Mother Superior Posted May 4, 2008 Share Posted May 4, 2008 Hi Yes - I'm a newbie here so please bear with me! We've recently started a new website fighting back against scammers who send out spam/scam emails with reply email addresses. It easy (or fairly so) to get the scammer's sending account closed but it's sometimes very difficult to get their reply email account closed. Even when the email company is sent the full email with reply email noted, full headers etc, only in very few cases does the company ever bother to close the reply account. As the reply account is the most important - in that the scammer continues to receive replies to his earlier scam/spam and fraudulently tricks more people of of their cash, most Email Companies don't seem to bother. Has anyone come across this before or can offer any help or even know of a quick workaround? All help appreciated! And remember NEWBIE - nice replies only! Link to comment Share on other sites More sharing options...
rconner Posted May 5, 2008 Share Posted May 5, 2008 Has anyone come across this before or can offer any help or even know of a quick workaround? All help appreciated! And remember NEWBIE - nice replies only! I was raised Southern Baptist but even I know enough not to lip off on a nun (if I may presume from your sig). I'm interested to know how you have determined that the mail providers are doing nothing. if it is simply because they haven't mailed you back, then this does not mean that no action has been taken. It turns out to be extraordinarily difficult for an outsider (like you or me) to determine with any assurance that an e-mail address still works, except in cases where you get an explicit bounce when you try to send something to it. This is because many mail systems do not work in a fully standards-compliant manner. So, even if you have availed yourself of one of the online e-mail "fingering" tools that are online, the fact that a mail was accepted does not mean that it will be delivered. Like you, I try to report these crooks whenever I can. I seldom get any direct feedback, and even when I do, the reply often won't specify what action was taken. It is tempting to want to follow each of these things out to the bitter end, but over the years I have learned that this can cause you to burn up a main bearing and make you give up altogether. The way I look at it is that I have done more than my duty when I report the abuse of these addresses. If the providers don't care about vipers in the nest, that's something over which I have no control. -- rick Link to comment Share on other sites More sharing options...
Wazoo Posted May 5, 2008 Share Posted May 5, 2008 We've recently started a new website fighting back against scammers who send out spam/scam emails with reply email addresses. It easy (or fairly so) to get the scammer's sending account closed but it's sometimes very difficult to get their reply email account closed. That description is actually pretty scarey. For example, please see the SpamCop FAQ entry as found in the single-page-access-exanded version found here (liks found at the top of this very page) Why am I getting all these Bounces? .. as then expounded upon by all the posts from folks complaining/asking about all the e-mail rejection notices about e-mail they never sent. You now suggest that you manage to get these 'sending' accounts closed ...????? Can't help but wonder about and ask ... might you be one of those responsible for Fred Showker's current e-mail issues ...???? Please see HELP! Can I prevent getting BLOCKED ???, I've been slammed by a spammer with my email address Even when the email company is sent the full email with reply email noted, full headers etc, only in very few cases does the company ever bother to close the reply account. And as with all spam reporting/complaints, action is limited to just what the ISP/Host will do. Of course noting that care must be taken in the other direction also, not being willing to kill an account based on false or exaggerated accusations. (see Fred's suggested issue yet again.) As the reply account is the most important - in that the scammer continues to receive replies to his earlier scam/spam and fraudulently tricks more people of of their cash, most Email Companies don't seem to bother. Has anyone come across this before or can offer any help or even know of a quick workaround? This actually seems like a bit of a silly question being asked here. As seen in the Lounge area and elsewhere on the net, spam celebrated its 30th anniversary yesterday. One would think that 30 years of complaining about spam spew to the 'responsible' ISPs and Hosts that spam spew would no longer be an issue ... yet spam spew continues to march on the way to destroying newsgroups, e-mail, compromising end-user computer systems with crafted links to destructive web-sites, taking afvantage of ignorant folks with the phishing expeditions .... but you only want to know about Reply-To: addresses (or textually provided reply addresses as found in the body) .... The SpamCop.net Parsing & Reporting system stopped reporting e-mail addresses in total many years ago due to so many of them being forged, dead, already closed, etc. So to make this discussion somewhat technically feasible .. just what are you doing to 'demonstrate/prove' that your reported e-mail addresses are in fact not closed? And remember NEWBIE - nice replies only! Apparently you spent little time doing any research within this Forum. Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 5, 2008 Share Posted May 5, 2008 If you really want to try something hard, try convincing hotmail about a reply email address in a fax! I finally managed to convince them to look at it, but it took so many days that probably the scammer had moved on. My standard line for reporting the 'drop' email addresses is to say, "To protect the ignorant and greedy, please close this email address: xxx[at]xxx found below" with the headers and and body copied below. As rconner says, one has to have trust in the receiving abuse desk to do its duty. Because of privacy laws, they won't tell you anything more than action has been taken - if they reply at all. Just curious, but what does your website do? It's morning time and I am not thinking very clearly, but I can't imagine what good a website would be in collecting or sending email addresses to the proper authorities without some kind of software like the spamcop parser. You must understand about headers if you get any action against a sending email address since all of those in the From and return path are forged addresses in a scam email. And, I am surprised that you know that action was taken since there is no way to test it since you don't know the actual email address. Since I am not a server admin and don't work with spam daily, I am not sure about this statement, but I think that many scam emails come via compromised computers that don't have an email address. Although someone once told me that the reason 419 scams come through the filters fairly regularly is that they send them individually to escape the filters - both outgoing and incoming. Although I am not a detail person, I do understand why Wazoo asks so many questions when I start to try to think about a problem! And why he would suspect that you are using 'misdirected bounces' to inform the senders. However, it is always a good idea to manually report the 'drop' addresses. I think that ISPs do shut them down promptly whether they tell you they do or not. Miss Betsy Link to comment Share on other sites More sharing options...
rconner Posted May 5, 2008 Share Posted May 5, 2008 Wazoo makes a very cogent point (as usual). When you speak of "getting the sending account closed," do you mean that you are reporting the address that appears in the "from" line of the header? If so, then you really need to rethink. The from-addresses in spam are almost always forged, see this SpamCop Wiki page. In other words, if you report these, you may be making a false accusation against a completely innocent party. My own address has just (once again) been abused in this fashion, so I know whereof I speak. I will sometimes report from-addresses of scam mail, but only if I can see that the scammer hasn't provided some other address, either in the reply-to field or in the message body itself. The people who perpetrate these scams would not last very long if they didn't take measures to deflect the blame elsewhere. Using forged from-addresses is one such trick. -- rick Link to comment Share on other sites More sharing options...
rconner Posted May 5, 2008 Share Posted May 5, 2008 I think that many scam emails come via compromised computers that don't have an email address. Although someone once told me that the reason 419 scams come through the filters fairly regularly is that they send them individually to escape the filters - both outgoing and incoming.My impression is that 419 scams (and the like) are sent a few at a time via free e-mail services, rather than via botnets (as the pills-and-porn spammers do). Looking at the headers, one can often trace them back to IP addresses in Africa (most likely internet cafes, as legend has it). Possibly our correspondents start the day by buying a tall cool one and then sitting down at their Lagos "workstations" to crank out a few dozen messages which are routed through the mail servers of the freemail services. Most of the freemail services have figured out how to record this information properly in mail headers (even though the mail is technically being sent by HTTP and not SMTP), so these origin addresses are often traceable by SpamCop. -- rick Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.