The "how to complain about spam" guide
Basic Rules of SpamFighting
#1 - The From: address is almost *always* fake. If you get a lump of spam from abuse@hotmail.com, then I can *guarantee* that it didn't come from there at all. All spammers forge the From: address - usually to hide, sometimes to punish innocent sites. If your e-mail address appears in the From: header of an e-mail, then you've been joe-jobbed. More on that later. This means that replying to the message, bouncing the message, or sending a complaint to the administrator of the domain is useless. It's a waste of time. But... But... How can I complain then? You must learn to look beyond the headers you can see. You must learn to read the full headers. More on that later. #2 - Never unsubscribe You didn't subscribe to it, so don't unsubscribe. Most spammers either provide a fake 'unsubscribe' address, or the better ones make a list of everyone who asked to be unsubscribed and sell them to other spammers as 'Confirmed Addresses'. Unsubscribing from unsolicited mail is the easiest way to quadruple your spam volume in a few days. #3 - What *is* spam? Well, first, it's not SPAM®. SPAM® is a trademark of Hormel Foodstuffs, and they've been jolly decent about allowing people to say 'spam' without getting sued. SPAM® all in capitals is a compressed pork/ham luncheon meat I happen to rather like in a stiry-fry. Spam (lower case, first letter capitalised as the start of a sentence) is Unsolicited Bulk E-mail. Now, if someone sends you a message you don't like, it's not spam. If someone sends you a commercial mailing you signed up for a while back but don't want any more, then it's not spam. Don't worry about what's *IN* a message - spam is about conSent, not conTent. Did you give permission for a company to send you that e-mail? If the answer is 'no', and it's been sent to more than one person (who also didn't ask for it), *then* it's spam. #4 Do *NOT*, I repeat do *NOT* bounce spams back. That is the *WORST* thing you can do, and software that allows you to do it should be banned as spamware itself. Stop using any bounce features in your filter software NOW. There are a number of things you can do as an end-user to help fight spam. The first thing you need to be able to do is to view full headers. Depending on your mailreader, you might have to click 'Edit -> Message Source', 'View -> Headers -> All'... Check your documentation. A message with *complete* headers should look something like this one: Quote:
From - Sat Jun 14 23:01:32 2003 Ignore this - it's a broken header that UK2 put in. You shouldn't see this in yours. X-UIDL: 1055575258.40440.erebus.uk.clara.net Anything with X at the start of it is an *optional* header. Sometimes there is useful information in these, but most of the time it's just bumf (and occasionally outright lies to throw you off the scent). You can ignore these. Return-path: <dr_alex1@indiatimes.com> It's almost certain that this message didn't come from IndiaTimes.com - ignore this. Delivery-date: Sat, 14 Jun 2003 08:20:53 +0100 I think you can work this one out for yourself. Received: from ultra17.uk2net.com ([212.4.208.117]) by erebus.uk.clara.net with esmtp (Exim 4.12) id 19R5LJ-000AVj-00 for me@mydomain; Sat, 14 Jun 2003 08:20:53 +0100 Ah! Now, *this* is the important bit! The 'Recieved From' headers will *always* tell you where the message *really* came from. You read these headers from the top-down, *never* bottom-up - spammers often put fake Recieved lines below the genuine ones to trick you into complaining to the wrong admins. This particular header is genuine - the message was sent to usenet@mydomain, received by UK2's SMTP server, and redirected to my SMTP server so it gets to my *real* address. So, knowing this is genuine, we move on to the next line down. Received: from [195.166.233.49] (helo=ommo.net) by ultra17.uk2net.com with smtp (Exim 0.00) id 19R5LD-0002xO-00 for usenet@mydomain; This is the last Received header. This is what we're looking for. But, how do we know where the message came from? from [195.166.233.49] (helo=ommo.net) HELO is the SMTP code for "My name is...", and should normally return the hostname of the sending server. In this case, it's claiming to be ommo.net. Put simply, it lies. The *real* server is between the square brackets - 195.166.233.49. So, looking at the headers, we know that the spammer lied when he said he was posting from 'IndiaTimes.com'. We also know the server lied when it said it was 'ommo.net'. These are innocent people - do not complain to/about them. So, I know the IP address of the original mailserver. What can I do? First of all, find out who it is. You can do WHOIS lookups at places like RIPE, ARIN, and many others. The easiest way is to visit a site like SamSpade, where you can do useful things like rDNS and WHOIS from a website. Or even better, download SamSpade for Windows from the same site - a *very* useful bit of freeware for Spam Rangers. Doing a DNS (Domain Name Server) lookup on 195.166.233.49 doesn't help - there is no reverse DNS set up. So, we do a WHOIS on it instead. Quote:
From this, we get a bunch of abuse addresses we can use. Sending complaints to: tunde@linkserve.com.ng abuse@linkserve.com.ng postmaster@linkserve.com.ng with copies of the spam (including FULL HEADERS) *might* get something done. Man, that's a lot of hassle. Isn't there something I can do without cutting into my free time? Sure! Sites like SpamCop.net allow you to automatically parse mail headers. SpamCop will then send complaints to the relevant people on your behalf, and add the sending SMTP server to a blacklist (the SpamCop BlackList, or SCBL). Another very useful thing to do is to post to NANAS - news.admin.net-abuse.sightings. First, search out all *innocent* e-mail addresses in the spam and remove them - replace them with an 'x' or the word 'munged'. This means that the bots that trawl USENET looking for addresses to spam won't find them. Then post the munged spam with full headers into NANAS, with the subject line identical to the spam but with [email] tagged on to the front. A lot of automated systems trawl NANAS for spam samples, and admins often look there to see if anyone else has gotten similar spams. If you do nothing else, posting to NANAS will help. Just remember to remove your e-mail addresses! LART Short for Luser Attitude Readjustment Tool, as in "The spammer was sharply LARTed right away and lost his account." A LART is an email that you send to alert a host/ISP/enduser to highlight the spam and hopefully get them to do something about it. What makes a good LART? Okay, here's a quickie guide to writing effective LARTs. First of all, remember that you're responding to a company who has the spammer as a customer, not the spammer themselves. This means that you keep the tone professional and the language clean. It is a good idea to LART the following people: Spam Source Where the spam was sent from (SpamCop can help you find this). Website Hosts Where the spamvertised site is. E-mail Dropboxes If the mail asks for a reply on a free e-mail account like Hotmail, LART them. Others Sometimes a spam requires a heavier mallet. If they want you to ring a premium rate number, try ICSTIS (Google for it). If it's child (or child-like) pornography, try The IWF. Some good example LARTs for you to use: Quote:
Quote:
With judicious use of cut 'n paste, reporting spam shouldn't take too long at all, and you'll get the nice warm feeling that comes from spanking spammers. |
Re: The "how to complain about spam" guide
Good info. Mods could we have this as a sticky?
|
Re: The "how to complain about spam" guide
Fantastic post m8... Stuck it for you :)
|
Re: The "how to complain about spam" guide
I'm aware that a lot of this post is very technical.. but hopefully it has some info for the technophobes as much as for the philes
|
Re: The "how to complain about spam" guide
Just realised I didn't explain the term "Joe-jobbed" in the first paragraph.. here you go:
What's a "Joe Job"? The act of faking a spam so that it appears to be from an innocent third party, in order to damage their reputation and possibly to trick their provider into revoking their Internet access. Named after Joes.com, which was victimized in this way by a spammer some years ago. ( taken from :http://www.spamfaq.net/terminology.shtml ) |
Re: The "how to complain about spam" guide
Sometimes you can set up spam filters within your email program.
Outlook Express 1) Open Outlook Express 2) Click on Tools 3) Scroll down to Message Rules 4) You can either set up blocking rules for Mail or News. Microsoft Outlook 1) Open Microsoft Outlook 2) Click on Tools 3) Scroll down to Rules Wizard 4) Click on Rules Wizard You will get the following message appear: Quote:
6) Select the New option You will get the following message from the Office Assistant: Quote:
I recommend selecting the create a rule from template option |
Re: The "how to complain about spam" guide
Nice post JonM.
It is very interesting to note that you have taken time jot down the rules of Spam Fighting. The sort of spam you have discussed about is e-mail spam, But, there is one another type of spam which needs to be dealt with is “Spam in search Results- Spamdexing”. Spamdexing or Search Engine Spamming is a practice of deliberately modifying the web pages, in order to increase their chances to be placed near the top rankings. Such sites are usually crap sites made up of either duplicate content or content that is not relevant enough for the users to use, or may be not even containing the keyword searched for (usually porn sites follow this practice to increase their potential traffic). The idea behind promoting such a crap is to attract more visitors to the crappy site, which carry adsense, and indirectly forcing them to click on these adsense adv, which in turn earn commission for the site owners. What a pity, that webmasters have to follow such a cheap tact to attract traffic. Search engines instead of weeding out such crappy spammed sites out of their indexes support this **** just to warm up their pockets. S.Es earn revenue from the adsense running on these sites. Not just this, they even support spam in their search results so that the surfers already infuriated from the irrelevant search results, get forced to opt for the sponsored listings in the SERPs, which again earns revenue for the S.E. Not only this, it has been found in some of the industries that S.E display totally informative sites in the organic listings (with no revenue model), and displaying trading sites in the sponsored links as they will earn revenue to the S.E. Introduction of “Cost Per Action” feature in the advertisements acted as the final nail in the coffin to earn more revenue for Google. This is because all trading sites are displayed in adv. And hence probability for profit increases. It seems that S.E have transformed into commercial bodies whose aim is just to earn money, doesn’t matter who is affected. During my work I found an article about Search Engine’s responsibility at: http://www.organicspam.com/fft_comments.asp?qid=2 This is a thought provoking concept whether or not a S.E is responsible for the search result it produces. Concluding, I wish to state that both e-mail spam and search engine spam are equally punishable offenses as both of them create nuisance for the end users, because e-mail spam provides the user with the unwanted advertisements, and in contrast search engine spam provides the users with either duplicate or irrelevant sites. |
Re: The "how to complain about spam" guide
Wow. That was quite a bump!
|
Re: The "how to complain about spam" guide
Not really, as it was sticky anyway.
|
Re: The "how to complain about spam" guide
I have just joined the site, I was reading this as a non member and just wanted to sign up to say what a great posting JonM thanks.
Now I think I will make a coffee and sit back and eat my SPAM sarnie. :tu: |
Re: The "how to complain about spam" guide
Yeah, really, "Bravo" Jon, i think this is the most useful thread I've ever read!
|
Re: The "how to complain about spam" guide
"Spam, spam, Luverly SPAM..." :) You don't NEED "Mail Filters" or anything, just tell your GENUINE Emailers to add a certain "Keyword" to their Subject Lines of Emails ... In my case 'Readme' .... then set up the ONE Filter so that all mail containing that word goes to INBOX, then a few more filters so that ALL other Mail goes straight to TRASH... You may need to CHECK 'Trash' once in a while, but in my case I generally have all the Fake Pills/Enlargement/Phishing etc, etc.. BS resting there in Trash, and only mail I EXPECT, or WANT, in INBOX .... 99.5% of the time :) |
Re: The "how to complain about spam" guide
Very interesting - Thank you
|
Re: The "how to complain about spam" guide
Thanks for this guide, very useful.
I'm a bit worried about spamcop as I accessed the e-mail on Blueyonder webmail and got the header and pasted it in as well as the body text but the next page it says 'report spam to' and keeps saying uk2.net which isn't the source of the spam, it's where my mail is redirected from... The header says the originator of the message is 77.42.202.122. Whois doesn't give any contact details for them? |
Re: The "how to complain about spam" guide
Quote:
------------------------------------------------- Here is the Virginmedia link, it can be found in the Acceptable Use Policy if you click on the Legal Stuff link at the bottom of the Virginmedia homepage, very easy to find as well. http://netreport.virginmedia.com/netreport/index.php ------------------------------------------------------------------ :bump:A bump but a worthwhile bump;) |
All times are GMT +1. The time now is 22:32. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.