This group of spammers won't stop

[StevieT123]

Hi All,

I've sent out about a 1,000 reports and they seem to be ignored 100%

spam report id 5841940682 sent to: spamcop[at]mailservices.yahoo.com

spam report id 5841940683 sent to: abuse[at]gblx.net

spam report id 5841940684 sent to: abuse[at]ovh.net

spam report id 5841940685 sent to: abuse[at]vsnl.co.in

Yahoo has about a 1,000 other ignored spam reports does it really react?

Can anyone give me more info on these spammers, Spamcop can't seem to stop them, what else can I do?

Thanks for any help or information anyone has!

Steve

[turetzsr]

Hi, Steve,

...Yes you've learned the dirty little secret about SpamCop reporting -- it does not stop spam! The most it can do for you, personally, in terms of directly keeping spam out of your inbox is if your e-mail service provider uses the SpamCop blacklist to stop delivery or send it to a different folder than your inbox and, then, only if enough other people also report spam coming from the very same IP address. Yahoo has many outgoing e-mail servers and only a few of their servers are listed. There's not much else you can do, other than to use your e-mail setting to ignore mails from Yahoo servers (if your e-mail provider has a way to do that) and that risks ignoring e-mails from the many genuine Yahoo e-mail users.

[MainID]

I've sent out about a 1,000 reports and they seem to be ignored 100%

Can anyone give me more info on these spammers, Spamcop can't seem to stop them, what else can I do?

From what I understand, SpamCop sends reports to the email senders IP host, or where the email IP is from, not to the senders email address host. As the sending email addresses are usually fake. Reports are also sent to a URL host when a site is spamvertized in the email.

So SpamCop is doing its job of reporting the sending IP. Sometimes I receive replies from the IP host saying they have taken care of the abuse.

But the Spammers are creating disposable email accounts to send those spams knowing that address/account will be reported and closed.

To combat the Spammers, the "reply to" or body email address needs to be reported. This with SpamCop makes the Spammers work harder.

I use a scripted HTML file (need to copy/paste the header/body) to prepare complaints to the "reply to" email hosts and have around 10-15 of the major email provider spammed accounts closed daily. I stopped reporting Yahoo spam as Yahoo likes to delete the Yahoo accounts used to report the abuse of Yahoo services (they closed my 10 year old account after I reported spam to them).

The file can be found here <spamtrackers.eu/downloads/index.php>. You will need to register to download it or you can PM me (e: mainid hotmail) and I can send a copy of the current HTML scri_pt I use (it does make it easier to report those email accounts).

[turetzsr]

<snip>

To combat the Spammers, the "reply to" or body email address needs to be reported.

<snip>

...In some cases, such as "419 scams," doing what you suggest makes sense because without replies the scam is of no use -- the scammer relies on actual communication with the victims. However, you should be aware that in many cases the reply-to address is either not a real address or is a real address of some innocent person for whom the spammer is trying to cause problems. Therefore, I would recommend that your approach be used only when one has confidence that the reply-to address actually exists and that it is being used by the spammer/ scammer.

[MainID]

Thanks,

Yes one needs to figure which address to report.

From: usually fake/forged/victim.

Reply to: good only if the spam does not contain an address in the "body/attachment".

Body/attachment: overrides all other addresses as this one would be the main reply/scam address which needs closing to stop the scam (keeps the running).

[turetzsr]

<snip>

From: usually fake/forged/victim.

...Agreed!

Reply to: good only if the spam does not contain an address in the "body/attachment".

Body/attachment: overrides all other addresses as this one would be the main reply/scam address which needs closing to stop the scam (keeps the running).

...Although I do not claim any expertise, my practice is to report both. Reason: spammer would expect some people to click the "Reply" button, so I would expect that the Reply-to address is likely to be one that the scammer is using. If there is no Reply-to address but there is a "Return-path" address I will report that one because that is the one that will go to the "To" line if I click the "Reply" button.

[lisati]

I stopped reporting Yahoo spam as Yahoo likes to delete the Yahoo accounts used to report the abuse of Yahoo services (they closed my 10 year old account after I reported spam to them).

I have pretty much given up on trying to report spam arriving via (or allegedly from) Yahoo: most of the time I'd get fobbed off with a generic autoresponse that was usually irrelvant.

These days my email server has what amounts to a blanket ban on mail arriving via Yahoo's servers. If not whitelisted the mail is rejected (not bounced) with a link to an explanatory web page which includes instructions for requesting whitelisting.

One of the advantages of rejecting instead of bouncing is Yahoo gets one less chance to pass the buck for figuring out what to do with the junk that violates their TOS that they've accepted for delivery.

[kluless]

I'm having a similar problem with Google - I get loads of spam from Iran which is sent using googlegroups, I report them all but it seems Google is doing nothing about it. If anything it seems to be getting worse...

[Xylella]

...In some cases, such as "419 scams," doing what you suggest makes sense because without replies the scam is of no use -- the scammer relies on actual communication with the victims. However, you should be aware that in many cases the reply-to address is either not a real address or is a real address of some innocent person for whom the spammer is trying to cause problems. Therefore, I would recommend that your approach be used only when one has confidence that the reply-to address actually exists and that it is being used by the spammer/ scammer.

I have been looking into 419 scammers and find that they are very used to having their e-mail accounts closed within a few hours or days. Basically they always reply from another e-mail address and never the one used in the original solicitation. Also they often hide e-mail and web addresses in Word or .pdf attachments. Forwarding these to Gmail seems to be hopeless and as pointed out risks ones own account being suspended

[turetzsr]

I have been looking into 419 scammers and find that they are very used to having their e-mail accounts closed within a few hours or days.

...No doubt closed because of those of us that report them! <g>

<snip>Forwarding these to Gmail seems to be hopeless

...Do you mean reporting them? I would think that it is our reports that are causing Google to shut them down -- otherwise, how would Google know that they are system abusers?

and as pointed out risks ones own account being suspended

...If one reports from an account other than one's GMail account, I don't see how that is possible -- how would Google know that myaccount[at]yahoo.com is used by the same person that uses myaccount[at]gmail.com?

[MainID]

Yes the scammers expect to have their accounts closed. With quick reporting it limits anyone from responding to them, Then if they did, they then need to explain why the change of address.

For me Yahoo sucks when it comes to them keeping their system clean. They keep closing the "real" accounts I create to report these scams. Google, never here from them, but I usually don't see the same reported address twice. Hotmail (Live, MSN and their other massive names) GMX and the other popular hosts respond to closures within hours of reporting them.

So it does help (keeps the scammers running), just takes time. And yes, I open those attachments and report those accounts...

[Farelf]

...And yes, I open those attachments and report those accounts...

No doubt you know what you are doing but some other readers here "seeking enlightenment" might be mislead.

First - just be careful opening any attachment. It is an old, old trick to disguise executables as "harmless" .txt, .jpg etc. attachments. Always look at the source of the e-mail before opening anything. Otherwise, one day ... Note: the Base64 code of an attachment can be copied from the source and pasted into an online Base64 decoding service with safety.

Next - do not alter the spam to be parsed and reported to "help" the parser find any link or address it cannot find by itself. The abuse address of any of those "extras" can of course be added as a copy report to a "User Notification" recipient (in the cases of paying reporters/those with reporting credit), with provision for the appropriate notes to be added to the report sent to that particular abuse-handler. Even free reporters can add extra addresses ("Public standard report recipients") to their reporting profiles but note these are generic/public - they will be sent to the same address(es) for all spam reported while ever the profile contains that/those addresses.

Much of this (the second point) is covered (and one such Base64 decoding service mentioned) in the official SC FAQ:

- SpamCop FAQ : (Category) SpamCop Parsing and Reporting Service : (Category) Rules - everybody read! Material changes to spam.

Also, further information is to be found in the Wiki and FAQ in this forum. A Base64 decoding service I have used for years (others may come and go) is ToastedSpam.

And, at the end of the day, yes, IMO it is well worth walking the extra mile to limit the harm done by those 419 criminals on a case-by-case basis, if you are in a position to do so.

[MainID]

No doubt you know what you are doing but some other readers here "seeking enlightenment" might be mislead.

For new reporters, or those who are not quite sure of what to do but wants to help "take a bite of of spam" should use the easiest and safest method to report spam, Use SpamCop... Its quick, easy. and safe

just be careful opening any attachment. It is an old, old trick to disguise executables as "harmless" .txt, .jpg etc. attachments.

Yes, if a user does not have their computer setup to open or view "any" unknown attachment/message or the experience to do so should leave them alone, No You did not win anything, no one freely has millions for you, and your bank or credit card company "WILL NEVER" contact you through email asking for "any" information or verification of information that "they already have" and never click on URL's no matter what they "look" like.

do not alter the spam to be parsed and reported to "help" the parser find any link or address it cannot find by itself.

To correct, I report the Scam email addresses (in the reply-to, email body or attachments) to their Email Providers/host using a prepared scripted and accepted email format which provides a complaint and full headers and body w/attachment. Reports to SpamCop are reported as received (forward as attachment).

And, at the end of the day, yes, IMO it is well worth walking the extra mile to limit the harm done by those 419 criminals on a case-by-case basis, if you are in a position to do so.

It is time consuming but it may help keep someone from being scammed. Usually "greed" will always win and that's what the Scammers hope for. But this should only be done by users who have researched, learned and are prepared to do advanced reporting (opening attachments, following URL's).

[turetzsr]

<snip>

Even free reporters can add extra addresses ("Public standard report recipients") to their reporting profiles but note these are generic/public - they will be sent to the same address(es) for all spam reported while ever the profile contains that/those addresses.

<snip>

...Well, not exactly -- the "Public standard report recipients" are offered as recipients of complaints on each parse (except for spam received more than 48 hours before being parsed) and the reporter may select them or not.

[Farelf]

...Well, not exactly -- the "Public standard report recipients" are offered as recipients of complaints on each parse (except for spam received more than 48 hours before being parsed) and the reporter may select them or not.

Ah, thanks Steve. It may be guessed I've never actually used that facility. It is rather more flexible than I had indicated.