Hi, So, I have received some off list email, about my post. The trouble with off list email is that sometimes things are discussed that is of value to the community. These are my additional comments: Abuse systems can also be abusive, for example: http://multirbl.valli.org - warning all about a 'fake' rbl Abuse systems can be used as weapons - both for war as well as for corporate war. Abuse systems and platforms can be used to the detriment of the EU Where corporations club together and could be used to influence the growth/decline of services of a country or group of countries. Anyway, included is an extract of headers where SpamCop ignores date: Tue, 10 Jul 2018 03:08:27 -0700 (and the Google Relay ipv4 - which for the record was: mail-oi0-f44.google.com@209.85.218.44 and on Tue, 10 Jul 2018 03:08:27 -0700) and fails the report on date (older than 48 hours) as SpamCop trusts the Google relay and wants to report about: 2002:a4a:4841:0:0:0:0:0 with HTTP; Sat, 7 Jul 2018 19:37:11 -0700 (PDT) Which usually would have been the TELECOM company IP number (of the telecom user/company) The 'Telecom' company IP number is not an email server and therefore SpamCop reports that many abuse admins on this list receives, are not really worth much any longer as any spamcop report that is not about your email servers, can be safely deleted. Cisco basically says that they do not have any deal with Google and that they are not protecting Twitter, Facebook, Amazon and Microsoft I am wondering what the benefit is to Cisco by devaluing the value of SpamCop for abuse admins? Or is it more a case of protecting the big 5 and keeping everyone else on their toes? Is this bullying? Is it nefarious? It is not good. It is not ethical and it is plainly EVIL. +++++++++++++ Received: by mail-oi0-f44.google.com with SMTP id n84-v6so41513085oib.9 for <victim>; Tue, 10 Jul 2018 03:08:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jenreviews-email.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=EFkdASUSCy3UwqSvm2EX4abetipkteFp5j+2Y9kJF0c=; b=SUrZKZxQlMfl7LPwx6nTHoGJ9KnOH7k/7XJq80zGpkGERu4ogQnOIjJvbWC2NN3CK/ QwKh9JcBgnkdOHgnHcLlaoogt7o3+arGGjmNUBB9AP7jif35Hz74gurZ8vprFSO0mvjG sggWkN3rFq/wp+FuNKChWY4lT4PrsVbqo27UEvstouEsuMsH4OfBSAHpc7bb4QsuKvAd 0UglZIUWMxHGYYlFJB14SElmm4ILXXPEEZZky7JQa6OOpzvCV9Ak6cd+L6o1EuK04Npk A8+uM27v6UWsZLvX10+7D5CwL4t8oK97FG46cELHQE58nWlIVDm9PvAF5E970W46Pihy zceA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=EFkdASUSCy3UwqSvm2EX4abetipkteFp5j+2Y9kJF0c=; b=tJ0aM+VgmcMNhkOPlpYnhGNlP0/V0hWzttKZWMQxd9FZDEDbx5YbxGZn3dIrghNZY6 LOKdbKk5NUU61oqV/B0a/1ecm8mqFV4hP/qlDcFuu9HXeYsxgwZ9ieGF7EpBycnzJqLT 3n9ldMJuNL9RiKWJr1L4o4+JySpJ8Dp4zsuRfm4rn4V2cQQP8LT763r2sKXG1jEXG6Yy VQUL8eEdnsWgN4ON4LQA34MqHTejtHnTNTFYrWQUX8VjqIImedNl58Gx8RNW7nHSwt/F eaGw/xl3umn4bkONz8UVkpYVqgTI8nqVehhJlynKTPyTKxLFS9waGPieOOM9hLkeb+eA 2JeQ== X-Gm-Message-State: APt69E3m7PhKks5zjFEwDCJkBQzeDd3nggWlzc1bT0LzBBFYHQMSDN5F toEVWauopOgYRWJ7JSCN637aGLXOvTSpggI1GKu4aw== X-Google-Smtp-Source: AAOMgpdxfMce9VRJy0i9imFEwrYn4NZwGbhBzGfmH1WTfcicyUEVdX7DJIykmii9WZ7wnhUCy93cLp/a7T/At+cVdJE= X-Received: by 2002:aca:430b:: with SMTP id q11-v6mr28734957oia.127.1531217285617; Tue, 10 Jul 2018 03:08:05 -0700 (PDT) Received: from 776393159873 named unknown by gmailapi.google.com with HTTPREST; Tue, 10 Jul 2018 03:08:05 -0700 MIME-Version: 1.0 Received: by 2002:a4a:4841:0:0:0:0:0 with HTTP; Sat, 7 Jul 2018 19:37:11 -0700 (PDT) From: Jenn Miller <jenn@jenreviews.email> Date: Tue, 10 Jul 2018 03:08:05 -0700 Message-ID: <CALvVF876A17shGKhFmXEU2hD4Z0CNsY4mHy1=Sj1rASQStYDAQ@mail.gmail.com> ++++++++++++++++++++++++ On Thu, 5 Jul 2018 13:23:08 +0200 ac <ac@main.me> wrote:
Hello All,
As we all know, Google and Microsoft dominates email relay in many places and they are getting even larger with each passing year.
They are not getting larger because they are offering great email service but because they are ever more aggressive and sometimes under handed and do not behave decently or in an ethical way.
if the present trends continue, there will be almost no email relay that does not operate through either Microsoft or Google.
Interesting thing that all of us (and Microsoft) should take careful note of is that Google has done a deal with Cisco (Talos SpamCop) whereby reports about abuse (including spear phish, spam, scams, etc) - are no longer sent to Google (abuse@google.com) but directly to the relay ipv4/ipv6 abuse ISP contact. When there is no ipv4/ipv6 abuse contact the complaints are discarded and in a minority of cases, still go to abuse@google.com
Microsoft of course has two attack vectors. One the 'custom' protocols of their exchange servers and the other is that they mix legit email and spear phish, payday loan scams from the same servers. Google has now also started doing the same thing. Before Google used to be more responsive to abuse complaints and there were fewer actual criminal activity relayed by Google. So, it is becoming more frequent and common to find spear phish attack on a client, from Google and Microsoft and this motivates clients to move services to Microsoft or Google.
I do not think that there is much an abuse wg can discuss around this, as there is not much or anything that any of us can actually do about the present situation as both Google and Microsoft has simply become too large and year on year they are getting larger.
Any comments?