[Resolved] Other email addresses

[moreofless]

What happened to the other email addresses option?

[turetzsr]

Hi, moreofless,

...Sorry, I'm not aware of an "other email" option in SpamCop Reporting. Can you explain more about what you are seeking?

[moreofless]

Hi, moreofless,

...Sorry, I'm not aware of an "other email" option in SpamCop Reporting. Can you explain more about what you are seeking?

After forwarding spam to Spamcop and clicking on the link in the return email, there was a box where the user could enter an email address and comments to go with it. One use for this was when the spam was phishing where the email comes from one email address, the reply-to email address is a different address, and a third reply email address is listed in the body of the actual PHISHING message. Spamcop does not seem to pick up the last two of these but their was always a box where the person reporting the phishing could enter an abuse address.

It seems like the reply-to address is important because if anyone falls for the phishing scam, it is that address which would receive the information from that person.

[turetzsr]

...Ah, I getcha, now! <g>

...AIUI, there are two flavors of this:

• For users without "fuel"
  • Log in to <a href=\"http://www.spamcop.net/\" target=\"_blank\">http://www.spamcop.net/</a>.
    
  • Click the "Preferences" tab.
    
  • Click the link labeled "Report Handling Options."
    
  • Fill in the desired "other e-mail addresses" into the field labeled "Public standard report recipients" with each address separated by a comma followed by a space. Note: 100 character limit!
    
  • Click the button labeled "Save Preferences."
    

  [*]Users with fuel (I am not such a user, so I do not know how this works).

...If I remember and understood correctly, what you are describing sounds like the latter. Do you/ did you have fuel? If so, do you still have fuel? If not, you'll have to use the first option, which is more difficult because of the 100 character limit and because the abuse addresses you'll want to use will change. What I do is to send manual larts to the abuse addresses of the Reply-to address (or, if there isn't one, of the address to which a "Reply" action would send) and, if there is one, to the address in the spam body.

...It is also possible that there is some analog to this for e-mail users but, again, I am not such a user so I do not know anything about that.

[moreofless]

...Ah, I getcha, now! <g>

...AIUI, there are two flavors of this:

• For users without "fuel"
  • Log in to <a href=\"http://www.spamcop.net/\" target=\"_blank\">http://www.spamcop.net/</a>.
    
  • Click the "Preferences" tab.
    
  • Click the link labeled "Report Handling Options."
    
  • Fill in the desired "other e-mail addresses" into the field labeled "Public standard report recipients" with each address separated by a comma followed by a space. Note: 100 character limit!
    
  • Click the button labeled "Save Preferences."
    

  [*]Users with fuel (I am not such a user, so I do not know how this works).

...If I remember and understood correctly, what you are describing sounds like the latter. Do you/ did you have fuel? If so, do you still have fuel? If not, you'll have to use the first option, which is more difficult because of the 100 character limit and because the abuse addresses you'll want to use will change. What I do is to send manual larts to the abuse addresses of the Reply-to address (or, if there isn't one, of the address to which a "Reply" action would send) and, if there is one, to the address in the spam body.

...It is also possible that there is some analog to this for e-mail users but, again, I am not such a user so I do not know anything about that.

If I understand you correctly, this happened when I ran our of "fuel"?

Most of the emails I would call "phishing" seem to have this three different email addresses as a pattern, it would seem this reply-to address would be something Spamcop would handle. That is the address where anyone who was scammed would send their information.

[turetzsr]

If I understand you correctly, this happened when I ran our of "fuel"?

<snip>

...If you did, indeed, run out of fuel then, yes, that would be my guess. But only a guess because I, myself, have never purchased "fuel" and therefore have no personal experience with it.

[SpamCopAdmin]

The "User Notification" text box is only available to paid "Reporting Only "users, and to Email Service users.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[turetzsr]

...Thanks, Don, I guess that (along with the OP's implicit revelation that she/he ran out of fuel) authoritatively answers the question. On the basis of this information, I have marked this Topic as "Resolved."

[Farelf]

To comment, I confess I had never thought of using the 'User-defined address(es)' to send a copy of the SC report the abuse-handlers for phishing/Nigerian scam 'drop-boxes' but I guess I haven't had that many phishes or Nigerians since I've had fuel. But all the more reason to keep fuel topped up I suppose.

But back in the days when I got these things and would sometimes send separate reports to those people I (and others) would have a Devil of a job explaining to them what the issue was. If the drop-box hadn't been the (real) sending address they just weren't interested. I suppose adding a note to their reports like "Your service is used to collect information in the commission of criminal fraud/privacy violation. Please take appropriate action on the basis of this evidence," or similar would be the way to go?

Note that unless your reporting account DOESN'T block robot responses ([Preferences] tab, "Report Handling Options" link, "Report reply handling" item, "Forward replies from people and robots" selection - which is NOT the default) then you would never know if maybe they're STILL trying to weasel out of effective action. Hotmail, Gmail, Yahoo, etc., they were all tarred with the same brush, smaller services might be a different matter but aren't usually used to the same extent by the scammers, I think.

[moreofless]

To comment, I confess I had never thought of using the 'User-defined address(es)' to send a copy of the SC report the abuse-handlers for phishing/Nigerian scam 'drop-boxes' but I guess I haven't had that many phishes or Nigerians since I've had fuel. But all the more reason to keep fuel topped up I suppose.

But back in the days when I got these things and would sometimes send separate reports to those people I (and others) would have a Devil of a job explaining to them what the issue was. If the drop-box hadn't been the (real) sending address they just weren't interested. I suppose adding a note to their reports like "Your service is used to collect information in the commission of criminal fraud/privacy violation. Please take appropriate action on the basis of this evidence," or similar would be the way to go?

Note that unless your reporting account DOESN'T block robot responses ([Preferences] tab, "Report Handling Options" link, "Report reply handling" item, "Forward replies from people and robots" selection - which is NOT the default) then you would never know if maybe they're STILL trying to weasel out of effective action. Hotmail, Gmail, Yahoo, etc., they were all tarred with the same brush, smaller services might be a different matter but aren't usually used to the same extent by the scammers, I think.

I know someone who was a victim of a scam. That was my motivation. I don't get that many of these emails but they ones I do get many times fit the pattern when it is sent by one address, if the receiver clicks "reply" it goes to another address, and in the actual wording of the scam is a third email address tell the receiver to send their information there. Spamcop is getting the first one but the others are not reported. If a scammer sends a large number of scam messages and finds that address is shut down, the two reply to addresses are still available to receive any information a victim sends. I was trying to report some of those addresses.

In the box for notes, I would just make not of all three email addresses used in the scam. I don't know if I was wasting my time or not?!?

[DavidT]

In the box for notes, I would just make not of all three email addresses used in the scam. I don't know if I was wasting my time or not?!?

Probably so. It's very unlikely that anyone read or took action on that information.

DT

[turetzsr]

...One can never know for certain but I've gotten a few replies to my manual LARTs suggesting that action has been taken, including in some cases the claim that the offending accounts have been terminated (a bit scary, that -- I hope they did more than rely on just my complaint! <g>).

[moreofless]

...One can never know for certain but I've gotten a few replies to my manual LARTs suggesting that action has been taken, including in some cases the claim that the offending accounts have been terminated (a bit scary, that -- I hope they did more than rely on just my complaint! <g>).

I have received three PHISHING email in the last 24 hours which fit the pattern of having a different reply-to address or instructions in the scam message to send information to a different address. For example one of these messages instructs the recipient to reply to an AOL address. Normally I would have looked up the abuse address and added that address to the report along with a comment listing the actual address. Now that I can't do that, I can only hope someone else does or someone might become a victim who would not have.

[turetzsr]

<snip>

Now that I can't do that

<snip>

...You can't do that the way you were but there's the 88487[/snapback] non-Fuel users' workaround (which I can fully understand your rejecting as too much effort) or manually LART. Or give it up as not worth the effort. <g>

[moreofless]

...You can't do that the way you were but there's the 88487[/snapback] non-Fuel users' workaround (which I can fully understand your rejecting as too much effort) or manually LART. Or give it up as not worth the effort. <g>

I cannot spend any more time on this that I was. The pattern I described seems to be common for these PHISHING emails yet those addresses are not reported. I was hoping maybe by adding these addresses to the report I might save someone from being a victim of fraud. I can only hope someone else will do this now.

[michaelanglo]

I cannot spend any more time on this that I was. The pattern I described seems to be common for these PHISHING emails yet those addresses are not reported. I was hoping maybe by adding these addresses to the report I might save someone from being a victim of fraud. I can only hope someone else will do this now.

As I understand it email addresses whether from From: Reply-To: or in the body, are (now) never used as a subject of a report.

So if you think they should be reported in a particular case they need to be looked up and added as an extra addressee.

[turetzsr]

...Yes, michaelanglo, that's what moreofless was doing but is no longer able to do as easily as when she/ he had fuel.