Jump to content

network-abuse@google.com bounces, again


fliptop
 Share

Recommended Posts

Howdy all - I seem to recall this happening before, perhaps a couple-three years ago?

https://members.spamcop.net/sc?id=z6723973700z580d8f6227bc283c1b918450a2e3c366z

Spamcop reports for google spam is being /dev/null'd again. Since about 90% of the spam I receive comes from google's servers, this is not good. The submission always responds w/ something similar to this:

Tracking message source: 209.85.210.170:
Routing details for 209.85.210.170
[refresh/show] Cached whois for 209.85.210.170 : network-abuse@google.com
abuse@google.com bounces (25774 sent : 16844 bounces)
Using best contacts
No reporting addresses found for 209.85.210.170, using devnull for tracking.
Yum, this spam is fresh!
Message is 0 hours old
209.85.210.170 not listed in cbl.abuseat.org
209.85.210.170 listed in dnsbl.sorbs.net ( 1 )
209.85.210.170 not listed in accredit.habeas.com
209.85.210.170 not listed in plus.bondedsender.org
209.85.210.170 not listed in iadb.isipp.com

Anyone have any idea what's going on? Gmail is so ubiquitous, it's impossible to firewall these IPs w/o upsetting a lot of people...
Link to comment
Share on other sites

2 hours ago, fliptop said:

Spamcop reports for google spam is being /dev/null'd again.

There are several reasons to send reports to devnull.

  • Several (6 i seem to remember) pass reports have bounced back to spamcop - So why send more?
  • The admin on record has ask spamcop NOT to send spam reports. - Spamcop does not want to add to the email clutter. If they are not going to act on the report, just put it in the bit bucket, why use the bandwidth to send more report to the admin?
  • There is strong evidence that the reported admin passes the report directly to the spammer. - Not good.
  • Others

I do not know what the situation is with google. But there is evidence here that google does nothing with the reports.

 

Link to comment
Share on other sites

1 hour ago, Lking said:

I do not know what the situation is with google. But there is evidence here that google does nothing with the reports

In my experience Google do act on reports made from your email account not from SpamCop

Link to comment
Share on other sites

5 hours ago, Lking said:

I do not know what the situation is with google. But there is evidence here that google does nothing with the reports.

 

Do the IPs get blacklisted by SC?  As long as that happens I don't care what they do w/ them.

Link to comment
Share on other sites

15 hours ago, atarspam said:

It's a bit of pain to complete, but hopefully Google takes notice of the reports.

*IF* you have a webmail Gmail account make spam as Phishing it then immediately disables that email.
https://ibb.co/kBTDTmQ I did not report this as Phishing someone else did.

Link to comment
Share on other sites

I use https://support.google.com/code/contact/cloud_platform_report  instead. with Firefox it works.

In the section about Cloud Platform Service I put "not sure" since emails don't really fall into any of those categories... then I place a short note about the received: header line in the Abuse Details box and attach the full email in the additional logs (the plural is somewhat misleading since only one file can be attached...)

In the abuse details text box I also mention the lines

spf=pass (google.com: domain of ????@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=????@gmail.com;

of both Authentication-Results:  and ARC-Authentication-Results: in the headers.

 

Link to comment
Share on other sites

8 hours ago, gnarlymarley said:

Does it disable the senders account, or just prevent them from sending?

Don't know if the account is from Gmail would suspect it might.
Not hard to just reset a password so if sender is legit it can reset with new password.
If the senders are criminal doubt if they would bother
Also Bitly links can be easily disabled by here
https://docs.google.com/forms/d/e/1FAIpQLSczQXuQ-l1jv8yQETGyw7BYoi-k_8CRKVOqywntj4AykJgpvA/viewform

Link to comment
Share on other sites

18 hours ago, petzl said:

Not hard to just reset a password so if sender is legit it can reset with new password.

I know some legit users that gave up and walked away when they had something similar a few years back.  Though, like you say, the criminals are most likely using burner accounts and would most likely move on.

Link to comment
Share on other sites

On 9/24/2021 at 2:54 AM, atarspam said:

I've never had any problems with it using Chrome.  I've never tried it with any other browser.

Sorry, that's the best that I can offer.

Sorry, I will NEVER use anything owned by Goolag. This includes any Chromium based browsers, They are used too much on the web.

Link to comment
Share on other sites

On 9/24/2021 at 4:33 PM, RobiBue said:

I use https://support.google.com/code/contact/cloud_platform_report  instead. with Firefox it works.

well, got some replies from them and they said that the IP I reported about was not handled by google cloud platform....

heck, the whole internet is the cloud... and anything google is in the google cloud.... marronies!!! (or maybe I am the marroni... 🤪 )

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...