« Inside a Mortgage Spammer's Template | Main | [Pick Your Special Day] Greeting Scams »

February 07, 2007

I've always been fond of the mind tricks played by the works of Dutch artist Maurits Cornelius Escher. But when these fantasies transplant themselves into real life, well, that's where I draw the line.

I intended to report to the owner of a hijacked server that his server had been hijacked by a phisher. On his home page and domain record, he declared a yahoo.com email address. Because the fraudulent URL was not in the phishing message (the link led to a redirection page whose ultimate destination was the lookalike form), my message was short and sweet:

To: [hidden]@yahoo.com
Subject: Fraudulent phishing page at [hidden].net

http://[hidden].com/spacanino/admin/inc/us/webscr.php?cmd=_login-run

Please remove ASAP.

When I report a phishing hijacking to a site whose IP address or domain appears in the phishing message, I usually include a copy of the source code of the phishing message as further evidence. But that wasn't an option here.

In quick order, I get a "Returned mail" message from Yahoo with the following advisory:

<<< 554 Message not allowed - UP Email not accepted for policy reasons. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html[120]

So, dutiful reporter that I am, I visit their page to learn more. Eventually I'm told to fill out a form they provide and include the required details to explain the situation in the hope that they'll allow the message to go through.

Fast forward one day.

Yahoo responds with the following:

Hello,

Thank you for contacting Yahoo! Customer Care.

We like to provide you with fast, efficient support. And the best way to
get straight to your issue (and to get it resolved!) is to start from a
topic in Yahoo! Mail Help that's similar to the problem you're
experiencing.

So, please take a moment to browse Yahoo! Mail Help for a question like
yours:

http://help.yahoo.com/help/us/mail/

If the answer doesn't clear up the issue, scroll to the bottom of the
page and click "Contact Us" to open a form where you can write to us
about what's going on. Please be detailed and give us as much
information as you can about your issue.

Thanks! With your help, we can get Yahoo! Mail working for you as
quickly as possible.

Thank you again for contacting Yahoo! Customer Care.

I check the link they provide, and it doesn't even go as deeply in explaining my problem as the original one I visited the previous day. In fact, this help page is more for Yahoo Mail users, not someone trying to send to them.

Here's the sequence:

1. Observe problem


2. Read through help docs to find form


3. Fill out form


4. Receive response to return to Step 2

Lather. Rinse. Repeat. Don't Stop!

UPDATE. Day Three. I thought (had hoped, actually) that this was over. But nooooo. Today I get this missive:

Thank you for contacting Yahoo! Customer Care to answer your question. A support representative will get back to you within 48 hours regarding your issue. Until then, feel free to visit our online help center at http://help.yahoo.com/ for answers if you have not already done so.

Even if I really hear from any human about my original query, it will be up to 96 hours past my original phishing report to the yahoo.com mail account holder. If Yahoo should agree to let my report pass through, my email message will look stupid. At this point, I don't want them to pass the message through. I would, however, like to find out why my simple message failed their policy test. In the meantime, I won't bother sending any email to a yahoo.com account.