North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Yahoo! -- A "Phisher-friendly" hosting domain?

  • From: Rich Kulawiec
  • Date: Wed Sep 07 16:08:23 2005

Two comments.

<soapbox>

First, it's everyone's responsibility to do what's necessary
to prevent their operation from being an abuse source, vector,
or support service.  That includes registrars, web hosts, DNS
providers, email services, consumer ISPs, webmail services,
corporations, end-users -- *everyone*.  Nobody gets a pass.

Of course, this isn't what's happening: and that's why abuse
is such a massive problem.  If people actually (gasp!) began
running their operations in a responsible manner (starting with
very simple and easy measures like "read your abuse mailbox
and take immediate action on all reported problems") then all
these issues would of course still exist -- but at greatly
reduced levels.  However, it seems that many prefer to implicitly
support abuse by doing nothing...that is, until their network
neighbors grow tired of their inaction, and decide to put a
cork in it by collaboratively blacklisting them -- at which point,
the typical response, instead of being a contrite admission of
long-term systemic failure, is plaintive, mock-outraged whining
about how terribly unfair it all is.

</soapbox>

Second, it appears to me that Yahoo may be contending with Microsoft
for the title of "largest spam-and-abuse support operation on
the Internet".  Both are completely infested with abusers of
all descriptions, not just in the freemail operations, but their
mailing lists, web hosting, etc.  Both have established very
long track records of not just failing to take action, but
*refusing* to take action, even when someone else does their job
for them, compiles the applicable evidence, and presents it to
them.  (Search, for example, the Google archives of Usenet for
either "yahoo clueless" or "hotmail clueless" for more examples
than any sane person, or even Fergie ;-),  would ever want to read.)

Here's a recent note (courtesy of John Levine) which is complementary
to the one previously presented concerning Yahoo:

	From: [email protected] (John R. Levine)
	Newsgroups: news.admin.net-abuse.email
	Subject: Re: Microsoft -- starting to support spam?
	Date: 24 Aug 2005 11:25:40 -0400

	[...]

	The other day I collected a list of domains hosted by MSN.  Here's a
	few.  If you were in the domain hosting business, would you let your
	customers register and use these?  Microsoft did.

	MY-EBAY-EBAY.COM
	MY-EBAY-SIGNIN-BILLING-ACCOUNT.COM
	MY-EBAYAUCTION.COM
	MYEBAY-EBAY.COM
	ONLINE-EBAY-ESCROW.COM
	ONLINEAUCTIONSONEBAY.COM
	ONLINESAFETY-EBAY.COM
	PAYMENT-CONFIRM-EBAY.COM
	PAYMENT-DEPARTAMENT-EBAY.COM
	PAYMENT-DEPARTMENT-EBAY.COM
	PAYMENT-EBAYALERT.COM
	PAYMENTS-EBAY-SQUARETRADE.COM
	PAYMENTSUPPORT-EBAY.COM
	PLANETEBAY-VERIFICATION.COM
	PLANETEBAYONLINE.COM
	PURCHASE-EBAYSQUARETRADE.COM
	REACTIVE-EBAY.COM
	SAFE-DEPARTAMENT-EBAY.COM
	SAFE-SQUARETRADE-EBAYDEALS.COM
	SAFEDEALS-EBAYSQUARETRADE.COM
	SAFEDEPARTAMENT-EBAY.COM
	SAFEHARBOR-EBAYCENTRAL.COM
	SAFETY-PROTECTION-EBAY.COM
	SAFETYTEAM-EBAY.COM
	SCGI-EBAY-EBAYISAPI-DLL.COM

	PAYPAL-ACCOUNT-8414SWQ9.COM
	PAYPAL-ACCOUNT-SA435QS.COM
	PAYPAL-ACCOUNTINGS.COM
	PAYPAL-ACCOUNTS-UPDATE.COM
	PAYPAL-ALERT.COM
	PAYPAL-CONFIRMATION-ID-0746795.COM
	PAYPAL-CONFIRMATION-ID-PP0746S795.COM
	PAYPAL-CONFIRMATION-ID-PP4145570.COM
	PAYPAL-FRAUD-ALERT.COM
	PAYPAL-INTL-SERVICE.COM
	PAYPAL-MEMBER-SERVICES.COM
	PAYPAL-SECURES-UPDATES.COM

	R's,
	John

Keep this in mind when anyone from either Yahoo or Microsoft pretends
to somehow be interested in "anti-spam" or "anti-phishing" activities.
Neither has demonstrated, to date, the slightest inclination or ability
to even keep its own operation relatively free of spammers, phishers,
etc. despite having at its fingertips the cumulative work of a large
number of netizens who have diligently reported these problems to them.
It's thus completely disengenuous of them to feign any interest in
doing so on an Internet-wide basis.

---Rsk