Dealing with spam

If you ever have a problem with spam mail, DON'T reply to it, DON'T

telephone any "remove" lines, DON'T follow any links in the email telling

you how to get your address removed from the spam list and DON'T complain

to the website they are advertising.

 -All these actions serve to do is prove to the spammer that the email

address is correct and that you actually read spam sent to you - this

makes your name more valuable and it can be sold to other spam lists.

 

Your first action should be to try to view full headers in the email

message (most email clients hide these - and most clients have a facility

to show these) which will reveal rather more information about who sent

it.

 

Reading headers takes a bit of practice - and it's not unknown for folks

to "spoof" certain parts of the headers to try to confuse the recipients.

 

There will usually be 2 computers identified in the headers - the original

computer which sent the message and the SMTP mail server that computer

used to get the message to the internet - usually they aren't the same

computer.

 

Once you have these IP addresses it's a straightforward job identifying

who they belong to - as all IP addresses are assigned to some organization

or other.  You have to use a tool called "WHOIS" - which queries a server

and matches IP addresses to owners.  There are a number of web based WHOIS services - an excellent one can be found at  

http://www.securityspace.com/cgi-bin/swhois/whois?show=none

 

When you have the information from the WHOIS server you will often know

who to send a complaint to - it's best to complain to the ISP providing

service to the spammer.  All responsible ISPs have a very strict no-spam

policy for their clients.  This is partly because network bandwidth is

expensive to provide, and spam mail eats up vast amounts of it.

 

The usual address to complain to will be abuse@the_isps_domainname.com -

so if the abuse came from a subscriber at psi.net, you would send your

complaint to abuse@psi.net

 

When sending a complaint, it's best to forward the original spam

(you MUST include the full headers) to the abuse address, along with a

brief note.

 

Typically spammers use dial-up accounts - a complaint will usually get

these terminated by the ISP without any further questions.  In the past 4

weeks I've had about a dozen spammers disconnected - it helps that I

work in internet security, but ISPs will listen to all complaints.

 Here's a typical response:

 

Date: Mon, 29 May 2000 19:24:36 -0400 (EDT)

From: Net Abuse Team <abuse@psi.com>

To: Sarah West <wud182k@trans.sister.org>

Subject: Re: ADV: ...Advertise to 30,000,000 for Free... (fwd)

#nab-2231023

 

Hello,   

 If you would like to report a complaint to PSINet, please use our

on-line reporting site at http://www.support.psinet.com/PSIabusetik/.

 Please be advised that the account used to violate our Net-Abuse

Policy has been disabled. If you receive any further correspondence

from this source, please let us know.

  Thank you.

 Net-Abuse Team

PSINet, Inc.

abuse@psi.com

 

Thanks to Sarah West

TransSister - http://trans.sister.org/

The largest listing of UK T* sites and resources on the net

1998-2007 © Jenelle Rose. All rights reserved.