes.

[snip]

I have had one good result with a 419 spam outlet in Michigan.

35253[/snapback]

Seems you added a reply to the wrong thread (we're not alking about 419 type messages) but it certainly seems far more time consuming than most end users would want

Andrew

[Miss Betsy]

Going with the drift...

I wonder how 419 spam gets through so many filters. Do they really work at avoidance? Or is because they are too close to real email for the filters to catch them?

Miss Betsy

[Jeff G.]

One would think that "MILLION" in ALL CAPS would be a clue for SpamAssassin.