SPAM - Where does it come from and how to prevent it
Spam in your Inbox is annoying and sometimes offending.
The best way to handle spam is to make a complaint to the domain where it originated from. To find out where spam originated form, you need to look at the email headers.
If you want to write to the domain administrators where the spam originated, you need to understand email headers. You cannot just 'Reply' to the message to give the spammer a piece of your mind, because it is very easy to fake an email address.
Searching through headers
Here is a sample email header (bold added). The final receiver's address is 'you@your.domain.com'.
Please note this is simply an example of email headers, and is not any reflection of companies or mail servers used within the example.
Received: (2228 bytes) by < your.domain.com > via sendmail with P:stdio/D:user/T:local (sender: <29086328@compuserve.com>) id m0xUFxr-001cL6C@your.domain.dom for you@your.domain.com ; Sat, 8 Nov 1997 10:50:35 -0800 (PST) (Smail-3.2.0.98 1997-Oct-16 #12 built 1997-Oct-28) Received: from simon.pacific.net.sg ( simon.pacific.net.sg [203.120.90.72] ) by your.domain.com (8.8.7/8.7.3) with ESMTP id KAA01565; Sat, 8 Nov 1997 10:43:34 -0800 (PST) From: 29086328@compuserve.com Received: from pop1.pacific.net.sg ( pop1.pacific.net.sg [203.120.90.85] ) by simon.pacific.net.sg with ESMTP id CAA25373; Sun, 9 Nov 1997 02:44:51 +0800 (SGT) Received: from po.pacific.net.sg ( hd58-032.hil.compuserve.com [199.174.238.32] ) by pop1.pacific.net.sg with SMTP id CAA12179; Sun, 9 Nov 1997 02:43:10 +0800 (SGT) Received: from mail.compuserve.com ( mail.compuserve.com (205.5.81.86) ) by compuserve.com (8.8.5/8.6.5) with SMTP id GAA04211 for <87789123456@aol.com>
It may look confusing, but there are some patterns that tell you everything you need to know. The header can be broken into several sections, each beginning with the word "Received".
The first ' Received ' is from your email server. This section lists the supposed sender, the message ID number, and when the message came in. The other ' Received: from ' tags are from remailers that the spammer used to make it more difficult to track him/her down.
Find the last ' Received: from ' entry in the header. This usually shows the originating server. Find and write down the server domain and its IP address. This information appears in parenthesis in each ' Received: from ' entry.
| Machine Name | IP Address |
| mail.compuserve.com | 205.5.81.86 |
| hd58-032. hil.compuserve.com | 199.174.238.32 |
| popl.pacific.net.sg | 203.120.90.85 |
| simon.pacific.net.sg | 203.120.90.72 |
Filing Complaints
Once you have determined the origin of the spam, you are ready to file a complaint with the spammer's ISP (Internet Service Provider). Most ISPs have a dedicated address for complaints about spam or other abuses. This address is often 'abuse@domain.com', but may be different for each ISP.
Here are some guidelines to follow when preparing your complaint.
- Put the complaint before the body of the forwarded message.
- Always forward the offending spam to the ISP. Do not cut, paste, and re-send it because it may create extra email headers. Leave the headers intact.
- Keep your complaint short and non-abusive. The spam did not come from the ISP, it came from a user on the ISP's system. For example, write "I received this unsolicited commercial email from one of your users. Please take the appropriate action to ensure this doesn't happen again."
- Only send one complaint per spam received. Most ISP's have an auto-reply system for messages sent to 'abuse'. Sending multiple messages won't get your problem resolved any faster and only adds to the work for the ISP.
- Mail-bombing, threatening, or attempting to disrupt an ISP's service will never get your problem resolved, and may also be illegal.
If your message bounces back as undeliverable, visit the website of the domain you are trying to contact. Most ISP's will have an 'acceptable use' agreement on their sites detailing how to contact them regarding member abuses.
Preventing SPAM
Unwanted SPAM in your Inbox is annoying, and sometimes offending.
Here are some effective ways to keep your email address from being sold or abused by spammers.
Removal Addresses: Never respond to the 'removal request' email address that shows up in some spam. Doing so is a quick way to end up on the list of dozens of other spammers. It's best just to complain directly to the spammer's service provider. Usenet Newsgroups: Never post a message to a newsgroup using your real email address. A very simple way to cloak your address from the spam-robots is to add 'spam-bait' to it. For instance, if your email address is "jdoe@internet.com" change it to something like "jdoe|NO_Spam@internet.com|NoSpam". This makes it easy for others to see your address, but the spam robots cannot make that distinction (yet...). Use spam-bait on email addresses in your news-reader program and in any signature files you use. Robots can get your address from there too.
Personal Websites: If you have your own website, never put a link to your email address on it unless you cloak it as described above. Instead, try a mailto CGI script that lets people fill out a form on your page. There are several online resources for creating your own scripts. Consult your ISP if you need help setting them up.
Online Services: Never publish a 'user profile'. Find out if you can request exclusion from any member directories. Ask the service about setting up a separate user ID (with separate email box) that you can use for chat rooms or newsgroups. Also, ask if the service offers any mail filters to keep messages from known spammers out of your mailbox.
Online Software Registration: Always double check which options you are checking when registering your software. Online registration programs often let you choose to have your address added to a list of addresses so the business can send you email. Sometimes you have to uncheck a box if you don't want advertisements.
Electronic News Subscriptions: The same warnings as above apply here. Read the options very carefully.
If you have HOT MAIL you can block the email ( you should block the entire @domain.com ). Use the BLOCK button located next to the DELETE button.
If you have YAHOO MAIL you can go to OPTIONS->Block addresses.
If you have OUTLOOK Express/Pro go to TOOLS->Message Rules->Blocked Senders List. And add the domain or email you wish to block.
Request Phish Takedown NOW!
1-(415)-200-0621
Anti-Phishing Solutions
Protect your Brand
- The fastest Phishing detection and response possible.
- Protect your Customers
- Protect your Brand Reputation
- FAST Site Takedown
- 24x7 Security Operations Centre
Phishing URL Data Feed
A Feed of known Phishing URL's
- 100% Human Verified
- Updated Real-Time
- Protect Consumers
- Variety of Data Formats
FWI Fraud Shield v1.04
Powerful Anti-Phishing Software
Consumer Online Privacy & ID Theft Protection.
Phish Site Takedown: Request NOW!
Are you currently targeted by an active phishing site?
- Phishing Sites taken down by our 24x7 Security Operations Centre
- Immediate Take Down, 1 time payment
- No contracts!
hostPHISH Alert
for Web Hosts - Reduce Abuse of your systems
- Immediate notification of Phishing on your servers
- Push Hackers and Phishers away from your space
- Notification by email and/or SMS
- Immediate notification of Phishing on your servers
intelliPHISH
Exclusive FREE Membership for FI's
- Phishing Basics, Stats, Intel
- Trend Analysis, Response Tips
Report a fraudulent email
Nigerian 419 Scam letters, Lottery emails, Phishing emails and other fraudulent emails should be forwarded to our Investigation Team at:
Subscribe to Fraud Alerts
Subscribe Free to FraudWatch International and receive our Phishing Fraud Alerts in your Inbox!