July 28, 2011, 11:43 AM —
We need a private email police force for public mail systems. It sounds counterintuitive to involve the government in anything that has to do with the Internet, but instilling trust means stopping the fraudster email problem. Interestingly, this is a place where Microsoft gets it right -- it communicates with mail fraud complainers, then kills fraud accounts with seeming glee.
Free email providers provide the service as bait, or what marketing people call feature enticements. They're arch rivals: Microsoft Live/Hotmail, AOL, Google/Gmail, Yahoo (with AT&T), Tiscali, Rediffmail, Orange, Rogers, Comcast, and more. All of these are public email providers, meaning that they offer email to anyone wanting to sign up. Each of these services is also a vehicle for fraudsters. There are numerous categories of fraudsters, but we'll call them the 419 Group for short.
The 419 Group knows how to manipulate email systems, timing wise, to get the maximum window of opportunity for their fraud. Let's say you want to use a fraudulent ruse. "Hello, my name is Barrister William Jones, and there is an unclaimed inheritance waiting for you" or "I am Sally DeYoung, and I am dying of cancer; I wish to donate my money through you because I saw you on the Internet and thought I could trust you". You know the type of message that I mean. My email address has been published for so long on the Internet (despite my protests to certain website administrators) that it's on every spammer CD/DVD/list on the planet. I get spam in more languages than I could ever imagine. Among these are an average of seven emails a day.
To battle the fraudsters, there are several account names that have been traditionally used by people that understand that complaints can shut down fraudulent email accounts. Usually abuse@domain.tld (example: abuse@gmail.com) should suffice. Sometimes older names like postmaster and majordomo are used as a place to send the complaint.
Here's the catch: so far as I can tell, none of the places that I send complaints has a 24/7/365 monitoring capability. Worse, some of them are backed up with complaints, indicating that there is a period of time when the fraudsters are making lots of contacts -- and perhaps sucking money illegally from wallets and purses -- even though someone's already flagged them as a scammer.
Procedurally, if you receive a 419 Group email in their inbox and then instantly forward the message to an abuse account at the domain where the fraudster wants replies sent, there's a lag. It's hard to really get a sense of the characteristics of this lag, because some of the public email providers never respond to indicate that they've received a message in the first place. It goes into a black hole. Sometimes you get an indication that the account hasn't been closed -- in the form of a second batch of fraud emails that use the same email address.
This is a place where Microsoft gets kudos. Should you send a complaint to a Live/Hotmail abuse address, you're requested to send it instead to report_abuse@hotmail.com. This works for MSN, Hotmail, Live, and other Microsoft-run email systems like w.cn and qatar.io. Microsoft acknowledges the complaint; then, in due course, they'll reply that they've shut down the flagged account in accordance with their terms of service. It's really satisfying to see a fraudster's account shut down in this way. I feel like I've somehow contributed to a safer Internet experience.
Why do this in the first place? The answer is easy. There are hundreds of thousands of people that are really trusting in this world. My brother is one of those; he's autistic and gets to use email. He's been warned about fraud. Fortunately, I also control his money. But there are many, many others that are duped by false inheritance schemes, overseas employment scams, and the other fraudsters of the Internet. They deserve diligent protection.
Each public email provider has a responsibility to respond to abuse complaints, including plain old advertising spammers. If they could agree on a third-party service that could be the receptacle on a 24/7 basis for rapid account suspension, the 419 Fraud problem might dwindle down to a trickle quickly. It would take trust among the email providers to do this, but it would also alleviate big problems that law enforcement officials are usually unable to handle. Call them the email cops.
Certainly there has to be a way to keep legitimate use of public email accounts vetted; call it a redress mechanism. Using such a complaint system to shut down your enemies account for giggles and grins needs to be avoided, and so a rapid response methodology for reactivating an account needs to happen. A fast shutdown process, however, thwarts the predators, and protects the innocents that we let use the Internet, despite its enormous potential for fraud.
Perhaps Yahoo could use this instead of their seemingly enlightened abuse complaint process, which is no process at all. You need to paste a message into their system so that a web page routine can do something with it. You'll never know what was done, however, as while it ostensibly complies with an RFC, it doesn't seem to work. Yahoo (and its OEM, AT&T, who does respond to abuse complaints) are the biggest senders of 419 Group messages to my long-standing account.
But Hinet.com ... they're hopeless. Send a complaint and you'll have at least a dozen messages replies indicating that their response system is plainly fried. Deep fried. For this reason, I hope the major email client application writers figure out a way to allow me to limit the messages I receive to the character sets that I can read. I can only hope.
