Complaint of the week: Ebay abuse mail (slightly OT)
To add to the eternally annoying list of companies that ignore abuse@ mail... ebay now requires that you fill in their lovely little web form to send them a note. Even if, say, you're trying to let them know about another scam going around that tries to use the machine www.hnstech.co.kr to extract people's credit card information. Has anyone had success in convincing companies that this is just A Bad Idea (ignoring abuse mail), and if so, how did you manage to do it? Sorry for the slightly non-operational content, but I've had it with ebay on this one. -Dave ----- Forwarded message from eBay Safe Harbor <SafeHarbor@eBay.com> ----- Date: Sat, 02 Aug 2003 22:58:01 -0700 From: eBay Safe Harbor <SafeHarbor@eBay.com> Subject: Your message to safeharbor@ebay.com was not received (KMM86277800V90276L0KM) To: "David G. Andersen" <dga@lcs.mit.edu> Auto-Submitted: auto-replied Reply-To: eBay Safe Harbor <SafeHarbor@eBay.com> X-MIME-Autoconverted: from quoted-printable to 8bit by eep.lcs.mit.edu id h735w5sU087612 Thank you for writing to the eBay SafeHarbor Team. The address you wrote to (safeharbor@ebay.com) is no longer in service. Please resend your email to us through one of the online webforms listed below. Using these forms will help us direct your email to the right department where we can quickly answer your question correctly and get it right back to you. For Trust and Safety issues (reports of policy violations, problems with transactions, suspensions, etc.) please use the following webform: http://pages.ebay.com/help/basics/select-RS.html For General Support questions (billing, bidding, or selling concerns and technical issues, etc.) please use the following webform: http://pages.ebay.com/help/basics/select-support.html Once on the webform, what will really help us assist you further is if you choose the best topic for your question. This will allow you to view our Instant Help pages, where you may find your answer immediately. Should you not find your answer there, choosing the best topics will still help us answer your question faster, correctly, and completely. We truly appreciate your assistance in this matter and apologize for any inconvenience this may have caused. Sincerely, eBay SafeHarbor Team ----- End forwarded message ----- -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ I do not accept unsolicited commercial email. Do not spam me.
... ebay now requires that you fill in their lovely little web form to send them a note. Even if, say, you're trying to let them know about another scam going around that tries to use the machine www.hnstech.co.kr to extract people's credit card information.
one can easily imagine that their abuse@ alias was receiving so much spam that it was too costly to read it all and fish out the valid complaints. (this is a ~recent spammer tactic, clogging the metadata paths to make it harder for network owners to discuss spammer activities.) however, the real reason is likely to be lack of uniformity in complaints. among the population who complains to abuse@, there isn't a single definition of "spam" or "abuse" or "hack" or "scam" or what have you. a complaint that is about a credit card scam is only differentiable from a complaint that is about a spamvertised web site after a fairly expensive human has seen both and made a determination. at ebay's transaction volume i'm sure that the aggregate costs of those humans was looking pretty large. so it was for all the other companies who have tried to manage their abuse costs by making people go to web sites. most of these companies were not as financially successful as ebay, though, and the unwillingness of the public to fire up a web browser in order to give the valuable gift of feedback about customer activity turned into a larger cost than the one they were avoiding. ebay is a different animal, and i'll take bets that the potential complainants who send enough abuse complaints overall that they have to prefer e-mail and say "no" to web forms, is not even part of their target audience. that means they don't care if you stop using their service, or blackhole all mail from them, or whatever you have to do to protect yourself from their other customers... because they will still have tens of millions of other customers who don't send abuse complaints or who are willing to deal with web forms. this sounds like i'm defending them. i'm not. but while reprehensible and irresponsible and socially radical, the web form approach's only real cause for failure is when the lack of a useful feedback channel curtails complaints which the network owner would find valuable. that's just not provably true in the case of ebay. we all knew that profitable large network owners would change the landscape compared to merely ebitda-positive large network owners, and here's an example of how "big company" cost management practices can go up against "reasonable and customary internet behaviour" and pretty much ignore it. this won't be a case where taking your complaint to the peering/backbone folks can result in a policy change, either. to get the attention of the people who make this kind of decision in a company like ebay, you'd have to go to the better business bureau, or congress. good luck storming the castle, boys. -- Paul Vixie
At 09:41 AM 8/3/2003, Paul Vixie wrote:
... ebay now requires that you fill in their lovely little web form to send them a note. Even if, say, you're trying to let them know about another scam going around that tries to use the machine www.hnstech.co.kr to extract people's credit card information.
one can easily imagine that their abuse@ alias was receiving so much spam that it was too costly to read it all and fish out the valid complaints. (this is a ~recent spammer tactic, clogging the metadata paths to make it harder for network owners to discuss spammer activities.)
On spam-l it was reported that there presently is a valid address of spoof (for the purpose of sending abuse complaints about spoof paypal websites[1]) at paypal.com. Since ebay now owns paypal, I suspect you can use that address to report spoof sites and emails for either service and that the human at the other end has enough clue to realize that they should act on all such spoofs reported to that address. jc [1] yes, I realize this makes the sentence look really weird. I worded it this way to help keep the spoof address from being "machine readable" if/when spammers start scarfing username (at) domain (dot) com munging and concatenating that back into the unmunged email address. It's hard enough to get a real email address for inside ebay or paypal that we need to protect what addresses we discover.
* vixie@vix.com (Paul Vixie) [Sun 03 Aug 2003, 18:42 CEST]: [..]
this sounds like i'm defending them. i'm not. but while reprehensible and irresponsible and socially radical, the web form approach's only real cause for failure is when the lack of a useful feedback channel curtails complaints which the network owner would find valuable. that's just not provably true in the case of ebay.
Some time ago I received a mail attempting to redirect me to a scam site asking for my eBay login details. I tried getting eBay's attention, but it turned out that in order to contact them you need to have an account. There was no way to be seen to contact eBay without being a customer. (Now where have we heard _that_ particular line before??) I haven't bothered since. If eBay likes to make it hard for me to point them at serious risks for their business, more power to them. ... This is the point where somebody points at an obvious URL and says "You doofus, wasn't it *obvious* that you could contact them via this here?" -- Niels.
My bitch about "no mail, use this stooopid webform" is I then get no file copy in my Out box. You get silence back from them... -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Sun, 3 Aug 2003, David G. Andersen wrote:
To add to the eternally annoying list of companies that ignore abuse@ mail... ebay now requires that you fill in their lovely little web form to send them a note. Even if, say, you're trying to let them know about another scam going around that tries to use the machine www.hnstech.co.kr to extract people's credit card information.
It's funny you should bring that up. I got that e-mail a few days ago, and figured I would do the nice thing for ebay and let them chase down someone blatantly abusing their name and ran into the same brick wall. I finally decided their hoops to get this information to them cost more generosity than I felt like giving. I even went to the web page they suggested to try and give them a copy of the msg with full headers and none of their categories at the time matched: Good willed person trying to give you ammunition for a company abusing your name. I gave up, and left it as their problem if they don't want to take free help to make their case easier. If they even had an "Other" option I could have sent it to them. *shrug* Their loss. G
At 12:53 PM 8/3/2003, Gerald wrote:
I even went to the web page they suggested to try and give them a copy of the msg with full headers and none of their categories at the time matched: Good willed person trying to give you ammunition for a company abusing your name.
I gave up, and left it as their problem if they don't want to take free help to make their case easier. If they even had an "Other" option I could have sent it to them.
*shrug* Their loss.
This is eBay. Decisions like that are nothing new: <http://www.cctec.com/maillists/nanog/historical/0208/msg00275.html> jc
I submitted ebay.com to rfc-ignorant.org for this RFC violation almost a year ago (which they of course accepted): http://www.rfc-ignorant.org/tools/detail.php?domain=ebay.com&submitted=1029353643&table=abuse Companies like this could simply care less. If you don't run a mail system with "customers" expecting to receive mail from ebay then I'd recommend blocking ebay.com. That would include their subsidiary, paypal.com, which BTW is also listed on RFCi. At the least I'd score their mail against the RFCi RHSBLs and add a score of 1. Justin On Sun, 3 Aug 2003, David G. Andersen wrote:
To add to the eternally annoying list of companies that ignore abuse@ mail... ebay now requires that you fill in their lovely little web form to send them a note. Even if, say, you're trying to let them know about another scam going around that tries to use the machine www.hnstech.co.kr to extract people's credit card information.
Has anyone had success in convincing companies that this is just A Bad Idea (ignoring abuse mail), and if so, how did you manage to do it?
Sorry for the slightly non-operational content, but I've had it with ebay on this one.
-Dave
participants (7)
-
David G. Andersen -
David Lesher -
Gerald -
JC Dill -
Justin Shore -
Niels Bakker -
Paul Vixie