Complaining about spam

It's important to know both how to complain effectively and where a complaint should be addressed.

It is increasingly true that spammers forge header information. If you complain, do make sure that you direct your complaint appropriately.

The best address to send complaints to is postmaster@offending.site. Every responsible site will have that address. Be aware, however, that many sites (especially the larger ones, such as Netcom and Earthlink) have set up a specific abuse address (i.e. abuse@netcom.com) for handling complaints about spam. Many people send a copy of the complaint to the offender as well.

First and foremost, BE POLITE. It is not (usually!) the postmaster's fault. Include full headers from the message, and describe why you think it came from the site in question. Point out that you did not request this email, and make it clear you don't want any more of it. And above all, DO NOT MAILBOMB. That is grounds for your own account to be yanked, and it will not help your complaint.

Second, do as much as you can to ensure that you're sending your complaint to the right place. Spammers often forge header information into the mail they send out, and a lot of innocent third parties- victims of the spammer at least as much as the spam recipients are-- get the complaints. Figuring out where the spam came from means looking at the headers, not just the return address in the From: line.

If you do not receive a response, or you get a canned response and the spam keeps coming, it may be that the spammer is his own provider! Don't despair, there is still recourse...

The fundamental principle in fighting spam is to cut the connectivity. Ordinarily, this means contacting the spammer's ISP. If the spammer is the ISP, the next step is to contact the company who provides a connection to the ISP itself. The tools for this are whois and traceroute.

As an example, take bbbiiizzz.com, a site of recent UCE:

$ traceroute bbbiiizzz.com
traceroute to bbbiiizzz.com (207.33.109.3), 30 hops max, 40 byte packets
 1  xenyn-eid-E0-1.nyc.access.net (198.7.0.126)  2 ms  8 ms  4 ms
 2  sl-dc-12-S3/2-T1.sprintlink.net (144.228.122.5)  11 ms  23 ms  22 ms
 3  * * *
 4  sl-mae-e-H2/0-T3.sprintlink.net (144.228.10.42)  76 ms  102 ms  29 ms
 5  br2.tco1.alter.net (192.41.177.249)  15 ms  20 ms  13 ms
 6  Hssi1-0.CR2.DCA1.Alter.Net (137.39.100.22)  21 ms  29 ms  12 ms
 7  * * 101.Hssi5-0.CR2.SCL1.Alter.Net (137.39.58.86)  156 ms
 8  Fddi0-0.GW1.SCL1.Alter.Net (137.39.19.1)  119 ms  119 ms  139 ms
 9  uunet-gw-ds3.mv.best.net (137.39.133.90)  127 ms  124 ms  124 ms
10  tlg-ds3.best.net (206.86.228.90)  102 ms  191 ms  203 ms
11  gw2-sf-tlg.tlg.net (140.174.125.2)  148 ms  108 ms  107 ms
12  tlg-cust-link.tlg.net (140.174.36.4)  103 ms  128 ms  104  ms
13  rno-ms4.greatbasin.net (206.14.169.13)  113 ms  127 ms  114 ms
14  big.bbbiiizzz.com (207.33.109.3)  119 ms  108 ms  141 ms

If postmaster@bbbiiizzz.com is unsympathetic (as has proved the case), the next step is to complain to postmaster@greatbasin.net, and so on up the chain.

Checking the InterNIC's database reveals one interesting point, however:

$ whois bbbiiizzz.com
Big Biz World (BBBIIIZZZ-DOM)
   1541 S. Beretania Street, Suite 208
   Honolulu, HI 96826
   US

   Domain Name: BBBIIIZZZ.COM

   Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
      Huntington, Ralph J  (RH332)  dns@ZRS.NET
      808-686-3855

   Record last updated on 09-Jul-96.
   Record created on 08-Mar-95.

   Domain servers in listed order:

   BIG.BBBIIIZZZ.COM		207.33.109.3
   NS1.GREATBASIN.NET		140.174.194.42
   NS2.GREATBASIN.NET		204.94.164.194

Ordinarily, the NIC contact for a site will have an email address either within the site or at the site immediately upstream. The fact that the contact for bbbiiizzz.com is at a third location suggests that you may wish to drop a line to zrs.net (and perhaps its provider) as well.

Still, if response to your complaint is not immediately forthcoming, be patient. Especially in the cases of large-scale spams, the postmaster may be buried under a mountain of displeased email (not to mention mailbombs and other antisocial responses).



Last Modified:Wednesday, 30-Jan-2013 12:14:13 EST
© Copyright 2006-2011 Public Access Networks Corporation