Delivered-To: [EMAIL PROTECTED] Date: Sat, 31 Jan 2004 12:50:34 -0500 From: Rich Kulawiec <[EMAIL PROTECTED]> Subject: Re: [IP] EMail Scams and the FBI -- darned good question jdf To: Bob Frankston <[EMAIL PROTECTED]> Cc: Dave Farber <[EMAIL PROTECTED]>
> In the meantime there are many email messages being sent that are carefully > designed fraudulent letters that try to get people to reveal their > financial information and I haven't seen any indication of police work to > track down those miscreants. I presume it requires international > cooperation. Yet all I read about are the attempts to crack down and people > who make unauthorized copies of CDs.
Oh my yes. This has been going on for years and years, and -- with exceedingly rare exceptions -- both the ISPs responsible (for transmitting the mail, hosting the dropboxes, hosting the web sites, providing DNS, etc.) and law enforcement absolutely refuse to lift a finger. In fact, nearly all the time, they don't even bother to respond to reports, no matter how many they get, or from whom, or how exhaustive the documentation is.
In addition some of the ISPs/companies out there have deliberately made it difficult to even report such frauds to them, by (a) refusing to accept abuse reports at the "abuse" address, as they should per RFC 2142 (b) setting up web forms that are incapable of accepting even basic amounts of evidence, (c) requiring that people sign up for "memberships" merely in order to file a complaint (!) and (d) in some cases, passing on the complaints TO THE PEOPLE DOING THE ABUSE.
I've stopped reporting [1]: why should I bother? I just block the source of the problem at the firewalls (if that's feasible) and forget about it.
I'm far from alone in taking this approach. Why should we, who have already been victimized by the abuse coming from $ENTITY, have to jump through $ENTITY's ridiculous hoops just to file a report that is quite likely to either be ignored or handed over to the abusers?
Here's just one example from the past week. This time, it's Verizon, but even a cursory search of the archives of news.admin.net-abuse.email will yield thousands more, involving all sorts of goods and services, stock pump-n-dump, "419" scams, Ponzi schemes, and a generous assortment of other naughtiness. I haven't seen a followup to this message (yet) but I presume that you can contact its author to see if anything has changed.
---Rsk
[1] Unless I personally know and trust someone on the receiving end.
> .From [EMAIL PROTECTED] Tue Jan 27 17:04:31 EST 2004
> .Article: 1174528 of news.admin.net-abuse.email
> .Newsgroups: news.admin.net-abuse.email
> .Subject: Verizon supports and encourages criminal activity
> .X-Newsreader: NN version 6.5.1 (NOV)
> .From: [EMAIL PROTECTED] (Keenan Clay Wilkie)
> .NNTP-Posting-Host: 192.107.41.17
> .X-Original-NNTP-Posting-Host: 192.107.41.17
> .Message-ID: <[EMAIL PROTECTED]>
> .Date: 27 Jan 2004 14:51:26 -0500
> .X-Trace: news.iglou.com 1075233086 192.107.41.17 (27 Jan 2004 14:51:26 -0500)
> .X-Original-NNTP-Posting-Host: 192.107.41.17
> .Path: sn-us!sn-xit-06!sn-xit-08!supernews.com!newshosting.com!nx02.iad01.newshosting.com!news-feed01.roc.ny.frontiernet.net!nntp.frontiernet.net!uunet.MISMATCH!ash.uu.net!news.iglou.com!shell1!darkstar
> .Xref: sn-us news.admin.net-abuse.email:1174528
> .Status: RO
> .Content-Length: 3135
> .Lines: 62
> .
> .Well, after a number of weeks of repeat followups regarding a spam that I
> .received advertisiing the Verizon-hosted digitalcable4free.com, it is
> .clear to me that Verizon has no interest in terminating the site despite
> .the fact that it has been repeatedly advertised via unsolicited bulk email
> .and despite the fact that it is selling a product that is very clearly
> .illegal. Apparently Verizon's only concern is that they receive money,
> .and if that money happens to be given to them so that they can enable
> .criminal activity, they don't care. The fact that Verizon still hosts
> .digitalcable4free.com indicates, to me, that Verizon openly supports the
> .criminal activity involved in that website. Not only is the product
> .advertised an illegal cable descrambler, but the advertiser claims that
> .the product is "100% legal!". As the product is very clearly illegal,
> .this means that Verizon is also directly supporting acts of fraud.
> .
> .This isn't even getting into the fact that the spammer uses illegally
> .hijacked proxies to engage in his spamming.
> .
> .I don't suppose that anyone here has an email address for Verizon that
> .might actually reach a human being who actually cares about Verizon's
> .reputation? Thus far none of the addresses that I've tried have resulted
> .in any response, leading me to conclude that anyone whom I can contact at
> .Verizon is perfectly happy about the fact that their company enables
> .criminal acts on its network. I've also CCed messages to contact
> .addresses of several cable companies and the FCC, and if anyone has good
> .contact addresses in that respect I would be grateful.
> .
> .For simplicity's sake, I'll not reproduce any more than the headers here.
> .The full spam can be seen at
> .http://members.iglou.com/darkstar/verizonsupportscrime.txt
> .
> .
> .>From [EMAIL PROTECTED] Thu Jan 08 16:34:26 2004
> .Return-path: <[EMAIL PROTECTED]>
> .Envelope-to: [EMAIL PROTECTED]
> .Received: from [12.212.77.245] (ident=sendmail)
> . by iglou.com with spam-scanner (8.12.5/8.12.5)
> . id 1AehnN-0007Gz-H5
> . for [EMAIL PROTECTED]; Thu, 08 Jan 2004 16:34:25 -0500
> .Received: from 12-212-77-245.client.attbi.com ([12.212.77.245])
> . by iglou.com with smtp (8.12.5/8.12.5)
> . id 1AehnJ-0007Fz-RH
> . for [EMAIL PROTECTED]; Thu, 08 Jan 2004 16:34:22 -0500
> .Received: from [77.131.199.217] by 12-212-77-245.client.attbi.com with ESMTP id FFE9EDE1DAB for <[EMAIL PROTECTED]>; Fri, 09 Jan 2004 01:36:45 +0400
> .Message-ID: <[EMAIL PROTECTED]>
> .From: "Mabel Koch" <[EMAIL PROTECTED]>
> .Reply-To: "Mabel Koch" <[EMAIL PROTECTED]>
> .To: [EMAIL PROTECTED]
> .Subject: Get all New movies - Free - ecstasy
> .Date: Fri, 09 Jan 04 01:36:45 GMT
> .X-Mailer: Microsoft Outlook Express 5.50.4133.2400
> .MIME-Version: 1.0
> .Content-Type: multipart/alternative;
> . boundary="26BDD_3C.39F4"
> .X-Priority: 3
> .X-MSMail-Priority: Normal
> .X-Foreign-Sender: 12.212.77.245
> .
> .--
------------------------------------- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
