Legend: new window outside link tools page glossary link
After all the hard, dirty work of analyzing your spam, you are now ready to send your reports. Fortunately, this part is much easier than most of what went before, although there are some pointers that I’ll give you on this page.
If you’ve followed the process I’ve laid out thus far, you will have some or all of the following bits of information about your spam message.
Let’s pull all this information together for a big all-in-one example. First, here are the various addresses and domains extracted from a fictional spam message (the IP addresses are bogus, and none of the domains named here actually existed when I wrote this):
|resource used in spam||information about the resource|
|originating mail host||IP address: 18.104.22.168
|open relay mail host||IP address: 22.214.171.124
|spam sales website host||IP address: 126.96.36.199
host name = chickenlickin.org
|spam removal website host||IP address: 188.8.131.52
host name: fsck-off.lv
|e-mail address||e-mail address “email@example.com”
e-mail provider: annoy-mail.net
|domain name “chickenlickin.org”||domain registrar: domain-cesspool.com
(the domain registration data looks suspicious)
Here are the abuse contact addresses for each of these resources.
|role in the spam||abuse contact|
|originating mail firstname.lastname@example.org|
|open-relay mail email@example.com|
|spam sales website firstname.lastname@example.org|
|spam removal website email@example.com|
|e-mail address “firstname.lastname@example.org”||email@example.com|
|registrar for “chickenlickin.org”||firstname.lastname@example.org|
Now, fire up your mail program and let’s get to work.
Here’s what a spam report might look like for the case above:
This is a much longer spam report than you would typically have to write, since I tried to include examples of many different kinds of contacts. For the typical spam message, you will only need to report to (1) the originating host’s provider (for direct-to-MX mail) and perhaps (2) the web hosting provider (for the sales website). If you have a lot of issues to report, and you have the time, it may be more effective to send several messages, one to each abuse departrment, each one tailored for the particular recipient.
Here are some things to note about this message:
Here are some further tips for writing complaints:
So, as soon as these guys receive your report, they’re all going to go running over to pull the plug on the spam hosts, right? Well, frankly, no.
When you send an abuse report these days, you will rarely get a response from a real human (particularly if you’re just complaining about mere spam, as opposed to more insidious cracking and probing activities). At best, you will get an automated pro-forma response (“...we received your complaint and are acting on it...please be assured yadda yadda...”), perhaps including a case file number to use for future correspondence. In many cases, you will get no response at all. This does not necessarily mean, however, that nothing will come of your report.
Let’s face facts for a moment; ISPs don’t make money by handling abuse complaints, they make money by keeping customers online. However, if they see that one of those customers is making an unwarranted and disproportionate nuisance of himself, they will eventually act. I have no illusions that a single report of mine, no matter how well-researched and accurate, will make much difference in the grand scheme. After all, even thoroughly honest online business get the occasional misdirected spam complaint (which is usually ignored). I think the power of reporting kicks in when an ISP receives many, many reports from many different people about the same incidents; that’s why I urge you, if you are able, to join those of us who research and report spam incidents.
If you want to check up on the effectiveness of your reports, you might bookmark some of the spam websites you’ve reported and then check back later to see whether they have been shut down.
From time to time, I get a message that I think merits special treatment. On these occasions, I will pick up the phone and try to talk to some humans specifically, those in the network operations center, or NOC, of the ISPs in question. This is certainly not something you want to do for routine spam, but it might be worthwhile if you detect phishing, virus distribution, cracking, or other more serious forms of abuse.
Often, it can be hard to find the phone numbers for the NOC sometimes they are found in the output of whois, but often you may have to go to the ISP’s website and look up a number. Many larger ISPs have a phalanx of phone minions protecting the people at the NOC who are actually doing the work; you may first have to speak with the general customer support line, and then you might convince them to transfer you to the abuse desk. Even here, you may not actually be speaking with people who can do any more than just take reports over the phone, so see whether you can be transferred to the NOC.
When you speak to the people in the NOC, be cordial and collegial (“...hey, for your information, I think you have a problem.”) Offer to send details to them via e-mail rather than enumerating addresses and host names over the phone. Don’t waste their time or make a pest of yourself this will make them think you are a kook whose complaints don’t deserve action. Don’t get messianic or obsessive about following up with the NOC on these reports once you file your report, you have done your duty, and the rest is up to others.
So, that’s it you’ve filed a spam report! Congratulations, and thanks for doing your part to stop e-mail abuse. Relax and enjoy yourself while you can, for the next spam message is probably on its way to you.
Legend: new window outside link tools page glossary link
|(c) 2003-2006, Richard C. Conner (
03424 hits since March 31 2009
|Updated: Fri, 21 Jul 2006|