[SC-Help] Paypal/Ebay reporting error (deputies?)

Tue Apr 19 14:28:41 EDT 2005

Yes, you are absolutely correct with what you state below.  The difference of
opinion here is how you go about reporting to these "ISPs".  Personally, I 
forward all SPAM to SpamCop.  I also CC: the FCC on all my SPAM.  I
don't let SpamCop notify them, I do it directly but at the same time!  If the
SPAM is selling drugs, I CC: the FDA at the same time.  If they are selling
software, I CC: the proper piracy at x.x address at the same time.  In the case
of phishing attempts, I follow the exact same scenario.  I CC: the appropriate
phish at x.x at the same time I forward the mess to SpamCop.  This sets up
two independent paths of notification.  When I follow up on my report to
SpamCop, I make sure to uncheck any Innocent Bystanders that the parser
may have identified.  There is no reason at all for SpamCop to be listing an
IB in any way, shape or form or to be notifying them of anything.  They are
innocent of any wrong doing and have nothing directly to do with the email
that ended up in your mailbox.  That is the point we are trying to get across
to you.  You are simply using the wrong tool to make your notifications.

This is SpamCop we are talking about, not PhishCop...  :)

The bottom line is that by using SpamCop you are causing unforeseen
consequences for the very people you are going out of your way to help.
You are being a nice guy and trying to alert these companies to phishing
attempts but at the same time you are contributing to their problems 
communicating with their legitimate customers.  

Here is an idea.  Maybe this will help demonstrate what we are talking
about.  The next time you report a phish, check the parser output and
click on the "report history" link for any IB URLs that were identified.
You will see how many well meaning people just like yourself have
reported these sites as being spamvertised.  There is no notation
indicating that these were merely phishing attempts.  To the rest of the
world, it looks as if these companies have been using SPAM to advertise
their web sites!  Is this the intent you had in mind???

At 12:11 PM 4/19/2005 -0400, David Butler typed:

>Paypal and Ebay ARE their own ISPs and have email addresses specifically for
>phishing and spoofing. They want these reports or they would not have the
>addresses so set up. Perhaps I should have mentioned this earlier...
>
>> What SH and I are talking about is that paypal/ebay is an IB in a phish,
>> not a spamvertiser, and shouldn't be reported as a spamvertiser as a
>> method of 'communicating' with ebay/paypal about a phish.