[l008com]

Everyone knows that when you get a scammer email from a yahoo address, you forward it to [email protected]

Yahoo was actually one of the fastest to act on this. They'd usually delete scammer accounts in hours. Google takes days to delete scammer account. Which is why most scammers use gmail. But that's likely to chance now. No more forwarding emails to [email protected]. Now, you have to jump through a ton of hoops on their website, including having your own yahoo account and logged in, OR, you can send the report to [email protected] via email, but not as a forward. You have to send it formatted via this short, easy to read and understand document: ( RFC 5965 - An Extensible Format for Email Feedback Reports ).

So yahoo is going to save a bundle now that they'll have significantly fewer abuse reports to deal with. Meanwhile the rest of the internet is going to end up paying the price.

[PB2K]

Simply put : Yahoo is for criminals. In Africa it's popular because people think a yahoo-emailaddress can only communicate to anotheryahoo-emailaddress. That's why all scams are sent from yahoo addresses by West-African people who think they are smarter than anyone else.

[l008com]

Originally Posted by PB2K 

Simply put : Yahoo is for criminals. In Africa it's popular because people think a yahoo-emailaddress can only communicate to anotheryahoo-emailaddress. That's why all scams are sent from yahoo addresses by West-African people who think they are smarter than anyone else.

Am I missing something, or does this not make any sense?

[PB2K]

it makes sense enough to me. what part don't you understand?

[l008com]

Scammers use yahoo email addresses because they think they can only email other yahoo users with them? Then why wouldn't they use gmail? Although actually most do use gmail, but still. I don't understand what your point is.

[Laminar]

Also "email address" is two words.

[Spheric Harlot]

Originally Posted by Laminar 

Also "email address" is two words.

I assume your Dutch is better than his English?

(I don't understand his point either, FWIW)

[Laminar]

Originally Posted by Spheric Harlot 

I assume your Dutch is better than his English?

Probably.

[l008com]

So I guess I'm the only one that's really upset with this new change yahoo made? I'm probably the only one that ever bothered to report scam attempts (which stream in through craigslist). I guess most people just ignore those emails. I always report them. Imagine if you had to sign up for a new free email address every day. You'd hate your job.

[besson3c]

For those of you curious, it looks like Yahoo Mail is the most popular free email system:

Hitwise United States � - the power of competitive intelligence

[iMOTOR]

I can’t stand banks that don’t put their abuse@ email on their front page.

[bstone]

does anyone read those [email protected] things?

[Thorzdad]

Originally Posted by l008com 

So I guess I'm the only one that's really upset with this new change yahoo made?

No, I'm not real happy about it, either. To me, it's just another backward step taken by a tech company in terms of customer service. For instance, I recently got two spam emails from a Yahoo address to one of my non-Yahoo addresses. I ended up using Yahoo's manual spam reporting page here, even though it's intended to report spam coming to your Yahoo address.

There's nothing on Yahoo's site for reporting spam coming from a Yahoo address and going to an outside address. It's as if they don't believe spam gets sent out from their domain to the wider world. Or, they don't care.

And that RFC 5965 draft for spam reporting...Good luck with getting common users to understand that one. Of course, there's nowhere to lodge a complaint about it at Yahoo, either. Their concept of "Contact Us" is for you to click on anything from a list of pre-determined topics. There really is no "us" to contact.

Sorry for the rant. I've been for a couple of weeks now with both Yahoo and Google for a client of mine regarding fraudulent Local, Places, and Maps entries and have kept running into this same blank wall of technology designed to thwart actual service. I can understand how the devs and marketing droids love it, but it's just maddening when you have a problem that doesn't fit into their pre-determined lists.

[ghporter]

Can someone please explain to me what this change is? I've had about zero problems with spam on or from Yahoo addresses, and I've successfully used their spam reporting form as well as simply forwarding to their 'abuse' address-both of which have resulted in me never seeing the offending sender's address again.

Did they announce something? How did this change come to light?

[Thorzdad]

Their [email protected] address now only accepts email in a very arcane format that no normal user is ever going to be able to generate. It used to accept simply forwarding the spam. If you forward the spam to the abuse@ address, you get an auto-reply like this:

Thank you for your email, but this address now only accepts messages in
Abuse Reporting Format (RFC 5965 - An Extensible Format for Email Feedback Reports)

To report abuse manually (or to get help with security or abuse related issues), please go to Yahoo! Abuse:
http://abuse.yahoo.com

For questions about using Yahoo! services, please visit Yahoo Help:
Help Central | Help

Thank you,
- Yahoo! Customer Care

Note: Please do not reply to this email as replies will not be answered.

I just discovered this by using the abuse@ address to report a couple of Yahoo-originated spams that came to my non-Yahoo email. AFAIK, Yahoo didn't make any announcement about the change.

[besson3c]

Originally Posted by Thorzdad 

No, I'm not real happy about it, either. To me, it's just another backward step taken by a tech company in terms of customer service. For instance, I recently got two spam emails from a Yahoo address to one of my non-Yahoo addresses. I ended up using Yahoo's manual spam reporting page here, even though it's intended to report spam coming to your Yahoo address.

There's nothing on Yahoo's site for reporting spam coming from a Yahoo address and going to an outside address. It's as if they don't believe spam gets sent out from their domain to the wider world. Or, they don't care.

And that RFC 5965 draft for spam reporting...Good luck with getting common users to understand that one. Of course, there's nowhere to lodge a complaint about it at Yahoo, either. Their concept of "Contact Us" is for you to click on anything from a list of pre-determined topics. There really is no "us" to contact.

Sorry for the rant. I've been for a couple of weeks now with both Yahoo and Google for a client of mine regarding fraudulent Local, Places, and Maps entries and have kept running into this same blank wall of technology designed to thwart actual service. I can understand how the devs and marketing droids love it, but it's just maddening when you have a problem that doesn't fit into their pre-determined lists.

Sorry to play devil's advocate here, but why should they care? I can kind of understand this from their vantage point.

Training people to distinguish between spoofed from headers and actual Yahoo envelope addresses must be a fool's game. It is so incredibly trivial to spoof that even if Yahoo were to be able to stop people creating Yahoo accounts to send spam with (and it certainly is not necessary to create a Yahoo account to do this), it still wouldn't stop you from getting spam from Yahoo addresses via zombified machines.

Moreover, the amount of support resources that would be required to get people to pass on full headers of their spam? By the time that happens the spammer will have moved on to a different zombified machine or domain, it's a fairly pointless game of whack-a-mole, at least from the perspective of Yahoo.

[besson3c]

Originally Posted by Thorzdad 

Their [email protected] address now only accepts email in a very arcane format that no normal user is ever going to be able to generate. It used to accept simply forwarding the spam. If you forward the spam to the abuse@ address, you get an auto-reply like this:

I just discovered this by using the abuse@ address to report a couple of Yahoo-originated spams that came to my non-Yahoo email. AFAIK, Yahoo didn't make any announcement about the change.

AFAIK user reported spam systems do not work well. There are too many false positives, people that forget that they subscribed to a particular mailing list, etc. This has been tried with other anti-spam services such as SpamCop, and I wouldn't be surprised if they've all come to the same conclusion.

AOL's is the most retarded though...

[besson3c]

Originally Posted by l008com 

Everyone knows that when you get a scammer email from a yahoo address, you forward it to [email protected]

Yahoo was actually one of the fastest to act on this. They'd usually delete scammer accounts in hours. Google takes days to delete scammer account. Which is why most scammers use gmail. But that's likely to chance now. No more forwarding emails to [email protected]. Now, you have to jump through a ton of hoops on their website, including having your own yahoo account and logged in, OR, you can send the report to [email protected] via email, but not as a forward. You have to send it formatted via this short, easy to read and understand document: ( RFC 5965 - An Extensible Format for Email Feedback Reports ).

So yahoo is going to save a bundle now that they'll have significantly fewer abuse reports to deal with. Meanwhile the rest of the internet is going to end up paying the price.

With all due respect, the net effect of this change: zero, it's virtually insignificant.

[ghporter]

Since the whole FBL system (RFC 5965) has been in place for over a year, why hasn't a tool been developed for USERS to provide the input the SYSTEM IS DESIGNED TO TAKE? Further, just what does Yahoo's "SPAM" button do, if not to format the offending item and send it on as a FBL report? I'd bet a dollar that this is exactly what happens when you use the manual form to report abuse to Yahoo...

[besson3c]

Originally Posted by ghporter 

Since the whole FBL system (RFC 5965) has been in place for over a year, why hasn't a tool been developed for USERS to provide the input the SYSTEM IS DESIGNED TO TAKE? Further, just what does Yahoo's "SPAM" button do, if not to format the offending item and send it on as a FBL report? I'd bet a dollar that this is exactly what happens when you use the manual form to report abuse to Yahoo...

It provides customers with the good feeling that they are doing something to prevent themselves from getting spam, when in actual reality they are doing very little.

Of course, the technical problems with feedback loops and getting any shmuck running an SMTP server here, Asia, or whatever to work together and devote resources to this problem aside, there is still the financial reality that Yahoo/GMail/Microsoft Live email is free, so what incentive is there for these companies to invest in means to reduce spam when it is probably a pointless battle? At most they will be trying to reduce the load on their servers, but they can utilize a variety of techniques for this including rate limiting, and it may also just be cheaper and ultimately more effective for them to throw more money at expanding their pool of servers rather than trying to invest in staffing to try to reduce spam.

I think we are just well past the point where spam can be controlled by reporting it.

[fdeag]

I have sent emails to Yahoo compliant with RFC 5965 within the last 24 hours.

Two of my emails did not get a reply, so I suppose they may have made it through.

For the other ones, I get the standard reply stated in an earlier post.

I made the mistake of sending the same complaint twice. Perhaps this could be the reason all attempts are now being rejected with the standard reply.

The RFC 5965 standard states in section 4 that: Where rejection is performed, the rejection notice SHOULD identify the specific cause for the rejection.

While there is some discretion regarding handling of rejections, Yahoo is outside the intention of the RFC 5965 standard because they fail to identify the specific cause for the rejection.

[fdeag]

I have sent emails within the last 24 hours that are compliant with RFC 5965.

Two of them did not get a reply, so I guess those two may have made it through.

I made the mistake of sending a complaint twice. This I guess could be the reason all my messages are being rejected now.

Section 4 of RFC 5965 states: Where rejection is performed, the rejection notice SHOULD identify the specific cause for the rejection.

Yahoo is failing to identify the specific cause for the rejection in response to RFC 5965 formatted messages.

Like I said, two of my emails did not get a response, so I am guessing I am close to getting it right.

[fdeag]

I am new to this site. The first time I posted a message, I got a page saying I was not logged in and that I needed to log in. It now seems that it did file my post, and following that I was presented with a login page.

Anyhow, my apologies for posting twice what is essentially the same thing.

While I am here, just want to say that over the years, I have from time to time had good success with stopping spammers.

On one occasion, I was inundated with spam. So I set about sending complaint emails to the appropriate personnel. After three days solid of sending complaints, the spam mysteriously and suddenly stopped.

Some time later, I head via a friend, that there was a report of a spam gang arrested in a certain nearby country exactly at the same time the spam I were receiving stopped. (Sometimes I do not keep in touch with the news.) Coincidence? Maybe, maybe not. I will never know. One thing I do know, reporting spam is worthwhile.

As for Yahoo's obstruction to reporting of spam and the like, it is foolish in the long run. Either the industry will self regulate, or regulation will be imposed. The less the industry self regulates, the sooner will regulation be imposed. Another reason is that if you are not taking a stand against illegal activities, and you by your actions support or in some way facilitate the illegal activities, there is guilt by association. It is like if you see someone being abused and can take action but don't, then you are guilty and are punishable with the same penalty as the person committing the crime.

[ghporter]

Yahoo (and probably others) shifting to dependence on either a process for reporting individual spams (which would become excessively time consuming when one is flooded with spam) or expecting typical users to somehow apply a RFC that is simply a specification for how messages should be formatted is extremely bad customer service. I think there should be some way for groups of users to express dissatisfaction with this... I just don't have an answer to what that method might be.

[besson3c]

Like I said, by and large spam reporting is pointless, because a lot of spam is driven by botnets and originates from a decentralized location.

[torsoboy]

Spam reporting through Yahoo! has always been too easy, so I am happy for the change. We get significantly more "spam complaints" from Yahoo! accounts than from anywhere else. People know who we are, they know why they are receiving the email, they know what the email is for, and every single one of our emails has a "click here to unsubscribe" link. Yet people still mark them as spam. We even get order receipts and new account registration emails marked as spam through Yahoo!'s system. It's ridiculous. Some people even mark the exact same email as spam multiple times over. Yahoo! also consistently blocks and defers our emails, which causes quite a bit of trouble when people place an order and don't receive a receipt for their order.

In the past Yahoo! has rejected all email from our servers for multiple days, and we had to start working around their system to send people their receipts. Yahoo!'s email system is the worst. Gmail? No problem. MSN? No problem. AOL? No problem. Yahoo!? Sucks big time. Google it a bit and you will see that we are not alone with this problem.

[l008com]

This change really doesn't effect that though. This is for reporting yahoo users as spammers.

And maybe some people send every forged-header email to yahoo. But 100% of what I send them are scam attempts or spam-vertised yahoo addresses that are real, functional addresses that need to be shut down. Expecting common people to apply an RFC to their spam reports is just there way of laying off their abuse staff most likely. If it gets real bad, I assume people will just start blocking yahoo mail servers.

Also when it comes to abuse reports, yahoo and MSN are pretty quick to respond. Usually 'bad' accounts are closed within a day. Google is by far the worst at responding to abuse reports. It can take a week for google to close down a scammer's account.

[andi*pandi]

I like to think that the spam@craigslist emails don't just go into a big circular file.

[fdeag]

Today I received three Spam emails from Yahoo.

I reported the first to [email protected] in RFC 5965 format. I did not get a reply, so I guess it was successfully received.

The RFC 5965 standard specifies that each report relate to only one Spam email. So I sent a second report in relation to a different incident. Yahoo sent back a message saying: 'Thank you for your email, but this address now only accepts messages in Abuse Reporting Format (RFC 5965 - An Extensible Format for Email Feedback Reports)'

Well now. The email I sent is in Abuse Reporting Format complying with the RFC 5965 standard. The RFC 5965 standard also states that the Subject in the machine readable second section of the report be the same as the original Spam email excepting the possible addition of a 'Fw:' or 'Re'. This I did. My first report has the same Subject as the second. This according to the standard is what should be done.

However I took a guess and added a reference number to the end of the Subject. In all other respects my third report is the same as the second rejected report that I reported today. Wonder of wonders, I did not get a reply. So I guess this is the trick. Just add a reference number to the machine readable Subject field in the second section of the report! This behavior of Yahoo is non-compliant with the RFC 5965 standard! They should accept the same Subject in different reports in relation to different incidents!

Furthermore the message: 'Thank you for your email, but this address now only accepts messages in Abuse Reporting Format (RFC 5965 - An Extensible Format for Email Feedback Reports)' is non-compliant with the intent of the RFC 5965 standard, because the standard states that a specific reason for rejection should be provided.