[SpamCop-List] Re: ignoring reply to:

[Brian (SnSR)]

ken wrote:
> I'm now getting Tsunami scams worth Millions of dollars. They're all coming 
> from the same isp and same reply to: at Netscape.com roots to abuse at aol.com 
> .
> Just to be sure I've been submitting them to spamcop to make sure I'm not 
> screwing up with Sam spade.
> 
> Only spam reports spamcop's sending to from this are the final mailbox at my 
> isp.
> I realize the reply to, from etc can all be forged, but when the emails are 
> identical, wouldn't it make sense for the reports to use any available links 
> supplied by the spammer ?
> 
> 

This is where human intervention works better than the parser can. 
Usually the reply to is forged, but often not in scams where the perp 
needs a response. This requires manually reporting the reply to address 
as well as any email address given in the message body.

I use a variety of methods to get this point across to abuse desks.

Subject: <email address> is being used for 419 spam drop box.

I then let them know where the email address can be found, whether in 
the headers <Reply To> or in the message body, and where in the message 
body. This helps them to quickly locate it and not have to read thru the 
whole message.

I also add that this address is often forged, but in this case, it is 
being used for such-and-such a reason.

Then I paste the message. I have had this work well.

Unfortunately, in a discussion with Carl Hutzler, AOL's Director of Spam 
Operations, AOL hasn't found a method to determine that it's not a joe 
job and willingly delete those accounts. I've been attempting to change 
his opinion.

If you would like to forward some samples (as attachments) to me, I can 
use it to possibly get him to respond to this. SpamNScamsReporter at 
gmail dot com.