oldskoolflash Posted June 22, 2006 Share Posted June 22, 2006 I have recently been receiving Lottery spam, you know the kind that encourages you to to contact them because you have won a "prize" they then con you out of large sums of money. Because there is no spavertised website reverenced, they include a contact email address (in this case a yahoo email address). I sent a copy of the spam to Yahoo with a note stating that, although this the spam did not originate from a Yahoo user or server, the spammer was using a referenced Yahoo email address in an attempt to obtain money by deception. I also encouraged them to disable the email account promptly so that anyone duped by the scam would not be defrauded. Two days later I get the standard canned reply from Yahoo saying "We understand your frustration in receiving unsolicited email. While we investigate all reported violations against the Yahoo! Terms of Service (TOS), unfortunately in this particular case the message you received was not sent through the Yahoo! Mail system." Now this really annoys me, because it is clear that they have not bothered to read my email, if they had, they would realise that I was not reporting spam, but criminal activity by one of their users. I said this in myreply to them and get the identical canned reply back. Finally I blow my top at them and get a reply saying that the user has not broken any of their TOS! By this time over a week had passed, meaning the spammer has almost certainly already defrauded several victims, and all this time Yahoo has been protecting them. When will ISP's realise they have a duty to ensure that they, and their members act within the law. How can fraud and obtaining money by deception not be a breach of their TOS? Stuff their TOS it is against the law! :angry: :angry: :angry: Here is my last reply to them: I am frankly staggered by your response, and clear incompetence in dealing with this matter. I shall therefore be writing to your Chief Executive, Terry Semel, with full details of this case. With reference to the Yahoo Terms of Service, I feel obliged to inform you that the world is not based on the "Law of Yahoo". It may be news to you, but we live in a society in which individuals and businesses must respect local and international legislation. When a member of the public takes the time to report a serious crime, committed by one of your members, they have every right to expect quick and decisive action against the offender. In this case, Yahoo has done neither. By failing to acknowledge that abuse has taken place Yahoo are effectively protecting the criminals involved and allowing them to facilitate fraud. Seeing as Yahoo are unaware there is a world outside their TOS I would like to draw your attention to the following breaches. I have highlighted them for your convenience as you seem to be having trouble reading. Finally, I have also referred this matter to the Camelot legal team who are responsible for overseeing the UK National Lottery, you may be interested to note that their email address is not claimagent_info01[at]yahoo.hk as suggested in the offending email reported to you. Yahoo Terms of Service, Section 6: You agree to not use the Service to: upload, post, email or otherwise transmit any Content that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libellous, invasive of another's privacy, hateful, or racially, ethnically or otherwise objectionable; "Unlawful". Is fraud not a crime in Yahooland? c. impersonate any person or entity, including, but not limited to, a Yahoo! official, forum leader, guide or host, or f falsely state or otherwise misrepresent your affiliation with a person or entity; "Impersonate any person or entity" Last time I checked the UK National Lottery was an "entity". Your customer is clearly impersonating them and using a Yahoo email account to conduct their "business". d. forge headers or otherwise manipulate identifiers in order to disguise the origin of any Content transmitted through the Service; Headers were forged and identifiers manipulated as identified in the original report. e.upload, post, email or otherwise transmit any Content that you do not have a right to transmit under any law Hmm, there it is again that damn law thing, wouldn't life be much simpler if we all just followed the Yahoo Terms of Service….? f. upload, post, email or otherwise transmit any Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights ("Rights") of any party; The UK National Lottery is a trademark and it is protected by UK legislation. g.upload, post, email or otherwise transmit any unsolicited or unauthorised advertising, promotional materials, "junk mail," "spam," Have you heard of the expression "if it looks like a duck, and sounds like a duck" ? k. intentionally or unintentionally violate any applicable law or regulation including, but not limited to, regulations promulgated by any securities exchange; Law law law law law…….yawn Link to comment Share on other sites More sharing options...
turetzsr Posted June 22, 2006 Share Posted June 22, 2006 <snip> Because there is no spavertised website reverenced, they include a contact email address (in this case a yahoo email address). I sent a copy of the spam to Yahoo with a note stating that, although this the spam did not originate from a Yahoo user or server, the spammer was using a referenced Yahoo email address in an attempt to obtain money by deception. I also encouraged them to disable the email account promptly <snip> ...Nicely said. Question, though: did you verify that the Yahoo!Mail account in question is actually an active Yahoo!Mail account? Link to comment Share on other sites More sharing options...
Farelf Posted June 22, 2006 Share Posted June 22, 2006 Nice work oldskoolflash. You might also like to send details to joewein (Note, not confined to postal scams). Maybe "Joe" would take up the cudgels. Link to comment Share on other sites More sharing options...
oldskoolflash Posted June 22, 2006 Author Share Posted June 22, 2006 ...Nicely said. Question, though: did you verify that the Yahoo!Mail account in question is actually an active Yahoo!Mail account? How do I verify the account, do you mean send an email and see if it bounces? I would be very suprised if the email wasn't active as it was the only means of contact in the original spam. Nice work oldskoolflash. You might also like to send details to joewein (Note, not confined to postal scams). Maybe "Joe" would take up the cudgels. Thank's for that link farelf, i'll definately get in touch Link to comment Share on other sites More sharing options...
turetzsr Posted June 22, 2006 Share Posted June 22, 2006 ...Nicely said. Question, though: did you verify that the Yahoo!Mail account in question is actually an active Yahoo!Mail account?How do I verify the account, do you mean send an email and see if it bounces?...Good question, perhaps someone more knowledgeable can answer as to what the best way would be. Your suggestion would certainly work, though! <g>I would be very suprised if the email wasn't active as it was the only means of contact in the original spam. <snip> ...Well, see rules #1, 3 and 4 in "Spammer Rules." Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 22, 2006 Share Posted June 22, 2006 How do I verify the account, do you mean send an email and see if it bounces?...Good question, perhaps someone more knowledgeable can answer as to what the best way would be. Your suggestion would certainly work, though! <g> C:\Documents and Settings\Steven> telnet mx1.mail.yahoo.com 25 220 mta201.mail.re4.yahoo.com ESMTP YSmtp service ready helo underwood.spamcop.net 250 mta201.mail.re4.yahoo.com mail from: <underwood[at]spamcop.net> 250 sender <underwood[at]spamcop.net> ok rcpt to: <test123456789001982[at]yahoo.com> 250 recipient <test123456789001982[at]yahoo.com> ok data 502 Command Unimplemented data 354 go ahead This is a test message . 554 delivery error: dd This user doesn't have a yahoo.com account (test123456789 001982[at]yahoo.com) [0] - mta201.mail.re4.yahoo.com quit 221 mta201.mail.re4.yahoo.com Connection to host lost. C:\Documents and Settings\Steven> However, an MX lookup for yahoo.hk is not returning an MX server configured, so the address may be invalid. > yahoo.hk Server: ns1.ma.charter.com Address: 66.189.0.29 Non-authoritative answer: yahoo.hk MX preference = 0, mail exchanger = (root) yahoo.hk nameserver = ns4.yahoo.com yahoo.hk nameserver = ns5.yahoo.com yahoo.hk nameserver = ns6.yahoo.com yahoo.hk nameserver = ns1.yahoo.com yahoo.hk nameserver = ns2.yahoo.com yahoo.hk nameserver = ns3.yahoo.com ns1.yahoo.com internet address = 66.218.71.63 ns2.yahoo.com internet address = 66.163.169.170 ns3.yahoo.com internet address = 217.12.4.104 ns4.yahoo.com internet address = 68.142.196.63 ns5.yahoo.com internet address = 216.109.116.17 ns6.yahoo.com internet address = 202.43.223.170 I then tried a test message from my throw away yahoo account and got: Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <claimagent_info01[at]yahoo.hk>: Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) So they can't even deliver the message...address invalid, domain invalid. Link to comment Share on other sites More sharing options...
oldskoolflash Posted June 23, 2006 Author Share Posted June 23, 2006 So they can't even deliver the message...address invalid, domain invalid. Thanks for that Stephen, you'd think Yahoo would mention that rather than constantly repeating that the user has not breached their TOS! Another possibility is that my constant nagging for a week has persuaded them to disable that email address, unless by "domain invalid" you mean the whole of yahoo.hk - is that not yahoo hong kong though? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 24, 2006 Share Posted June 24, 2006 Thanks for that Stephen, you'd think Yahoo would mention that rather than constantly repeating that the user has not breached their TOS! Another possibility is that my constant nagging for a week has persuaded them to disable that email address, unless by "domain invalid" you mean the whole of yahoo.hk - is that not yahoo hong kong though? yahoo.com.hk seems to be the real domain Link to comment Share on other sites More sharing options...
bobbear Posted June 24, 2006 Share Posted June 24, 2006 I hate Yahoo too for the same reason. I've been down this road many a time with yahoo.co.uk re. bogus lottery response addresses. My abuse report form clearly lists the criminal's bogus lottery response address in the subject line & in the first few sentences so they don't have to read too much, (as they usually don't), & I still get the same dumb response "this message was not sent through the Yahoo mail system". I check the validity of mail addresses using dnsstuff.com email validity checker, but yahoo mailservers return a 250 response, (recipient OK) no matter what the address prefix is & I don't know how to check the validity of an address without actually sending a test email & of course if bouncing is disabled than I'll still not know if it has been successfully delivered or not......... ) Apart from dumb responses, Yahoo abuse teams will also reply with an 'action taken' message when they have clearly taken no action at all, i.e: My report: "Attached below is the full, unedited source code, (full headers and body), for an unsolicited bogus lottery criminal fraud spam received by me today containing the following response email address, (see body of spam): claimdepartment[at]claimagentonline.com 1) Attention help[at]melbourneit.com.au as the sponsoring registrar for the criminal's site claimagentonline.com 2) Attention Yahoo domains abuse as the reseller for the criminal's domain claimagentonline.com 3) Attention network-abuse[at]cc.yahoo-inc.com for the criminal's response address claimdepartment[at]claimagentonline.com (Yahoo domain email facility) N.B. - The criminal fraudsters site claimagentonline.com redirects to http://www.geocities.com/hugh_chris/ 4) Attention geo-abuse[at]yahoo-inc.com for the criminals redirect site http://www.geocities.com/hugh_chris/ [snip]" No response at all from Yahoo network abuse or Yahoo domains abuse, but Yahoo Geocities abuse respond with: "Hello Bob, Thank you for writing to Yahoo! Geocities. Thank you for informing us of possible abuse on Yahoo! GeoCities. We have investigated the site and taken the necessary action. Please continue to notify us of any content you believe violates the GeoCities Terms of Service, located at: http://docs.yahoo.com/info/terms/geoterms.html Thank you again for contacting Yahoo! Customer Care. Regards, George Smith Yahoo! Customer Care http://www.yahoo.com/ 23594238" In fact no-one has taken any action at all - the domain claimagentonline.com is still active and still redirects to the criminal's Geocities site of http://www.geocities.com/hugh_chris/ & the email address of claimdepartment[at]claimagentonline.com returns a 250 recipient OK response, a test email doesn't bounce, & the yahoo mx is still valid for the address...... As a related aside it's also a waste of time reporting outright criminal frauds such as this to MIT even if no reseller is involved - they do not take any action. (I don't bother reporting the usual spams to registrars - that IS generally a waste of time in my experience), but outright overt criminal frauds such as phishing & money laundering scams usually get action from responsible registrars, but never with MIT. (I've been reporting ibs-inc.biz for months to them with plenty of evidence of the fraudulent nature of the site with no result.) Link to comment Share on other sites More sharing options...
bobbear Posted June 24, 2006 Share Posted June 24, 2006 Ooops - slip of the brain, (shouldn't rely on my memory....) - that should have been Alantron Bltd I've been reporting ibs-inc.biz to for months with no action, (or even a response). It's phishing fraud domains I've been reporting to MIT with no response or action on the domain registration front..... Link to comment Share on other sites More sharing options...
btech Posted June 30, 2006 Share Posted June 30, 2006 If Yahoo wasn't used to send it or as an internediary, they won't do anything. Link to comment Share on other sites More sharing options...
Redstone Posted July 5, 2006 Share Posted July 5, 2006 From my experience, Geocities eventually does do something but after there is enough reports about the site. Rather than see the scamsite for what it is, they wait until there is enough complaints before they shut it down. Sometimes (and this is seldom) do they whack a site upon reporting. However, a growing number of spams I receive that reference Geocities sites ends up either 404ed or 403ed. Link to comment Share on other sites More sharing options...
bobbear Posted July 20, 2006 Share Posted July 20, 2006 Shock, Horror!! Hating Yahoo, (& Hotmail etc...), may be justified.... Link to comment Share on other sites More sharing options...
Barleyjoe Posted July 20, 2006 Share Posted July 20, 2006 Too Funny! Any e-mail from Yahoo is typically a Yahoo. Watch as their stock pluments due to their greed. Link to comment Share on other sites More sharing options...
oldskoolflash Posted July 26, 2006 Author Share Posted July 26, 2006 In fact no-one has taken any action at all - the domain claimagentonline.com is still active and still redirects to the criminal's Geocities site of http://www.geocities.com/hugh_chris/ & the email address of claimdepartment[at]claimagentonline.com returns a 250 recipient OK response, a test email doesn't bounce, & the yahoo mx is still valid for the address...... You are receiving the same spam as me, always claimagent[at].......... I haven't noticed a referenced website before though, but it doesn't surprise me at all that no action has been taken. It is amazing isn't it, if this was any other large corporate business and a member of the public approached them to inform them that one of their own was committing fraud, there would be immediate action taken, but because this is an ISP, they do nothing. If Yahoo wasn't used to send it or as an internediary, they won't do anything. I'm sorry, but in the UK, they are required by law to do something about it. If it can be proved that they are willingly allowing their systems to be used to facilitate criminal fraud, then they are accessory to fraud and can be held accountable. The fact is, nobody pursues these cases - after all who wants to take on Yahoo. If there was enough media interest in this there would be uproar that large organisations a participating in this kind of criminal activity. Link to comment Share on other sites More sharing options...
Miss Betsy Posted July 26, 2006 Share Posted July 26, 2006 If there was enough media interest in this there would be uproar that large organisations a participating in this kind of criminal activity. What we(tinw) need is a Ralph Nader for email! Miss Betsy Link to comment Share on other sites More sharing options...
snaller Posted July 27, 2006 Share Posted July 27, 2006 And i hate the incompetent programmers at innovision who made this board so buggy that hackers can easily get the entire email list of registred people and start spamming them. :angry: Link to comment Share on other sites More sharing options...
Farelf Posted July 28, 2006 Share Posted July 28, 2006 ... so buggy that hackers can easily get the entire email list of registred people and start spamming them. :angry:Well, there's no conclusive evidence that they managed that at this site - thanks only to Wazoo cutting off the stem (if only 'twer literal). So, you are absolutely correct in being angry in general and have the right target (IMO, though whether "buggy" or just a bit lax with established programing standards and principles is something I am unqualified to judge even if I saw the actual code). But at the same time you have to be a little bit pleased about the management of this particular board, I would think. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.