How encourages spamming

We analyzed the spam presented in the post called Colorful Spam twist for bypassing Spamfilters and ended the post with the information that the target page is hosted on the Of course, as we always do in such cases, we wanted to report several URLs to the Abuse team at We searched on the page and
In the footer of each page hosted there, there are some options and one of them is “Report abuse” – .
However, once we tried to report the URLs hosting the meds advertisements, we started to feel that tries to do everything as complicated as possible for the reporter. So, the first thing which hit us that we had to provide full identification information and a valid email address.


I can’t understand why would need this information, since I only want to report something.
The most frustrating thing on this part of the page is the fact that I have to write the email address or the member ID associated with the blog I want to report. Hello, Microsoft, are you kidding ? How could I possibly know this? I think that only the spammer knows it.
The next thing would be the URL we want to report. This is also pretty ugly because I have to report one URL at the time. So, who has nothing to do can fill the entire form for each URL he wants to report. Of course nobody would report more than one URL once.

But this is nothing compared to the “Type of Abuse”. It seems that is only interested in “Child Abuse image”, “Nudity”, “Harassment or threat”, “Copyright violation”, “Profanity” and … “Other”. No Spam category, so I can only go with “Other” …


The next step is “Location of Abuse” where I can choose one of the “Blog Images”, “Notes”, “Photo Tag”, “About me”, “Web activities”, “Comments”. I have no idea what to choose here because I want to report the entire post. I chose “Blog Images” because there is also an image with the meds advertised.

We have to paste here the exact URL of the blog entry. No problem …



Microsoft, which is behind prove that they have absolutely no idea how to investigate and bring down fraud blogs like these, used to advertise fake meds.
Moreover, they do not have an easy way, in a form of a button somewhere in a corner, to report the blog to an Abuse Team (as Google’s has) but they ask all kind of useless information. doesn’t actually want to receive such “easy” reports from the users. To make sure that they do not receive such reports they are making the report process so complicated that it is impossible to report something.

And, just for the record, I did submit it in the end. Let’s see what happens next.

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: