petzl Posted November 2, 2019 Share Posted November 2, 2019 (edited) 17 minutes ago, Hanco said: I have reported 14 abuse emails to them today since this morning alone. I’ve just about had enough and canceling prime and avoiding shopping with them at all is increasingly likely what is going to happen. I am coming to the same conclusion as you. Totally a waste of time. I don’t know if there is an email client for my Pixel phone and iPhone which allows blocking by IP ranges but that’s what I’d really like to get!!! The sleaze running their abuse desk are not good at their job. I don't now buy anything from Amazon that alone costs them more thant they get from their resident spammer. Maybe Jeff Bezos will start noticing his billions disappear? My Gmail address is hammered by spam coming from AWS I copy from notepad to put in forwarded spam and mark it phishing Banning all Amazon purchases because of inept AWS abuse responses to AmazonAWS DDoS multiple IP email attacks Criminal phishing, bogus reply address, bogus unsubscribe(NEVER subscribed), DDoS IP address Text headers and body sent to, from Gmail account stop-spoofing[AT]amazon.com, abuse[AT]amazonaws.com, abuse[AT]amazon.com, ec2-abuse[AT]amazon.com, ipmanagement[AT] amazon.com, phishing-report[AT]us-cert.gov Edited November 2, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
Hanco Posted November 2, 2019 Share Posted November 2, 2019 Well I just did it. Canceled Prime and Music. I’m not giving them any money any more. They surely could fix this but choose not to. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 2, 2019 Share Posted November 2, 2019 (edited) 4 minutes ago, Hanco said: Well I just did it. Canceled Prime and Music. I’m not giving them any money any more. They surely could fix this but choose not to. Good and tell them why. The more that do this the more this spammer costs Amazon Spread the good word. Were a regular buyer of goods from Amazon not anymore. Edited November 2, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
Hanco Posted November 3, 2019 Share Posted November 3, 2019 Oh I told them! They wanted someone from fraud to call me... I said ok, so long as they’re going to actually do something that is effective. They didn’t call. And of course the abuse emails continue to come today from Amazon IPs. If this has been answered before, my apologies. Why do we see this: /dev/null'ing report for Abuse#amazonaws.com@devnull.spamcop.net/dev/null'ing report for ec2-abuse#amazon.com@devnull.spamcop.net Quote Link to comment Share on other sites More sharing options...
petzl Posted November 3, 2019 Share Posted November 3, 2019 2 hours ago, Hanco said: Why do we see this: /dev/null'ing report for Abuse#amazonaws.com@devnull.spamcop.net/dev/null'ing report for ec2-abuse#amazon.com@devnull.spamcop.net I forward spam from my Gmail account to Amazon, none today? Amazon abuse have "unsubscribed" from SpamCop reports. shows how inept/uncaring they are. Quote Link to comment Share on other sites More sharing options...
Hanco Posted November 3, 2019 Share Posted November 3, 2019 20 minutes ago, petzl said: I forward spam from my Gmail account to Amazon, none today? I wish! It’s endless. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 3, 2019 Share Posted November 3, 2019 1 hour ago, Hanco said: I wish! It’s endless. I suspect it's my "preamble" in every report to them just started adding 2 days ago actually ceased yesterday so it seems Amazon do know this criminal and are cooperating in the attack. | Banning all Amazon purchases because of inept AWS abuse responses to AmazonAWS DDoS multiple IP email attacks Criminal phishing, bogus reply address, bogus unsubscribe(NEVER subscribed), DDoS I will never buy anything from amazon or it's subsidiaries EVER! Quote Link to comment Share on other sites More sharing options...
Art101 Posted November 4, 2019 Share Posted November 4, 2019 The torture never ends. The depth of my hatred for everything associated with Amazon and the Amazonaws nightmare is complete. Amazon will never suck one more penny from my bank account. F*ck Amazon. And f*ck bitly(dot)com, too, for enabling this nonstop spam rape. And probably Cisco Systems (the giant corporation that seems to have gobbled up Spamcop in order to render it completely useless). The Internet is dead. All hail the Internet. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 5, 2019 Share Posted November 5, 2019 2 hours ago, Art101 said: Amazon will never suck one more penny from my bank account. Get the move going Amazon have a security problem and are just annoying customers Quote Link to comment Share on other sites More sharing options...
ScotchJohn Posted November 6, 2019 Share Posted November 6, 2019 Various posters have expressed their frustration at receiving seemingly endless spam from Amazon AWS servers, as I have been. I was also fed up at SpamCop's simply "devnulling" our Amazon AWS spam. Instead, I have reported, and gone on reporting, Amazon AWS spam to various Amazon mail addresses. I get the automated replies from Amazon, but I could be persuaded that the volume of spam from Amazon AWS has tailed off. I could be wrong, but I think the way forward is to go on reporting Amazon AWS spam; "devnulling" by SpamCop is not going to do any good. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 6, 2019 Share Posted November 6, 2019 (edited) 20 minutes ago, ScotchJohn said: Various posters have expressed their frustration at receiving seemingly endless spam from Amazon AWS servers, as I have been. I was also fed up at SpamCop's simply "devnulling" our Amazon AWS spam. Instead, I have reported, and gone on reporting, Amazon AWS spam to various Amazon mail addresses. I get the automated replies from Amazon, but I could be persuaded that the volume of spam from Amazon AWS has tailed off. I could be wrong, but I think the way forward is to go on reporting Amazon AWS spam; "devnulling" by SpamCop is not going to do any good. Amazon are incompetent and won't accept SpamCop reports The only way to attempt to report directly from your Gmail WEB account to abuse[AT]amazonaws.com And Mark it phishing (so-far I have only seen Gmail accounts attacked?) Amazon replied to me that I didn't do this, which I did send all headers and body in text listed the IP (3.134.0.217) it came from * Complete, accurate timestamps of the activity including: (one email per report, please) - Date - Time - Time Zone * All source IPs * All source port(s) & protocol(s) * Destination IP(s) * Destination port(s) and protocol(s) * Full e-mail header and HTML content of the spam message I sent/parsed it through SpamCop https://www.spamcop.net/sc?id=z6588724520zeaff576385f38c9a53fea8a2da697254z replied Seems you don't know your job very well? all headers, time stamps were sentYour IP 3.134.0.217 is listed as a Botnetsee and have machine scanned https://www.abuseat.org/lookup.cgi?ip=3.134.0.217This IP is infected (or NATting for a computer that is infected) with an botnet that is emitting email spam. The infection is probably auto. Edited November 6, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
Hanco Posted November 8, 2019 Share Posted November 8, 2019 On 11/6/2019 at 2:01 PM, ScotchJohn said: Instead, I have reported, and gone on reporting, Amazon AWS spam to various Amazon mail addresses. ... I could be persuaded that the volume of spam from Amazon AWS has tailed off. Me too: abuse@amazonaws.com, ec2-abuse@amazon.com, ipmanagement@amazon.com, abuse@amazon.com I add those to my Amazon reports on SpamCop now. Two get devnulled. volume has not tailed off for me. In August it ramped up. 20-30 per day is normal now. Nearly all of them with links (or short URL redirects) to VPSVILLE.RU hosted sites. Nearly all use free “now-dns.com” services too. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 8, 2019 Share Posted November 8, 2019 (edited) 8 hours ago, Hanco said: volume has not tailed off for me. AWS don't care and lie or don't know their job sending me "We were unable to identify the customer responsible for the reported activity. Due to the frequency with which AWS public IP addresses can change ownership, we will need additional information in order to identify the responsible customers"Which is rubbish. the only port their IP's have open is port 53, none are email servers, They need to block port 25 on machines that are NOT email servers I replied (as above) and spam has dropped to around 3 a day at present, instead of the 20 daily or so, it was before Edited November 8, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
Hanco Posted November 8, 2019 Share Posted November 8, 2019 Interesting. I imagine the idiots who spend their time sending abuse emails might look at this forum and others like it sometimes... I’ve sent you a pm here. I’m not technically fully aware of how all this works, so I would appreciate your indulging my curiosity if you have time. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 8, 2019 Share Posted November 8, 2019 5 hours ago, Hanco said: so I would appreciate your indulging my curiosity port 53 is open normal, connects to your DNS. Quote Link to comment Share on other sites More sharing options...
Art101 Posted November 9, 2019 Share Posted November 9, 2019 OK. Take a deep, healing breath. The internet was the most important advance in human communication since the invention of the printing press. It was highjacked by money-grubbing spammers and corporate interests that don't give a flying f*ck about you or me. I give up. I'm done with this sh*t. I will no longer offer reports to SpamCop. Doing so is pointless. Amazonaws is evil. Amazonaws rapes my inbox with crap I did not ask for and do not want. Have a nice day, Quote Link to comment Share on other sites More sharing options...
petzl Posted November 9, 2019 Share Posted November 9, 2019 17 minutes ago, Art101 said: Amazonaws is evil. Amazonaws rapes my inbox with crap I did not ask for and do not want. By dropping Amazon and their subsidiaries from purchases forever will cost them more than the free spamming accounts from their "Free email accounts" that we are being hammered with. https://sendgrid.com/marketing/sendgrid-services-cro/Try it out! Send 40,000 emails for 30 days, then 100/day forever. Sign up for free. No credit card required. Quote Link to comment Share on other sites More sharing options...
RobiBue Posted November 10, 2019 Share Posted November 10, 2019 On 11/2/2019 at 3:29 PM, Art101 said: The internet was the most important advance in human communication since the invention of the printing press. It's hijacked by spammers, phishers, massive money-grubbing corporate interests, governments that leverage it to keep us stupid and scared, and related nightmares. 🙂 and don't forget social media 🙂 Quote Link to comment Share on other sites More sharing options...
stan55 Posted November 16, 2019 Share Posted November 16, 2019 It seems to me that spamming is the same thing as harassment. Isn't harassment by any other means illegal in the US? Why isn't it illegal for email? What I found in looking at message sources is that all of these IP addresses are long disabled by the time I get them. I use nslookup to find who owns the IP address. Then I ping the address, and every time get no response. Of course, they can simply prevent their servers from being pinged, which I suppose is the case. I was thinking that they simply assign single-use IP addresses to each email, since all of the IP addresses are unique to one and only one email. I collected over 500 emails, message headers and nonsense responses from ec2-abuse@amazon.com. and hoped to get the attention of a real, live person FBI or FCC. I contacted my US Representative and asked if they would help me contact them. No response after several days. And then, a nonsense generic response. I wonder if there is any law firm that would be willing to do a class action suit against amazon aws harassment? I just don't know where to start. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 16, 2019 Share Posted November 16, 2019 51 minutes ago, stan55 said: I collected over 500 emails, message headers and nonsense responses from ec2-abuse{}amazon.com The last spam I received today email server167.89.8.98 abuse[]sendgrid.com injection 13.114.162.17 abuse[]amazonaws.com I just forward spam to the abuse addresses from my Gmail WebMail. Seems to have a effect in reducing the attack. SpamCop won't send reports. so I forward them directly old trackhttps://www.spamcop.net/sc?id=z6588724520zeaff576385f38c9a53fea8a2da697254z email server (look for yelp in headers name of server) 167.89.8.98 abuse[]sendgrid.com injection (look for AWS in headers) 3.134.0.217 abuse[]amazonaws.com Quote Link to comment Share on other sites More sharing options...
Hanco Posted November 16, 2019 Share Posted November 16, 2019 Most of my spam is from Amazonaws but it has gone down with a determinant attitude to reporting. However I don’t consider the reporting to Amazon useful. It did not have a material effect on volume. Actually, reporting direct to SpamCop has probably been more useful. It SEEMS like most of my spam comes via other third parties with Amazonaws being the driver... Often Hotmail.com (that appears to be quite possible) Quote Link to comment Share on other sites More sharing options...
goodnerd Posted November 18, 2019 Share Posted November 18, 2019 I am also a victim of the AmazonAWS spam. I'm guessing most of what we are all seeing is from the same group. They use forged headers and put tons of lines of hidden text in the message body which poses as everything from Enterprise Rental car to IBM cloud to Event Temple church. This is all from the same person. They also use bitly and twitter redirects to mask the real links in the spams. I have a list of about 10 Twitter accounts they use as link farms. They also use a ton of domains registered through Namecheap as Namecheap refuses to take any action on any of their clients no matter how severe the crime is. I've even busted them for fake Warren Buffet phishing spams and Namecheap still would not disable the domain which is registered though their client with WHOIS privacy protection. The best luck that I have found so far is the ec2-abuse@amazon.com address as far as getting replies. But if you want direct action then you have to go here: https://support.aws.amazon.com/#/contacts/report-abuse and submit a ticket. It's a pain because you have to enter the spam into SpamCop to get the IP address and then copy it all over here once again along with timestamp data and other useless info. They eventually shut down the account but the spammer just keeps opening up new ones. I have filed a complaint with the Attorney General against Namecheap for providing a base of operations for this AmazonAWS spam group. Many of the spams being sent though AmazonAWS that fall into this same footprint of redirects, forged headers, and the same hidden text in the message body are advertising websites owned by Jared Forbush, aka 4Bush Holdings LLC out of Kaysville, UT But try the https://support.aws.amazon.com/#/contacts/report-abuse link - it at least gets a response. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 18, 2019 Share Posted November 18, 2019 5 hours ago, goodnerd said: They eventually shut down the account but the spammer just keeps opening up new ones. Slow the criminal down though old trackhttps://www.spamcop.net/sc?id=z6588724520zeaff576385f38c9a53fea8a2da697254zemail server (look for yelp in headers name of server)167.89.8.98 abuse[]sendgrid.cominjection (look for AWS in headers)3.134.0.217 abuse[]amazonaws.com Quote Link to comment Share on other sites More sharing options...
goodnerd Posted November 18, 2019 Share Posted November 18, 2019 Yep - they always have Yelp references in the headers. Same spammer, exact same email fingerprints. When I helped the feds a while back with the Robert Soloway case I had purchased one of the domains Soloway was forging the sender email address of (just as in these Amazonaws spams). I then set up a mail server and captured all the bounces of returned spams and within a day or two I collected around 175,000 bounced spams that was presented in the trial showing Soloway's methods. This Amazonaws clown is doing the same thing as the sender's email address in the spams are from domains that don't even exist. Example:This header shows the sender's email address to come from the domain bagfczfpyelp.com - which is an unregistered domain name and does not exist. sender) smtp.mailfrom=BJpAJGNR@3otnx---3otnx----us-west-2.compute.amazonaws.com Received: from o1.923yelp (o1.923yelp [167.89.8.98]) mx.google.com with ESMTPS id i126si10064712ybi.415.2019.02.13.07.44.33 for <hjKcv.bPwV@gmail.com> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 07:44:34 -0800 (PST) Received: from smtp-sendgrid.yelpcorp.com (ec2-52-34-255-49.us-west-2.compute.amazonaws.com ) ismtpd0011p1las1.sendgrid.net (SG) with ESMTP id jxq4wpsYRtSCL30cEOF67Q for <hjKcv.bPwV@gmail.com>; Wed, 13 Feb 2019 15:44:32.244 +0000 (UTC) Content-Type: text/html; charset=utf-8 MIME-Version: 1.0 From: Improve Your Memory Today <EoZcDmolk@bagfczfpyelp.com> Subject: Improve your memory and brain To: ***************(my email address)********** Date: Sun, 10 Nov 2019 00:11:48 +0100 Errors-To: returnto@yelp.com Does this look familiar to yours? I've tracked down two names within the US that these spams are associated with. One is a company out of Texas called One Technologies (credit card and loan spams) - who has already been slapped down by the FTC once. The other was the 4Bush Holdings out of Utah (various drugs and hemp oil spams). I received another wave of Amazonaws spams last night and sent a copy of one of them to ec2-abuse@amazon.com in a reply to an earlier complaint. I then received a reply after only a few hours: Quote Hi there, We see you have received another spam originating from another an AWS Ip. Request you to kindly open a new abuse case so we can find the owner behind the spam and take appropriate action as this case is tagged to the old report that was sent. AWS Abuse team. How can I contact a member of the Amazon EC2 abuse team?Send an e-mail to ec2-abuse@amazon.com; remember to include your case number. Amazon Web Services Amazon Web Services LLC is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message produced and distributed by Amazon Web Services, LLC, 410 Terry Avenue North, Seattle, WA 98109-5210. When I file the spams on SpamCop I also manually add in the address ec2-abuse@amazon.com so they receive a copy as well. The other amazon addresses just appear to be a black hole. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 18, 2019 Share Posted November 18, 2019 (edited) 5 hours ago, goodnerd said: Does this look familiar to yours? email server 167.89.8.98 abuse[AT]sendgrid.com need to put in abuse report to them as well, they are brainless stinkers this is what is said on sendgrid site spammers paradise https://sendgrid.com/marketing/sendgrid-services-cro/ Try it out! Send 40,000 emails for 30 days, then 100/day forever. Sign up for free. No credit card required. Always spam injected from a AWS IP? https://www.spamcop.net/sc?id=z6592985188z08df2a03ce1e990bfb81847501172823z Notes Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS injection 44.228.105.175 abuseXamazonaws.com email server 167.89.8.98 abuseXsendgrid.com Edited November 18, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.