Reporting Spam

Written and published December 1, 1999

Last week, while focusing on e-mail, I passed on the simple message, "Don't respond to unsolicited e-mail" and talked a bit about miners and how they get your names. Boy did I hit a nerve! Thanks poured in -- along with some great advice. Since there's so much interest in this, and such good ideas out there to help stop spam, I'm continuing with this. Lets look at some ways you can combat spam once you start to receive it. Then next week we can look at some more ways to prevent landing on a spam list.

Effect Spam Legislation

The biggest reason people spam is because they know they can get away with it. It hardly matters that they are caught because laws regarding spam are either vague or non-existent. You can help change that, though, and I urge you all to do so today. This recommendation came from Matt Ridley.

Join a reputable anti-spam organization (for free), and sign their petitions, which can then be used to lobby local and national government to create regulations limiting spam. I'd suggest CAUCE, at http://www.cauce.org/. There are also links from there to Euro CAUCE, for members of the EU.

Matt, by the way, is a Web site creation guru and has been taking steps to prevent miners from getting hold of his e-mail address. He wrote an excellent summary of his tactics and I'll share them with you next week.

Report Spam (with SpamCop)

While we're working to create laws regarding spam, there are ways to report it and hopefully cut it down. Or at least make life harder on spammers.

Cory Moll writes:

I just read your column on spammers and miners ... a simple way to beat spammers at their own game is to use spamcop.net. Although it may take a few paragraphs to explain how to use it, once said and done, the user can help the net community as a whole by killing off spammers from their beloved ISP accounts.

On a normal week, I score just over a dozen spammer accounts killed. Not only does it cut down on my spam (It may take a while to see the results of this), but it also helps to keep spammers from wasting the time of other netizens.

If you have not heard of SpamCop.net, I strongly urge you to check it out. You'll fall in love with it once you discover how easy it is to use.

Doug Weathers writes:

Good column on miners and spammers.

I would recommend, however, instead of just trashing the spam, submit it to SpamCop.

What you do is you copy the entire message (with the headers) and paste it into the SpamCop web form and click the Analyze button. SpamCop will do a thorough analysis of the spam -- where it came from and who's responsible for it. Then it will generate a complaint e-mail to the responsible party for you. You just click the Send button and it's taken care of for you. It's dead easy, and it's free. You can also pay for extra services.

I've been collecting "spammer kill" messages from ISPs who terminate the accounts of spammers that I've complained about using SpamCop. I've got a dozen or so at this point.

It's quick -- less than a minute per message -- and you're helping to reduce the amount of spam. It's fun and it feels good!

Disclaimer: I'm just a satisfied and very impressed customer. I'm not affiliated in any other way with SpamCop.

I'll just add here that the SpamCop site states that it does send your address along with the report. It posts this note: "Warning: Some users have reported that the e-mail address used here finds it's way onto spam lists, so you should consider creating a separate "throwaway" account for this purpose. There are many free e-mail providers you can use (Yahoo, etc.). However, if you are receiving spam already, it's usually too late to try keeping your address a secret anyway." So you might want to set up a free web-based e-mail account before you visit SpamCop and begin using it.

Elias Savada also recommends SpamCop but adds a great perspective as an AOL user:

Nice informative piece. Here on AOL ... it gets ridiculous when dealing with this ... I know enough NOT to reply and just forward the stuff to the appropriate AOL address (TOSe-mail1 for internal, TOSSpam for external). I also like viewing the address of the hot link generally found in the offending mail, pasting it into SpamCop's HostTracker and finding the responsible Web site coordinator to alert them that their domain is hosting circumspect material. On more than one occasion the response (from the Web site, NEVER from AOL--other than form letters) has been positive and quick.

On AOL the big problem is two fold. First, nearly all internal spam originates from stolen accounts. These unfortunates have to pay twice for their stupidity or naivete. As AOL never alerts any members that the spam is likely coming from a hacked account, many people who receive it hit the reply button and fill up the stolen account-holder's mailbox with nasty e-mail responses. It's bad enough these people have lost their account, but then they have to deal with a mailbox filled with vitriol.

Second, AOL suggests their lame Mail Controls to block offending addresses and sites. But this area is limited to a minimal number of entries and what's the use of adding in a stolen AOL address that will eventually be returned to the legitimate owner. None. AOL is way behind the times by not allowing for content/subject filtering, like it does for newsgroups. Shame, shame, shame.

Report Spam directly

James Kelly literally fights spam for a living. He passes on this helpful advice. However, it takes a bit of work.

  1. Send complaints to the correct ISP.
  2. Include with the complaint the full header info and body of the e-mail.. This IS CRITICAL. Without it, we can't do anything to stop the jerk.
  3. DON'T include traceroutes or nslookups you've done, ISP's can do these for themselves and including them slows the investigator down.
  4. Highlight the spam's headers with something like *******SPAM HEADER******** and *****END OF SPAM HEADER***** to zero the investigator in on the bad guy.

Unfortunately, it may be difficult to figure out who the correct ISP is (in step 1). James says "You can trace the path the e-mail took starting at the bottom received line and working upwards. The information is least reliable at the bottom and increasingly more reliable working upwards." The topmost "received by" address is your own. The spammer sometimes starts with a fake address so the bottom one may be false.

Tom Olin explains:

"Received-by" lines are added at the top of the headers by each host in sequence. Generally speaking, the bottommost one is where the spam originated, but spammers often insert one or more bogus "Received-by" headers to confuse things.

What you need to do is to work from the top down, making sure each one fits with the next. ("Received-by" headers usually show both the received-by and the received-from machines.) If the last one or two don't fit, they are probably bogus. The one that you want to send the report to is the bottommost that clearly is part of the sequence starting from the top.

However, if the domain it was sent from is a spammer, then you don't want to send the complaint to them. For example, you wouldn't want to complain to GetRichQuick.com. Instead, you'd go one up to their upstream service provider, a recognizable ISP name . That's the host who will want to stop the spam.

I realize I should be showing you all how to specifically show the Internet headers (for step 2). However, you're on your own with that. In each e-mail application there's a button or menu item that enables you to show the headers. For example, in Outlook Express after you double-click a message, opening it in its own window, you can choose View->Internet Headers. The headers appear in a gray area above the message but when you Forward that message to the ISP, the headers don't appear within the forwarded body. I have had to select and copy the header from the gray area, then paste it into the top of the body after clicking the Forward button. There is also a preference to always show them but most people keep it off by default as it can be too much information.

The potential problem with sending a complaint yourself is that if you complain to a spammer you can end up on more spam lists than ever. For this reason, you may prefer to stick with SpamCop. To further explain, SpamCop, works in conjunction with Abuse.net. Abuse.net maintains a database of known spammers so SpamCop knows not to send the complaint to the false (spammer's) domain.

Matt Warner wrote to encourage us all to adopt a zero tolerance for spam. He hopes that we can get everyone to report each and every UCE (unsolicited commercial e-mail) to the ISP of the spammer. Don't just cancel your e-mail account whenever you get too much junk mail. I join Matt and everyone who wrote in with great ideas to take advantage of the tools we have to help bring about law and order on this still wild, unbridled frontier.

Need a business idea?

I'll leave you with this inspiration for a new business. Richard Davis said "I would love to see a company that spams the spammers. Subscribe to the service then just forward my spam to the spammers. I think it would be a big business." I love that idea. I promise if any of you start that service I'll hype the heck out of it (using legitimate communications venues, of course.)

Previous Column • • •
Button that takes you to the index.
• • • Next Column