network-abuse@google.com bounces, again

[fliptop]

Howdy all - I seem to recall this happening before, perhaps a couple-three years ago?

https://members.spamcop.net/sc?id=z6723973700z580d8f6227bc283c1b918450a2e3c366z

Spamcop reports for google spam is being /dev/null'd again. Since about 90% of the spam I receive comes from google's servers, this is not good. The submission always responds w/ something similar to this:

Tracking message source: 209.85.210.170:
Routing details for 209.85.210.170
[refresh/show] Cached whois for 209.85.210.170 : network-abuse@google.com
abuse@google.com bounces (25774 sent : 16844 bounces)
Using best contacts
No reporting addresses found for 209.85.210.170, using devnull for tracking.
Yum, this spam is fresh!
Message is 0 hours old
209.85.210.170 not listed in cbl.abuseat.org
209.85.210.170 listed in dnsbl.sorbs.net ( 1 )
209.85.210.170 not listed in accredit.habeas.com
209.85.210.170 not listed in plus.bondedsender.org
209.85.210.170 not listed in iadb.isipp.com

Anyone have any idea what's going on? Gmail is so ubiquitous, it's impossible to firewall these IPs w/o upsetting a lot of people...

[Lking]

2 hours ago, fliptop said:

Spamcop reports for google spam is being /dev/null'd again.

There are several reasons to send reports to devnull.

• Several (6 i seem to remember) pass reports have bounced back to spamcop - So why send more?
• The admin on record has ask spamcop NOT to send spam reports. - Spamcop does not want to add to the email clutter. If they are not going to act on the report, just put it in the bit bucket, why use the bandwidth to send more report to the admin?
• There is strong evidence that the reported admin passes the report directly to the spammer. - Not good.
• Others

I do not know what the situation is with google. But there is evidence here that google does nothing with the reports.

 

[petzl]

1 hour ago, Lking said:

I do not know what the situation is with google. But there is evidence here that google does nothing with the reports

In my experience Google do act on reports made from your email account not from SpamCop

[atarspam]

You can also report Gmail users using https://support.google.com/mail/contact/abuse

It's a bit of pain to complete, but hopefully Google takes notice of the reports.

[fliptop]

5 hours ago, Lking said:

I do not know what the situation is with google. But there is evidence here that google does nothing with the reports.

 

Do the IPs get blacklisted by SC?  As long as that happens I don't care what they do w/ them.

[Lking]

4 hours ago, fliptop said:

Do the IPs get blacklisted by SC? 

Yes. All spam reported to SC feeds their SCBL

 

[petzl]

15 hours ago, atarspam said:

It's a bit of pain to complete, but hopefully Google takes notice of the reports.

*IF* you have a webmail Gmail account make spam as Phishing it then immediately disables that email.
https://ibb.co/kBTDTmQ I did not report this as Phishing someone else did.

[KNERD]

On 9/20/2021 at 5:03 AM, atarspam said:

You can also report Gmail users using https://support.google.com/mail/contact/abuse

It's a bit of pain to complete, but hopefully Google takes notice of the reports.

I tried it, and submit button does not function

[atarspam]

14 hours ago, KNERD said:

I tried it, and submit button does not function

I've never had any problems with it using Chrome.  I've never tried it with any other browser.

Sorry, that's the best that I can offer.

[RobiBue]

I use https://support.google.com/code/contact/cloud_platform_report  instead. with Firefox it works.

In the section about Cloud Platform Service I put "not sure" since emails don't really fall into any of those categories... then I place a short note about the received: header line in the Abuse Details box and attach the full email in the additional logs (the plural is somewhat misleading since only one file can be attached...)

In the abuse details text box I also mention the lines

spf=pass (google.com: domain of ????@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=????@gmail.com;

of both Authentication-Results:  and ARC-Authentication-Results: in the headers.

 

[Hanco]

And I see the tracking links are no longer reporting from SpamCop

https:// storage.googleapis.com/… 

/dev/null'ing report for nomaster@devnull.spamcop.net

so I’ll do like you guys and submit reports direct to Google and in SpamCop so the email sender is aware and the sc Blacklist gets built on.

 

[Steve]

On 9/20/2021 at 6:03 AM, atarspam said:

You can also report Gmail users using https://support.google.com/mail/contact/abuse

It's a bit of pain to complete, but hopefully Google takes notice of the reports.

Yes, that seems to work when reporting gmail spam from a gmail account sent to my gmail inbox

[gnarlymarley]

On 9/20/2021 at 8:07 PM, petzl said:

*IF* you have a webmail Gmail account make spam as Phishing it then immediately disables that email.

Does it disable the senders account, or just prevent them from sending?

[petzl]

8 hours ago, gnarlymarley said:

Does it disable the senders account, or just prevent them from sending?

Don't know if the account is from Gmail would suspect it might.
Not hard to just reset a password so if sender is legit it can reset with new password.
If the senders are criminal doubt if they would bother
Also Bitly links can be easily disabled by here
https://docs.google.com/forms/d/e/1FAIpQLSczQXuQ-l1jv8yQETGyw7BYoi-k_8CRKVOqywntj4AykJgpvA/viewform

[gnarlymarley]

18 hours ago, petzl said:

Not hard to just reset a password so if sender is legit it can reset with new password.

I know some legit users that gave up and walked away when they had something similar a few years back.  Though, like you say, the criminals are most likely using burner accounts and would most likely move on.

[KNERD]

On 9/24/2021 at 2:54 AM, atarspam said:

I've never had any problems with it using Chrome.  I've never tried it with any other browser.

Sorry, that's the best that I can offer.

Sorry, I will NEVER use anything owned by Goolag. This includes any Chromium based browsers, They are used too much on the web.

[KNERD]

On 9/29/2021 at 8:16 AM, gnarlymarley said:

Does it disable the senders account, or just prevent them from sending?

It just sends their mail to the spam folder.

[RobiBue]

On 9/24/2021 at 4:33 PM, RobiBue said:

I use https://support.google.com/code/contact/cloud_platform_report  instead. with Firefox it works.

well, got some replies from them and they said that the IP I reported about was not handled by google cloud platform....

heck, the whole internet is the cloud... and anything google is in the google cloud.... marronies!!! (or maybe I am the marroni... 🤪 )