[attrition] why is eBay (and others) exempt ..

security curmudgeon jericho at attrition.org
Wed Jan 11 10:08:51 EST 2006 

.. from RFC guidelines and a somewhat friendly method for someone to 
complain?

Report a problem to abuse at ebay.com and you get this type of message. 
Notice the tracking number in the subject line? It is hitting their 
system, being assigned some kind of ticket or tracking ID number, getting 
forwarded to safeharbor at ebay.com, then bounced as undeliverable.

Sites this big not maintaining an abuse@ contact as per RFC standards (RFC 
2142 (section 4)) is disgusting. Not maintaining custom addresses that 
they originaly set up is even more disgusting.

Follow their URL below and you end up here: 
http://pages.ebay.com/help/contact_us/_base/result_6_1_12.html?item=&dsturl=http%3A%2F%2Fpages.ebay.com%2Fhelp%2Fcontact_us%2F_base%2Findex.html&tier0=%5Bobject+Object%5D&tier1=result_6_1_12&continue=Continue+%3E#

Which gives you three options. The first two are 'instant help' FAQ pages:

Filing an online fraud alert
Feedback abuse, withdrawal, and removal

The third is "Customer Support Option(s)" which has one link "Email". 
Clicking this link requires a) you register as a new ebay user b) sign in 
as an existing ebay user c) sign in via Microsoft Passport

So if someone is spamming an ebay.com auction URL to a million people, 
only a registered ebay member can file a complaint, via a web page, and 
expect to wait "24-48 hours for a response".

This is completely irresponsible.

---------- Forwarded message ----------
From: eBay Safe Harbor <SafeHarbor at ebay.com>
To: security curmudgeon <jericho at attrition.org>
Date: Wed, 11 Jan 2006 06:56:43 -0800
Subject: Your message to safeharbor at ebay.com was not received
     (KMM200419105V91401L0KM)

Thank you for writing to the eBay SafeHarbor Team.

The address you wrote to (safeharbor at ebay.com) is no longer in service.
Please re-send your email to us through the Contact Us page listed
below.

  http://pages.ebay.com/help/contact_us/_base/index.html

Using this service will help us direct your email to the right
department and quickly respond to your inquiry. Choosing the most
appropriate topic from this page will help us answer your question
faster.

REPORTING SPOOF

If you received this message after attempting to report an email that
appears to have come from eBay but actually directs you to another site,
you must forward the message to us again by using the forward function
of your email program. Make certain that spoof at ebay.com is in the "to"
field. Do not alter the subject line, add text to your message or
forward the email as an attachment.

We appreciate your assistance in this matter and apologize for any
inconvenience this may have caused you.

Sincerely,

eBay SafeHarbor Team

Tips to Avoid Spoof:

To help our members better protect themselves from spoof Web sites, we
have developed a new feature for the eBay Toolbar called "Account
Guard." Account Guard includes an indicator of when you are on an eBay
or PayPal Website, buttons to report fake eBay Websites, and a password
notification feature that warns you when you may be entering your eBay
password into an unverified site. To learn more about the eBay Toolbar
with Account Guard, open a new browser and type
www.ebay.com/ebay_toolbar into the address bar. Note that eBay will
never send you an email that includes a download as an attachment or a
link that goes to a page with a download.

eBay also recommends that you ensure that your Web browser, operating
system, and virus protection software are up to date. Check for updates
at the "Windows Update" link on www.microsoft.com and scan your computer
for viruses often.



From: security curmudgeon <jericho at attrition.org>
To: abuse at aol.com
Cc: abuse at ebay.com
Date: Wed, 11 Jan 2006 09:55:44 -0500 (EST)
Subject: SPAM:   Save Harriet (fwd)



---------- Forwarded message ----------
Return-Path: <Beavinsons2 at aol.com>
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
     forced.attrition.org
X-Spam-Level: X-Spam-Status: No, score=0.6 required=4.7 
tests=HTML_MESSAGE,NO_REAL_NAME,
     SPF_PASS autolearn=disabled version=3.1.0
X-Original-To: jericho at attrition.org
Delivered-To: jericho at attrition.org
Received: from imo-d21.mx.aol.com (imo-d21.mx.aol.com [205.188.144.207])
     by forced.attrition.org (Postfix) with ESMTP id B18D14CAD5
     for <jericho at attrition.org>; Wed, 11 Jan 2006 09:54:00 -0500 (EST)
Received: from Beavinsons2 at aol.com
     by imo-d21.mx.aol.com (mail_out_v38_r6.3.) id 4.13d.22b8a31e (14374)
      for <jericho at attrition.org>; Wed, 11 Jan 2006 09:54:21 -0500 (EST)
From: Beavinsons2 at aol.com
Message-ID: <13d.22b8a31e.30f6761d at aol.com>
Date: Wed, 11 Jan 2006 09:54:21 EST
Subject: Save Harriet
To: jericho at attrition.org
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="-----------------------------1136991261"
X-Mailer: 9.0 Security Edition for Windows sub 2340



Hello,

    We could use your support. We have an auction on eBay  right now 
getting huge media attention this week. I found a cremated
body in an  abandoned property auction. I have a campaign on right now 
called "SAVE HARRIET"  were we are trying to raise money
to do something with her ashes

Please view the auction and put on your website

_http://cgi1.ebay.com/ws/eBayISAPI.dll?MakeTrack&item=5654721626_
(http://cgi1.ebay.com/ws/eBayISAPI.dll?MakeTrack&item=5654721626)

Please watch the auction and see the results of the campaign.

this is the link just to the auction without watching it

_http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=5654721626&ru=http%3A%2F%2
Fsearch.ebay.com%3A80%2F%2Fsearch%2Fsearch.dll%3Ffrom%3DR40%26satitle%3D565472
1626%26fvi%3D1_
(http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=5654721626&ru=http://search.ebay.com:80//search/search.dll?from=R40&satitle=
5654721626&f
vi=1)



Tim

More information about the attrition mailing list