Does anyone know how to get Yahoo abuse to recognize that they're
hosting a phishing site? All I can ever get back from them is
boilerplate telling me they know how frustrating it is to get spam,
that it did not originate from them and how to read the headers. Not
half as frustrating as their ignorance.
Not sure which Yahoo form you are filling out. The phishing complaint
I submitted got a pretty quick response:
http://help.yahoo.com/l/us/yahoo/security/forms/phishing.html
--Jaren
Damn forms; whatever happened to abuse@ addresses?
They were likely spammed out of existence.
Half of the time our abuse people spend is wading through the spam at the abuse@ addresses =)
Kind of ironic 
You can't really use anti-spam tech on there because people are literally forwarding you spam
-Drew
They got abused. 
Matt
SPAM, at a guess 
A few years I proposed a standard way to report abuse by email (X-headers) but nobody was interested.
I suspect forms are because the abuse desks want necessary information in a structured way that doesn't have to be manually processed each time, plus trying to hunt people who can't realise what information is needed to do a proper abuse complaint.
If anyone out there is good at handling abuse complaints, or at writing
abuse-handling systems, and is contemplating a career change, please
consider helping out; there's a whole raft of anti-abuse positions that
need filling, and if we can get good people to fill them, they can help
make it less frustrating to get these issues resolved.
Here's a couple of key positions that are in serious need of filling,
and have been open for several months now:
http://careers.yahoo.com/jdescription.php?frm=jsres&oid=25937
http://careers.yahoo.com/jdescription.php?frm=jsres&oid=27908
for the whole list of anti-abuse positions that need filling...
http://careers.yahoo.com/jsearchresults.php?key=abuse&jcat=&city=&submit=submit&submit=submit&submit=submit
Without good people in those roles, it'll be hard for the folks on
lists like this to get the level of responsiveness they're looking
for. So, if you know people who would be good in these
positions, send them along--the sooner the spots get filled,
and people start cranking, the better we can deal with issues
like this.
Thanks!
Matt
(trying not to speak for anyone in particular...but not doing a
terribly good job of it)
Having managed an abuse desk, I can honestly say that sometimes the amount of email you receive can be overwhelming. There were times I was receiving 30k-50k emails a day. It's easy for some to get lost.
On that note, dealing with Yahoo! has been a constant pain. I think they've grown so large that their abuse department is lost in the shuffle. I've been having problems with them automatically greylisting all our IP blocks so that they default to the Yahoo! spam folder unless we send the bulk mail form in 8 bazillion times and being able to contact a human is nearly impossible. Consequently, I have acquired multiple POC's in the abuse/postmaster departments.
Here are the addresses I use to contact people.
abuse-admin@cc.yahoo-inc.com
mail-abuse-bulk@cc.yahoo-inc.com
mail-classic-errors@cc.yahoo-inc.com
ynoc-request@yahoo-inc.com (because we peer with them, sometimes I am able to get them to get someones attention in the abuse department through the NOC though I hate using this route as they are busy enough already.)
and the phone number for postmaster/email customer care is 408-349-1572
Hopefully one of these will help you out.
Jessica
Damn forms; whatever happened to abuse@ addresses?
A few years I proposed a standard way to report abuse by email (X-headers) but nobody was interested.
There's a (draft, de facto) standard format for automated reports between providers:
http://tools.ietf.org/wg/marf/
I suspect forms are because the abuse desks want necessary information in a structured way that doesn't have to be manually processed each time, plus trying to hunt people who can't realise what information is needed to do a proper abuse complaint.
Yep, that's certainly part of it.
Oh we love that. Find some way to automate feeding all that to your
spam filters and you got yourself a sizeable trap, if the abuse
address is about a decade old.
A few years I proposed a standard way to report abuse by email (X-headers) but nobody was interested.
There's a (draft, de facto) standard format for automated reports between providers:
Mutual Internet Practices Association
Messaging Abuse Reporting Format (marf)
Unfortunately this seems very focused on reporting SPAM and other email related abuses. What I was looking for was a way to format a generic abuse report where the most important parts would be "type of abuse", "IP doing the abuse", "time the abuse occured" and "<free text field about what
" that could be used by end users. Creating a new MIME type
precludes most end users from ever using it because their MUA won't support it.
That's IODEF, if and when it picks up enough steam to get widely deployed.
That looks over-engineered, but at least someone can create a web service where the user can fill in fields and use drop-down menus to create the XML and the cut/paste this into an email and send. Question is how an end user should handle the reply they get, it'll be pretty much unreadable to the untrained eye.
Some types of conversations simply don't take well to automation.
However, automatically indexing/archiving such conversations for
future reference can be useful (and can assist participants to the
conversation in looking up past similar conversations), and it is
easier to archive and maintain accurate auditing of structured
language than to implement natural language parsers.
That said, XML makes a terrible data interchange format for
communications where humans are supposed to understand the message,
using standard software (such as a legacy e-mail client).
YAML, or similar would be a more appropriate choice, and since it
can be presented as plain text, many humans can understand the output
simply by looking at it.
Exactly what we said when developing ARF.