justauser Posted October 29, 2005 Share Posted October 29, 2005 Hi all. Say that a spammer sends spam email using my email address as the return-path to [deaduser][at]supereva.it, MAILER-DAEMON[at]supereva.it bounces to me, I report the misdirected bounce using SpamCop, and abuse[at]supereva.it replies as follows: Hello SpamCop user, this mail in not spam, but a bouce on forged sender. Please Remove you warning. Regards, Abuse Staff DADA SPA -----Messaggio Originale----- Da: "me" <[Report ID][at]reports.spamcop.net> A: abuse[at]dada.it Data invio: [Date] Oggetto: Fw: [[Report Subject] [copy of SpamCop Report] Say that this process is repeated half a dozen times over the course of two months. At what point does it become abusive enough that I can take further action? Are these ignorant and abusive replies by abuse[at]supereva.it themselves reportable? Thanks. Link to comment Share on other sites More sharing options...
Jeff G. Posted October 29, 2005 Share Posted October 29, 2005 Seeing as you don't solicit such denials of responsibility, that same abuse desk has sent that exact same denial to others (despite being instructed as to why they are getting Reported), that denial is not addressed to you personally, and email to postmaster[at]supereva.it has bounced (see http://www.rfc-ignorant.org/tools/lookup.p...in=supereva.it), I'd say you have a good case. Link to comment Share on other sites More sharing options...
agsteele Posted October 30, 2005 Share Posted October 30, 2005 I'd say you have a good case. 35131[/snapback] I'd agree with Jeff G. that there is a good case but also ask whether reporting this abuse desk will actually achieve anything useful? Personally I treat ignorance and incompetence differently to UCE. So I'd delete these messages and ignore them. But that's a personal position - others will treat them as spam and report. Andrew Link to comment Share on other sites More sharing options...
justauser Posted October 30, 2005 Author Share Posted October 30, 2005 I'd agree with Jeff G that there is a good case but also ask whether reporting this abuse desk will actually achieve anything useful? Personally I treat ignorance and incompetence differently to UCE. So I'd delete these messages and ignore them. But that's a personal position - others will treat them as spam and report. 35185[/snapback] Thanks. I've already sent a Manual Report upstream. Link to comment Share on other sites More sharing options...
Miss Betsy Posted October 30, 2005 Share Posted October 30, 2005 I've already sent a Manual Report upstream. I agree. I think manual reports are more effective in certain situations than getting an address blocked by submitting spam reports. The object is to stop certain behavior. It wouldn't stop the behavior if no one received the stupid replies and complained. And the stupid replies are not 'spam' in some definitions so that it dilutes the good that blocklists do by giving an argument to opponents that 'innocents' are harmed by blocklists. When there were still large ISPs sending email rejection notices, the scbl did not block backscatter. They were convinced by manually submitted arguments. Miss Betsy Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted October 30, 2005 Share Posted October 30, 2005 Are these ignorant and abusive replies by abuse[at]supereva.it themselves reportable? No, they're not. Responses to SpamCop complaints are solicited by definition. You sent the complaint and they get to reply. Take the opportunity to advance our agenda of stopping misdirected bounces by replying to them with an explanation of how the bounces hurt/annoy you and give them this link: http://www.spamcop.net/fom-serve/cache/329.html - Don D'Minion - SpamCop Admin - Link to comment Share on other sites More sharing options...
justauser Posted October 30, 2005 Author Share Posted October 30, 2005 Take the opportunity to advance our agenda of stopping misdirected bounces by replying to them with an explanation of how the bounces hurt/annoy you and give them this link: http://www.spamcop.net/fom-serve/cache/329.html 35209[/snapback] Already done, thanks. They just don't get it. Link to comment Share on other sites More sharing options...
Miss Betsy Posted October 30, 2005 Share Posted October 30, 2005 Be patient. And keep sending the info when you have time. You just never know when the dam will break. Miss Betsy Link to comment Share on other sites More sharing options...
terribleted Posted October 31, 2005 Share Posted October 31, 2005 I have actually taken this type of mail bomb abuse by spammers to extremes. At times we get flooded with spam and in the past our site had open posting for our guestbook that ultimately created havoc on the net for our users. I call the Embassy of the country for whom I can identify either the source or a company that would benefit from either the re-direct url or advertising. I then fax about a dozen examples to the Ambassador, call to follow up and then send to my Senator with demand to contact the FTC and their diplomatic contacts. Until I started using Spamcop, I generally report Asian spam manually to the various IP contacts that Spamcop identifies in it's own reports. When I can identify that the source is US based, I call the County Sherrif or the law enforcement in the area and fax or email them the spam. I have had one good result with a 419 spam outlet in Michigan. My reports to the Korea Times and Herald and the President of Korea four years ago, helped to speed KISA into doing something. All this is a royal pain! This is my procedure: Re-configure mail server (Merak Pro) 1) Turn off rbl's, set minimal trapping in global rules for country code. 2) Create trap and forward to KISA for all Korean character sets (the bulk of our spam) 3) Use either MailWasher for Spamcop forward or 4) Create manual report for ISP, FTC, etc (see above) Results: When the rbl's and sbl are off (spamhaus, spamcop, ordb) I can get around 1000 per day, total to all accounts. Note: when rbl's are on, only a few 419 scams get through Link to comment Share on other sites More sharing options...
agsteele Posted October 31, 2005 Share Posted October 31, 2005 I have actually taken this type of mail bomb abuse by spammers to extremes. [snip] I have had one good result with a 419 spam outlet in Michigan. 35253[/snapback] Seems you added a reply to the wrong thread (we're not alking about 419 type messages) but it certainly seems far more time consuming than most end users would want Andrew Link to comment Share on other sites More sharing options...
Miss Betsy Posted November 1, 2005 Share Posted November 1, 2005 Going with the drift... I wonder how 419 spam gets through so many filters. Do they really work at avoidance? Or is because they are too close to real email for the filters to catch them? Miss Betsy Link to comment Share on other sites More sharing options...
Jeff G. Posted November 1, 2005 Share Posted November 1, 2005 One would think that "MILLION" in ALL CAPS would be a clue for SpamAssassin. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.