How Well Do Businesses Respond to Phishing Reports?

FuzzyDaddy asks: "When I receive a phishing email, which I find has some new or interesting technique, I will usually forward it to the appropriate abuse department. I recently got one concerning 'my' paypal account (surprising, since I don't have one), which I forwarded to abuse@paypal.com. I received an automated reply telling me to 'please direct all customer service inquires through our website.' I didn't have time to do that, so I let it go. Is paypal being irresponsible, here? Have others on Slashdot been satisfied with their attempts to report Phishing?"

Yahoo doesn't respond

[WoodstockJeff]

Well, actually, that's not true. How can you respond to mail you don't receive?

A week ago, I got a phishing scam that used the address http://paypal-com-us-ssl.info/ for its responses. At the time (it's dead now), that address resolved to a YAHOO server. So, I reported it, including the whole phishing message, with headers, to abuse@yahoo.com.

Their response? Don't know - their abuse@yahoo.com address has a spam filter on it, which rejected the message because it contained a phishing scheme:

abuse@yahoo.com: host mx1.mail.yahoo.com[4.79.181.14] said: 554 Message type not allowed. UP Email not accepted for policy reasons. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04. html [#4.16.3:120] (in reply to end of DATA command)