How encourages spamming

We analyzed the spam presented in the post called Colorful Spam twist for bypassing Spamfilters and ended the post with the information that the target page is hosted on the Of course, as we always do in such cases, we wanted to report several URLs to the Abuse team at We searched on the page and
In the footer of each page hosted there, there are some options and one of them is “Report abuse” – .
However, once we tried to report the URLs hosting the meds advertisements, we started to feel that tries to do everything as complicated as possible for the reporter. So, the first thing which hit us that we had to provide full identification information and a valid email address.


I can’t understand why would need this information, since I only want to report something.
The most frustrating thing on this part of the page is the fact that I have to write the email address or the member ID associated with the blog I want to report. Hello, Microsoft, are you kidding ? How could I possibly know this? I think that only the spammer knows it.
The next thing would be the URL we want to report. This is also pretty ugly because I have to report one URL at the time. So, who has nothing to do can fill the entire form for each URL he wants to report. Of course nobody would report more than one URL once.

But this is nothing compared to the “Type of Abuse”. It seems that is only interested in “Child Abuse image”, “Nudity”, “Harassment or threat”, “Copyright violation”, “Profanity” and … “Other”. No Spam category, so I can only go with “Other” …


The next step is “Location of Abuse” where I can choose one of the “Blog Images”, “Notes”, “Photo Tag”, “About me”, “Web activities”, “Comments”. I have no idea what to choose here because I want to report the entire post. I chose “Blog Images” because there is also an image with the meds advertised.

We have to paste here the exact URL of the blog entry. No problem …



Microsoft, which is behind prove that they have absolutely no idea how to investigate and bring down fraud blogs like these, used to advertise fake meds.
Moreover, they do not have an easy way, in a form of a button somewhere in a corner, to report the blog to an Abuse Team (as Google’s has) but they ask all kind of useless information. doesn’t actually want to receive such “easy” reports from the users. To make sure that they do not receive such reports they are making the report process so complicated that it is impossible to report something.

And, just for the record, I did submit it in the end. Let’s see what happens next.

© Copyright 2009 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for the IT Consulting services I offer.
Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.