klappa Posted March 5, 2019 Share Posted March 5, 2019 I regularly get spam from spammers using third party e-mail providers like Outlook then using redirect links to Amazon hosted adult sex dating domains. What can i do in this instance? Despite creating case after case on Amazon they replied at first promising they would look into this situation but haven't done anything since i keep getting the spam. Obviously Amazon isn't kicking the customer out because I think Amazon don't they have anything to do with it when there aren't anything in the e-mail linking to them except when clicking the the link in the spam. This is very frustrating! Link to comment Share on other sites More sharing options...
MIG Posted March 5, 2019 Share Posted March 5, 2019 36 minutes ago, klappa said: What can i do in this instance? Hey klappa, It is frustrating. With all spam I get I forward the actual mail to 3 regulatrory authorities (not sure this does anything tangible other than build up their databases), however & also, with Amazon I always forward to them, they respond with a request for more information, which I provide and within 48 hrs, 99% of the time they have actioned, with followup advice to me to report back if the issue continues for the specified "offender". I track very carefully, I've only had to revert 7 times out of 150 events. I never "create case on Amazon". Just out of curiosity, are you able to provide a SpamCop Report URL please? Cheers! Link to comment Share on other sites More sharing options...
Lking Posted March 5, 2019 Share Posted March 5, 2019 6 hours ago, klappa said: using redirect links to Amazon hosted adult sex dating domains Grrrrrrr! Maybe if you include a note to Amazon along with the spam Report about the redirect. Link to comment Share on other sites More sharing options...
klappa Posted March 7, 2019 Author Share Posted March 7, 2019 On 3/5/2019 at 12:20 PM, MIG said: Hey klappa, It is frustrating. With all spam I get I forward the actual mail to 3 regulatrory authorities (not sure this does anything tangible other than build up their databases), however & also, with Amazon I always forward to them, they respond with a request for more information, which I provide and within 48 hrs, 99% of the time they have actioned, with followup advice to me to report back if the issue continues for the specified "offender". I track very carefully, I've only had to revert 7 times out of 150 events. I never "create case on Amazon". Just out of curiosity, are you able to provide a SpamCop Report URL please? Cheers! Which three regulatory authorities? I often find them doing nothing except maybe if it's phishing spam perhaps but that doesn't help much either as the phishers just compromise a new server to send phishing mail from. Does it really help? As said in the original post there's nothing in the spam that links to Amazon except when clicking that link which redirects to the spammers Amazon hosted servers. It goes though several Amazon domains a long the way but the first one is always hosted on another host provider or using short URL services. That makes the spam reports meaningless and Amazon another excuse not to look into it. They did according to their corresponding e-mails but i keep getting them so obviously the did nothing on their part. On 3/5/2019 at 6:06 PM, Lking said: Grrrrrrr! Maybe if you include a note to Amazon along with the spam Report about the redirect. Any idea how i can formulate it? "That link leads to one of your domains"? Would they even care? They stopped responding to my Cases for a time now. It's damn frustrating how they can host spammers hosting their damn adult sex domains which obviously are a scam all together. I am so frustratingly mad! Link to comment Share on other sites More sharing options...
Lking Posted March 7, 2019 Share Posted March 7, 2019 3 hours ago, klappa said: Any idea how i can formulate it? "That link leads to one of your domains"? Maybe include the link that redirects to them. 3 hours ago, klappa said: Would they even care? We can always be hopeful. Link to comment Share on other sites More sharing options...
petzl Posted March 7, 2019 Share Posted March 7, 2019 1 hour ago, Lking said: We can always be hopeful. Hello, This case has been investigated and resolved by the Amazon EC2 Abuse Team. If you believe this case to be unresolved, please either respond to this email with detailed logs or file another case with detailed logs to that end. Thank you for your attention in this matter. Regards, Amazon EC2 Abuse Team Link to comment Share on other sites More sharing options...
klappa Posted March 8, 2019 Author Share Posted March 8, 2019 16 hours ago, Lking said: Maybe include the link that redirects to them. We can always be hopeful. That didn't help. See post below. 14 hours ago, petzl said: Hello, This case has been investigated and resolved by the Amazon EC2 Abuse Team. If you believe this case to be unresolved, please either respond to this email with detailed logs or file another case with detailed logs to that end. Thank you for your attention in this matter. Regards, Amazon EC2 Abuse Team Yes! I got an even worse answer. And it's usually this type of response that i get from Amazon. I don't know how many cases i must create to make them listen than just providing autoreplies. Quote Based on this information... we determined this is not hosted on the AWS network... give us more additional information. Really what more information? I forwarded the whole spam e-mail. Nothing in it connects to Amazon until i click on that spam link in the e-mail then it goes through several domains (HTTP/1.1 302 Found URL redirection) hosted by Amazon until it lands on the destination domain also hosted by them. Link to comment Share on other sites More sharing options...
petzl Posted March 8, 2019 Share Posted March 8, 2019 2 hours ago, klappa said: Yes! I got an even worse answer. And it's usually this type of response that i get from Amazon. I don't know how many cases i must create to make them listen than just providing autoreplies. They are into "list washing" when they are hosting pedophilia and I tell them I think they get worried! Link to comment Share on other sites More sharing options...
klappa Posted March 8, 2019 Author Share Posted March 8, 2019 1 hour ago, petzl said: They are into "list washing" when they are hosting pedophilia and I tell them I think they get worried! They are? I know the sex dating domains they host is a scam, sites which are using bots but I didn't know they also contained pedophilia. You think they would listen and take action? I am just afraid they would say they haven't found any evidence containing pedophilia and just happily go on pretending they are not following the spammers errands. This is common among these type of spammers. The visible domain seen in the spam link is using a completely different host to hide from spam reports and while that host may take action Amazon might not for there's no evidence showing them being involved. I made a case to them telling them that the destination domain are hosted by Amazon but according to them that content is not being hosted on the AWS network. Here's the Spamcop report so you see for yourself. https://www.spamcop.net/sc?id=z6528085723z327e3c5c23bd63746d9270f0d3a08dd6z Are there any instances i can turn to when feeling helpless or should i just give up and pretending Amazon not having anything to do with it? Link to comment Share on other sites More sharing options...
petzl Posted March 8, 2019 Share Posted March 8, 2019 9 hours ago, klappa said: They are? I know the sex dating domains they host is a scam, sites which are using bots but I didn't know they also contained pedophilia. You a pediatrician? Any lewd site is supposed to have by law .on site proof of age, without this it you don't know! in notes with sex sites I send this. I don't want it and never subscribe for perverted rubbish. It's pedophilia as far as I and the law is concerned! A Forrest Gump moment for me was when Trump had the FBI seize "Backpage" for that exact reason Hope Amazon AWS have the same fate! Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS > Link to comment Share on other sites More sharing options...
klappa Posted March 9, 2019 Author Share Posted March 9, 2019 2 hours ago, petzl said: You a pediatrician? Any lewd site is supposed to have by law .on site proof of age, without this it you don't know! in notes with sex sites I send this. I don't want it and never subscribe for perverted rubbish. It's pedophilia as far as I and the law is concerned! A Forrest Gump moment for me was when Trump had the FBI seize "Backpage" for that exact reason Hope Amazon AWS have the same fate! Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS > They just dismiss my complaints. They send a reply saying the sender IP belonging to Microsoft together with a whois lookup. Well doh they are using Outlook to send their spam. They just don't get it. Do they really think i am stupid. And at the same time saying they can understand my frustration. I don't know what to say. I didn't know the Amazon abuse helpdesk were so dumb. Link to comment Share on other sites More sharing options...
petzl Posted March 9, 2019 Share Posted March 9, 2019 19 minutes ago, klappa said: I don't know what to say. I didn't know the Amazon abuse helpdesk were so dumb. They are trying to be "clever" I'm doing all I can to do what happened to the Backpage operator he went from a multimillionaire to skidrow. You have to put full directions in your notes Amazon will only look at copy and pasted headers with notes Example my Russian cyber-criminals "notes" Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe sold to this Russian (?) Crime gang by FaceBook .. email source 94.100.177.97 abuse@corp.mail.ru URL in spam link obfuscation https://www.google.com/#btnI=ixyvb-ddvef-rgcse&q=jiofdahiugfhajpsdh.ru Resolves to 64.233.191.105 network-abuse@google.com phishing-report@us-cert.gov redirects through http://jiofdahiugfhajpsdh.ru 185.26.122.56 abuse-c@hostland.ru Redirection ends https://appteslerapp.com/?click=39192426&mode=optin&api_url=%2F%2Fgotrack.static500.com%2Fapi%2Fv1 188.166.113.230 abuse@digitalocean.com phishing-report@us-cert.gov offending email (eml) forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader > Link to comment Share on other sites More sharing options...
klappa Posted March 9, 2019 Author Share Posted March 9, 2019 16 minutes ago, petzl said: They are trying to be "clever" I'm doing all I can to do what happened to the Backpage operator he went from a multimillionaire to skidrow. You have to put full directions in your notes Amazon will only look at copy and pasted headers with notes Example my Russian cyber-criminals "notes" Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe sold to this Russian (?) Crime gang by FaceBook .. email source 94.100.177.97 abuse@corp.mail.ru URL in spam link obfuscation https://www.google.com/#btnI=ixyvb-ddvef-rgcse&q=jiofdahiugfhajpsdh.ru Resolves to 64.233.191.105 network-abuse@google.com phishing-report@us-cert.gov redirects through http://jiofdahiugfhajpsdh.ru 185.26.122.56 abuse-c@hostland.ru Redirection ends https://appteslerapp.com/?click=39192426&mode=optin&api_url=%2F%2Fgotrack.static500.com%2Fapi%2Fv1 188.166.113.230 abuse@digitalocean.com phishing-report@us-cert.gov offending email (eml) forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader > Thank you! That will help a lot. With this i can improve my reporting even more. Amazon promised to take action now in the last second when i threatened to report them to the government authorities. Now i see that the redirect URL service unfortunately didn't show the destination domain which was hosted by another domain host entirely from Amazon. These spammers are clever. IT's really a pain in the ass. It is also unfortunate that Spamcop isn't that much of a help when they are constantly changing from where they send the spam from and hosts their obfuscated domains. Spamcop will only report the responsible parties in the spam. I really do hope Spamcop does something though even if you have to dig further than what Spamcop does. Link to comment Share on other sites More sharing options...
RobiBue Posted March 9, 2019 Share Posted March 9, 2019 5 hours ago, klappa said: Thank you! That will help a lot. With this i can improve my reporting even more. Amazon promised to take action now in the last second when i threatened to report them to the government authorities. Now i see that the redirect URL service unfortunately didn't show the destination domain which was hosted by another domain host entirely from Amazon. These spammers are clever. IT's really a pain in the ass. It is also unfortunate that Spamcop isn't that much of a help when they are constantly changing from where they send the spam from and hosts their obfuscated domains. Spamcop will only report the responsible parties in the spam. I really do hope Spamcop does something though even if you have to dig further than what Spamcop does. to Amazon I would writethe following (adding the spam at the end): you are harboring a spamvertised porn site: spamvertised link: http://se2. mogenromance-svenska. club/ redirects as follows: HTTP/1.1 302 Found => Server => nginxDate => Sat, 09 Mar 2019 07:04:17 GMTContent-Type => text/html; charset=utf-8Content-Length => 75Connection => closeLocation => https:// crazytrackings. com/ ?a=100225&c=102723&s1=232X-Served-By => Namecheap URL Forward HTTP/1.0 302 Found => Cache-Control => privateContent-Length => 226Content-Type => text/html; charset=utf-8Date => Sat, 09 Mar 2019 07:04:42 GMTLocation => https:// cyberblueberry. com/ ?a=100225&c=102723&s1=232&ckmguid=5eaf0d44-97f6-419a-bf50-4dc7daa946ba HTTP/1.0 302 Found => Cache-Control => privateContent-Length => 250Content-Type => text/html; charset=utf-8Date => Sat, 09 Mar 2019 07:05:03 GMTLocation => https:// kewkr. girlstofu**. net/ c/da57dc555e50572d?s1=12951&s2=153430&s3=100225&s5=&click_id=22381729&j1=1&j3=1P3p => CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Set-Cookie => c100916=B0u1wB9CbYmmbLsSFz+i2AKhvFRakvmMJc94KAGrH+9633KgqJ4kxg==; domain=.cyberblueberry.com; expires=Mon, 08-Apr-2019 07:05:04 GMT; path=/; HttpOnly HTTP/1.1 200 OK => Server => nginxDate => Sat, 09 Mar 2019 07:05:24 GMTContent-Type => text/html; charset=UTF-8Content-Length => 12475Connection => closeSet-Cookie => scriptHash=49415_12951_153430; expires=Mon, 08-Apr-2019 07:05:24 GMT; Max-Age=2592000; path=/; HttpOnlyX-Powered-By => PHP/7.0.32 and this last redirect is on IP address Host kewkr. girlstofu**. net (checking ip) = 34.194.20.115 whois -h whois.arin.net 34.194.20.115 ... [...] NetRange: 34.192.0.0 - 34.255.255.255 CIDR: 34.192.0.0/10 NetName: AT-88-Z NetHandle: NET-34-192-0-0-1 Parent: NET34 (NET-34-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2016-09-12 [...] OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-266-4064 OrgAbuseEmail: abuse@amazonaws.com OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN [...] I believe this is your IP space. please enforce your AUP. offending message with munged headers follows (and I always munge the headers with my name and address since I send it from a dedicated spam reporting email address which is in name and address different from any other) and see if they say that it's not their IP space Link to comment Share on other sites More sharing options...
klappa Posted March 9, 2019 Author Share Posted March 9, 2019 5 hours ago, RobiBue said: to Amazon I would writethe following (adding the spam at the end): you are harboring a spamvertised porn site: spamvertised link: http://se2. mogenromance-svenska. club/ redirects as follows: HTTP/1.1 302 Found => Server => nginxDate => Sat, 09 Mar 2019 07:04:17 GMTContent-Type => text/html; charset=utf-8Content-Length => 75Connection => closeLocation => https:// crazytrackings. com/ ?a=100225&c=102723&s1=232X-Served-By => Namecheap URL Forward HTTP/1.0 302 Found => Cache-Control => privateContent-Length => 226Content-Type => text/html; charset=utf-8Date => Sat, 09 Mar 2019 07:04:42 GMTLocation => https:// cyberblueberry. com/ ?a=100225&c=102723&s1=232&ckmguid=5eaf0d44-97f6-419a-bf50-4dc7daa946ba HTTP/1.0 302 Found => Cache-Control => privateContent-Length => 250Content-Type => text/html; charset=utf-8Date => Sat, 09 Mar 2019 07:05:03 GMTLocation => https:// kewkr. girlstofu**. net/ c/da57dc555e50572d?s1=12951&s2=153430&s3=100225&s5=&click_id=22381729&j1=1&j3=1P3p => CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Set-Cookie => c100916=B0u1wB9CbYmmbLsSFz+i2AKhvFRakvmMJc94KAGrH+9633KgqJ4kxg==; domain=.cyberblueberry.com; expires=Mon, 08-Apr-2019 07:05:04 GMT; path=/; HttpOnly HTTP/1.1 200 OK => Server => nginxDate => Sat, 09 Mar 2019 07:05:24 GMTContent-Type => text/html; charset=UTF-8Content-Length => 12475Connection => closeSet-Cookie => scriptHash=49415_12951_153430; expires=Mon, 08-Apr-2019 07:05:24 GMT; Max-Age=2592000; path=/; HttpOnlyX-Powered-By => PHP/7.0.32 and this last redirect is on IP address Host kewkr. girlstofu**. net (checking ip) = 34.194.20.115 whois -h whois.arin.net 34.194.20.115 ... [...] NetRange: 34.192.0.0 - 34.255.255.255 CIDR: 34.192.0.0/10 NetName: AT-88-Z NetHandle: NET-34-192-0-0-1 Parent: NET34 (NET-34-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2016-09-12 [...] OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-266-4064 OrgAbuseEmail: abuse@amazonaws.com OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN [...] I believe this is your IP space. please enforce your AUP. offending message with munged headers follows (and I always munge the headers with my name and address since I send it from a dedicated spam reporting email address which is in name and address different from any other) and see if they say that it's not their IP space Thank you! What do you mean by offending message with munged headers follows? How do you mung the headers with your name and address? However the destination domain was hosted by either Key-Systems, RRProxy or Google i am not sure which is hosting which. I don't want to type down the domain as it would be traceable by the spammer. There's no trace routes services or functions i know of that would've showed the destination domain. The domains you listed are hosted by Amazon and lies between the domain link found in the spam and the destination domain. I don't know their purpose though. Link to comment Share on other sites More sharing options...
RobiBue Posted March 9, 2019 Share Posted March 9, 2019 2 hours ago, klappa said: Thank you! What do you mean by offending message with munged headers follows? How do you mung the headers with your name and address? However the destination domain was hosted by either Key-Systems, RRProxy or Google i am not sure which is hosting which. I don't want to type down the domain as it would be traceable by the spammer. There's no trace routes services or functions i know of that would've showed the destination domain. The domains you listed are hosted by Amazon and lies between the domain link found in the spam and the destination domain. I don't know their purpose though. Hi klappa, 1) munged headers means that I copy the raw spam (with headers) into notepad (on win) or your editor of choice and change all entries of my email address or part thereof as well as my name into a fake email address and fake name: X-Apparently-To: me@example.com; Sat, 02 Mar 2019 18:48:09 +0000 Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1 for <me@example.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST) To: me@example.com Subject: MY NAME: $15,000 Loan - Pay Back in 3 Years hello MY NAME, we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest Turns into: X-Apparently-To: x-x-x-x-x-x@x-xmail.com; Sat, 02 Mar 2019 18:48:09 +0000 Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1 for <x-x-x-x-x-x@x-xmail.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST) To: me@example.com Subject: x-x-x-x-x-x: $15,000 Loan - Pay Back in 3 Years hello x-x-x-x-x-x, we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest And then I add the following at the top of the headers: Comments: The recipient of the email wishes to stay anonymous and therefore has munged his name and/or address for privacy reasons to strings like "x-x-x" or "x". Please respect his privacy. That’s “munging”. 2) alas it’s true that certain links can be “traced” by spammers, the link I started with, had no traceable info. http://se2. mogenromance-svenska. club/ is not traceable let me rephrase that before I get in trouble for making false statements ok, every link you click on, gives the host your IP address, therefore (per se) traceable, but what I mean, is, that it doesn’t give the spammer any clue of your e-mail address. Traceable links, the way I mean it, can be, for instance: http://www.example.com/907743add1337 <- this hex string could be your encoded address http://www.example.com/illgetyou?a=encodedaddresshere If the link already starts like that, then caution is warranted. Since the redirects originated from a “safe” link, the information passed has nothing to do with your info. The links in between can be either reported at the same time or at a later point in time when the spammer is scrambling to get his new site redirected Sometimes I complain to the registrar as well in the hopes that someone there is witty enough to catch the pattern and MO of the spammer. Link to comment Share on other sites More sharing options...
klappa Posted March 9, 2019 Author Share Posted March 9, 2019 4 hours ago, RobiBue said: Hi klappa, 1) munged headers means that I copy the raw spam (with headers) into notepad (on win) or your editor of choice and change all entries of my email address or part thereof as well as my name into a fake email address and fake name: X-Apparently-To: me@example.com; Sat, 02 Mar 2019 18:48:09 +0000 Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1 for <me@example.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST) To: me@example.com Subject: MY NAME: $15,000 Loan - Pay Back in 3 Years hello MY NAME, we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest Turns into: X-Apparently-To: x-x-x-x-x-x@x-xmail.com; Sat, 02 Mar 2019 18:48:09 +0000 Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1 for <x-x-x-x-x-x@x-xmail.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST) To: me@example.com Subject: x-x-x-x-x-x: $15,000 Loan - Pay Back in 3 Years hello x-x-x-x-x-x, we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest And then I add the following at the top of the headers: Comments: The recipient of the email wishes to stay anonymous and therefore has munged his name and/or address for privacy reasons to strings like "x-x-x" or "x". Please respect his privacy. That’s “munging”. 2) alas it’s true that certain links can be “traced” by spammers, the link I started with, had no traceable info. http://se2. mogenromance-svenska. club/ is not traceable let me rephrase that before I get in trouble for making false statements ok, every link you click on, gives the host your IP address, therefore (per se) traceable, but what I mean, is, that it doesn’t give the spammer any clue of your e-mail address. Traceable links, the way I mean it, can be, for instance: http://www.example.com/907743add1337 <- this hex string could be your encoded address http://www.example.com/illgetyou?a=encodedaddresshere If the link already starts like that, then caution is warranted. Since the redirects originated from a “safe” link, the information passed has nothing to do with your info. The links in between can be either reported at the same time or at a later point in time when the spammer is scrambling to get his new site redirected Sometimes I complain to the registrar as well in the hopes that someone there is witty enough to catch the pattern and MO of the spammer. Now i follow. Although i can't be bothered munging my e-mail anymore. It's to late for that. I guess you do it manually every time? Yes that one isn't traceable but sometimes my e-mail is in the spam link often with the word campaign to lure the unsuspected user even more into clicking it. But since the spammer already have my e-mail it doesn't. Never seen that string before though. The sex dating dating domains are all scam through and through. Spammers use bots to lure the user into believing they are real people and make them throw up their credit card which essentially make the spammers into phishers in the end. The pictures of the girls/boys are stolen and have an unverified age. Link to comment Share on other sites More sharing options...
RobiBue Posted March 9, 2019 Share Posted March 9, 2019 44 minutes ago, klappa said: Now i follow. Although i can't be bothered munging my e-mail anymore. It's to late for that. I guess you do it manually every time? Yes that one isn't traceable but sometimes my e-mail is in the spam link often with the word campaign to lure the unsuspected user even more into clicking it. But since the spammer already have my e-mail it doesn't. Never seen that string before though. The sex dating dating domains are all scam through and through. Spammers use bots to lure the user into believing they are real people and make them throw up their credit card which essentially make the spammers into phishers in the end. The pictures of the girls/boys are stolen and have an unverified age. although they have your email, doesn't mean that if you report to their ISP that they know whodunit if you munge the name and address. of course, you'd also have to munge the message ID and a few other non-ISP headers that would/could reveal your info... Re: porn spam, amazon has AFAIU pretty strict guidelines and do not tolerate offenders. Link to comment Share on other sites More sharing options...
klappa Posted March 9, 2019 Author Share Posted March 9, 2019 28 minutes ago, RobiBue said: although they have your email, doesn't mean that if you report to their ISP that they know whodunit if you munge the name and address. of course, you'd also have to munge the message ID and a few other non-ISP headers that would/could reveal your info... Re: porn spam, amazon has AFAIU pretty strict guidelines and do not tolerate offenders. Yes that's true. But munging the Message ID and non-ISP headers is not recommended. They need all the details I can give them and those might be valuable. If Spamcop doesn't do it except the e-mail address I won't either. My e-mail is a lost cause. It's more a throwaway account for reporting spam nowadays. Link to comment Share on other sites More sharing options...
petzl Posted March 9, 2019 Share Posted March 9, 2019 4 hours ago, klappa said: Now i follow. Although i can't be bothered munging my e-mail anymore. It's to late for that. Yes spammer already has your email. Got one from these scum this morning here are the notes 54.213.31.253 (Administrator of network where email originates) abuse@amazonaws.com phishing-report@us-cert.gov https://bit.ly/2EPC64E?1819469901?DL4B7Sr6I8Unq8090859 67.199.248.10 abuse@bitly.com redirects https://mmwaq.slutsnearby.com/c/1f0a2cb367c37dee?s1=25218&s2=158751&j1=1&j3=1&s3=17004&s5=432018&click_id=nthml5c841f5915e67849990878 URL IP 34.194.20.115 abuse@amazonaws.com phishing-report@us-cert.gov Link to comment Share on other sites More sharing options...
RobiBue Posted March 9, 2019 Share Posted March 9, 2019 3 minutes ago, klappa said: Yes that's true. But munging the Message ID and non-ISP headers is not recommended. They need all the details I can give them and those might be valuable. If Spamcop doesn't do it except the e-mail address I won't either. My e-mail is a lost cause. It's more a throwaway account for reporting spam nowadays. SC munges the headers (unless it's a ISP that requires full headers) for me when I report the message. usually the message ID looks something like this: Message-Id: <wecW_______________________________________________upLM@vevida.net> the underscore line is placed there by SC. and non-ISP headers are often used by the spammer to trace reported spam and retaliate... that's why I tend to do that. if the ISP wants more info, they can ask for it Link to comment Share on other sites More sharing options...
RobiBue Posted March 9, 2019 Share Posted March 9, 2019 5 minutes ago, petzl said: Yes spammer already has your email. Got one from these scum this morning here are the notes 54.213.31.253 (Administrator of network where email originates) abuse@amazonaws.com phishing-report@us-cert.gov https://bit.ly/2EPC64E?1819469901?DL4B7Sr6I8Unq8090859 67.199.248.10 abuse@bitly.com redirects https://mmwaq.slutsnearby.com/c/1f0a2cb367c37dee?s1=25218&s2=158751&j1=1&j3=1&s3=17004&s5=432018&click_id=nthml5c841f5915e67849990878 URL IP 34.194.20.115 abuse@amazonaws.com phishing-report@us-cert.gov the info behind the ? in the links is what gives the spammer your info. those are the ones I don't add in the reports ... btw, got the same one today too... recognize the identical bit.ly address... Link to comment Share on other sites More sharing options...
klappa Posted March 9, 2019 Author Share Posted March 9, 2019 1 hour ago, petzl said: Yes spammer already has your email. Got one from these scum this morning here are the notes 54.213.31.253 (Administrator of network where email originates) abuse@amazonaws.com phishing-report@us-cert.gov https://bit.ly/2EPC64E?1819469901?DL4B7Sr6I8Unq8090859 67.199.248.10 abuse@bitly.com redirects https://mmwaq.slutsnearby.com/c/1f0a2cb367c37dee?s1=25218&s2=158751&j1=1&j3=1&s3=17004&s5=432018&click_id=nthml5c841f5915e67849990878 URL IP 34.194.20.115 abuse@amazonaws.com phishing-report@us-cert.gov Was it a phishing mail? Amazon doesn't seem to take it serious if it isn't a phishing mail. 1 hour ago, RobiBue said: SC munges the headers (unless it's a ISP that requires full headers) for me when I report the message. usually the message ID looks something like this: Message-Id: <wecW_______________________________________________upLM@vevida.net> the underscore line is placed there by SC. and non-ISP headers are often used by the spammer to trace reported spam and retaliate... that's why I tend to do that. if the ISP wants more info, they can ask for it Well retaliate how? I am sure Amazon doesn't provide or give away that info to the spammer if there's serious claims behind it. How would they trace the reported spam unless Amazon directly provide the spammer with the headers and body? And i can't be bothered to manually change every header, it's too much work. 1 hour ago, RobiBue said: the info behind the ? in the links is what gives the spammer your info. those are the ones I don't add in the reports ... btw, got the same one today too... recognize the identical bit.ly address... Well it doesn't matter. The spammer is too stupid knowing they send sex spam with underage women and sooner rather than later be put behind bars. Link to comment Share on other sites More sharing options...
petzl Posted March 10, 2019 Share Posted March 10, 2019 1 hour ago, klappa said: Was it a phishing mail? Amazon doesn't seem to take it serious if it isn't a phishing mail. Yes definitely criminal phishing offering prizes to get your email address and other info Link to comment Share on other sites More sharing options...
petzl Posted March 10, 2019 Share Posted March 10, 2019 1 hour ago, klappa said: I am sure Amazon doesn't provide or give away that info to the spammer They do, most certainly and they state so in their reply! They have a abuse website?https://aws.amazon.com/forms/report-abuse but run by the same morons, but they do have a email to their legal "subpoena-criminal[x]amazon.cxm." pay to advise them that the moronic abuse team is putting Amazon itself at risk! Offering FREE websites for pedophiles? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.