Head, meet brick wall

Last October, I wrote that Yahoo's abuse desk seemed to be getting a clue. It seems that I spoke too soon. Much, much too soon.

A few days ago, a money transfer scammer sent me the usual earn $2500 a week from home pitch, inviting replies to be sent to either 'support' or 'application' at makepay.us. It was fairly clear that makepay.us was the scammer's domain, so I looked up the domain, found it was hosted by Yahoo!, and fired off a takedown request to the abuse address for Yahoo! hosting, stating:

The message advertises email addresses at the domain makepay.us [68.142.212.138-141] which is located in netblock INKTOMI-BLK-4.

A few days later, back came the first boilerplate response.

We understand your frustration in receiving unsolicited email ... in this particular case the message you received was not sent through the Yahoo! Mail system ... Yahoo! has no control over activities outside its service, and therefore we cannot take action. You may try contacting the sender's email provider ...

Because I'm prepared to go the extra mile for scammers, I decided to give it another try. I sent a reply, including an 'nslookup' dump that showed that the scammer's domain uses Yahoo! mailservers, and added.

You are correct that the message was not sent through Yahoo! Mail. However, the sender uses Yahoo! Hosting to host domains used in an apparent money transfer scam ... 'makepay.us' is owned by the scammer ... the mail hosts for that domain ... are owned by Yahoo!

Yahoo! abuse quickly responded:

Please include the following in your report of email abuse to assist us in a prompt and full investigation ... Original subject line ... Complete headers ... Complete message body ... If reports ... are missing any one of these three items, it may take longer for the Yahoo! Mail Abuse Team to properly investigate and take appropriate action ...

Frankly, by this time I'm beginning to wonder whether the Yahoo! Mail Abuse team is capable of properly investigating and taking appropriate action, but I try again:

All the information you request below - subject, headers and body - was included in the original report. It is still included in this message, and if you scroll down, you can read it.

I also provide another recap of the issue, written as simply and concisely as I can manage.

Back comes the response:

We understand your frustration in receiving unsolicited email ... in this particular case the message you received was not sent through the Yahoo! Mail system ... Yahoo! has no control over activities outside its service, and therefore we cannot take action. You may try contacting the sender's email provider ...

I will say this for Yahoo!: their turnaround time is pretty fast. I've had three responses in three days. The downside, unfortunately, is that while they've been firing off boilerplate messages, the scammer's domain has been up and receiving mail — courtesy of Yahoo!'s mail servers. I wonder how many people have lost their money to the scam during that time?

Posted by spamnation on February 17, 2007 09:37 AM |

Tags: , , , , ,

« Storm Worm | Main | You Only Scam Twice »

weblognewsstocksstatstoolsnoteslinksmisc