[IP] more on EMail Scams and the FBI -- darned good question jdf

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on EMail Scams and the FBI -- darned good question jdf
From: Dave Farber <dave@xxxxxxxxxx>
Date: Sat, 31 Jan 2004 13:02:29 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx

Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Sat, 31 Jan 2004 12:50:34 -0500
From: Rich Kulawiec <rsk@xxxxxxx>
Subject: Re: [IP] EMail Scams and the FBI -- darned good question jdf
To: Bob Frankston <rmfxixB1@xxxxxxxxxxxxxxxxxx>
Cc: Dave Farber <dave@xxxxxxxxxx>

> In the meantime there are many email messages being sent that are carefully
> designed fraudulent letters that try to get people to reveal their
> financial information and I haven't seen any indication of police work to
> track down those miscreants. I presume it requires international
> cooperation. Yet all I read about are the attempts to crack down and people
> who make unauthorized copies of CDs.

Oh my yes.  This has been going on for years and years, and -- with
exceedingly rare exceptions -- both the ISPs responsible (for transmitting
the mail, hosting the dropboxes, hosting the web sites, providing DNS,
etc.) and law enforcement absolutely refuse to lift a finger.  In fact,
nearly all the time, they don't even bother to respond to reports, no matter
how many they get, or from whom, or how exhaustive the documentation is.

In addition some of the ISPs/companies out there have deliberately made
it difficult to even report such frauds to them, by (a) refusing to
accept abuse reports at the "abuse" address, as they should per RFC 2142
(b) setting up web forms that are incapable of accepting even basic
amounts of evidence, (c) requiring that people sign up for "memberships"
merely in order to file a complaint (!) and (d) in some cases, passing
on the complaints TO THE PEOPLE DOING THE ABUSE.

I've stopped reporting [1]: why should I bother?  I just block the source
of the problem at the firewalls (if that's feasible) and forget about it.

I'm far from alone in taking this approach.  Why should we, who have
already been victimized by the abuse coming from $ENTITY, have to
jump through $ENTITY's ridiculous hoops just to file a report that
is quite likely to either be ignored or handed over to the abusers?

Here's just one example from the past week.  This time, it's Verizon,
but even a cursory search of the archives of news.admin.net-abuse.email
will yield thousands more, involving all sorts of goods and services,
stock pump-n-dump, "419" scams, Ponzi schemes, and a generous assortment
of other naughtiness.  I haven't seen a followup to this message (yet)
but I presume that you can contact its author to see if anything
has changed.

---Rsk

[1] Unless I personally know and trust someone on the receiving end.

> .From darkstar@xxxxxxxxxxxxxxxx Tue Jan 27 17:04:31 EST 2004
> .Article: 1174528 of news.admin.net-abuse.email
> .Newsgroups: news.admin.net-abuse.email
> .Subject: Verizon supports and encourages criminal activity
> .X-Newsreader: NN version 6.5.1 (NOV)
> .From: darkstar@xxxxxxxxxxxxxxxx (Keenan Clay Wilkie)
> .NNTP-Posting-Host: 192.107.41.17
> .X-Original-NNTP-Posting-Host: 192.107.41.17
> .Message-ID: <4016c13d$1_1@xxxxxxxxxxxxxx>
> .Date: 27 Jan 2004 14:51:26 -0500

> .X-Trace: news.iglou.com 1075233086 192.107.41.17 (27 Jan 2004 14:51:26-0500)

> .X-Original-NNTP-Posting-Host: 192.107.41.17

> .Path:sn-us!sn-xit-06!sn-xit-08!supernews.com!newshosting.com!nx02.iad01.newshosting.com!news-feed01.roc.ny.frontiernet.net!nntp.frontiernet.net!uunet.MISMATCH!ash.uu.net!news.iglou.com!shell1!darkstar

> .Xref: sn-us news.admin.net-abuse.email:1174528
> .Status: RO
> .Content-Length: 3135
> .Lines: 62
> .
> .Well, after a number of weeks of repeat followups regarding a spam that I
> .received advertisiing the Verizon-hosted digitalcable4free.com, it is
> .clear to me that Verizon has no interest in terminating the site despite
> .the fact that it has been repeatedly advertised via unsolicited bulk email
> .and despite the fact that it is selling a product that is very clearly
> .illegal.  Apparently Verizon's only concern is that they receive money,
> .and if that money happens to be given to them so that they can enable
> .criminal activity, they don't care.  The fact that Verizon still hosts
> .digitalcable4free.com indicates, to me, that Verizon openly supports the
> .criminal activity involved in that website.  Not only is the product
> .advertised an illegal cable descrambler, but the advertiser claims that
> .the product is "100% legal!".  As the product is very clearly illegal,
> .this means that Verizon is also directly supporting acts of fraud.
> .
> .This isn't even getting into the fact that the spammer uses illegally
> .hijacked proxies to engage in his spamming.
> .
> .I don't suppose that anyone here has an email address for Verizon that
> .might actually reach a human being who actually cares about Verizon's
> .reputation?  Thus far none of the addresses that I've tried have resulted
> .in any response, leading me to conclude that anyone whom I can contact at
> .Verizon is perfectly happy about the fact that their company enables
> .criminal acts on its network.  I've also CCed messages to contact
> .addresses of several cable companies and the FCC, and if anyone has good
> .contact addresses in that respect I would be grateful.
> .
> .For simplicity's sake, I'll not reproduce any more than the headers here.
> .The full spam can be seen at
> .http://members.iglou.com/darkstar/verizonsupportscrime.txt
> .
> .
> .>From 328fwmeq@xxxxxxxxxxxxxxx Thu Jan 08 16:34:26 2004
> .Return-path: <328fwmeq@xxxxxxxxxxxxxxx>
> .Envelope-to: darkstar@xxxxxxxxx
> .Received: from [12.212.77.245] (ident=sendmail)
> .  by iglou.com with spam-scanner (8.12.5/8.12.5)
> .  id 1AehnN-0007Gz-H5
> .  for darkstar@xxxxxxxxx; Thu, 08 Jan 2004 16:34:25 -0500
> .Received: from 12-212-77-245.client.attbi.com ([12.212.77.245])
> .  by iglou.com with smtp (8.12.5/8.12.5)
> .  id 1AehnJ-0007Fz-RH
> .  for darkstar@xxxxxxxxx; Thu, 08 Jan 2004 16:34:22 -0500

> .Received: from [77.131.199.217] by 12-212-77-245.client.attbi.com withESMTP id FFE9EDE1DAB for <darkstar@xxxxxxxxxxxxxx>; Fri, 09 Jan 200401:36:45 +0400

> .Message-ID: <983$f8sq3-nhv@w7i4ajla>
> .From: "Mabel Koch" <328fwmeq@xxxxxxxxxxxxxxx>
> .Reply-To: "Mabel Koch" <328fwmeq@xxxxxxxxxxxxxxx>
> .To: darkstar@xxxxxxxxx
> .Subject: Get all New movies - Free - ecstasy
> .Date: Fri, 09 Jan 04 01:36:45 GMT
> .X-Mailer: Microsoft Outlook Express 5.50.4133.2400
> .MIME-Version: 1.0
> .Content-Type: multipart/alternative;
> .  boundary="26BDD_3C.39F4"
> .X-Priority: 3
> .X-MSMail-Priority: Normal
> .X-Foreign-Sender: 12.212.77.245
> .

> .--

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on EMail Scams and the FBI -- darned good question jdf
Next by Date: [IP] : Make sure your vote is counted - be absentee on election day!
Previous by thread: [IP] more on EMail Scams and the FBI -- darned good question jdf
Next by thread: [IP] : Make sure your vote is counted - be absentee on election day!
Index(es):
- Date
- Thread