Dear Internet Patrol, How do I read the fine print in the spam’s header information to determine from where the spam really originated? I forwarded one to email@example.com, and they sent me an e-mail saying it wasn’t a correct address. Thank you, Kim
You raise a number of interesting points and questions in your email. First, if you get spam which appears to be from someone at Hotmail, then pretty much the only thing which you can be certain of right off the bat is that it isn’t from Hotmail. So Hotmail was probably correct in returning the spam to you, even though you were trying to do the right thing.
In fact, if you receive spam of the real, true “Make Money Fast” variety, you can rest assured that 99.9% of the time the domain featured in the “From:” email address will belong to an ISP or other Internet site which has no connection to the spam whatsoever. This is known as “domain spoofing”, and it is now illegal under CAN-SPAM. Of course, littering is illegal too, but that doesn’t seem to stop the litterbugs either.
You are to be commended for wanting to dive into the world of reading headers, and while on some levels it can be very complicated, there is a first level on which it is not difficult at all, and can still be very useful. The first thing you will need to do is to open up an email, and then switch to the ‘full header view’. This is called many things by many different email programs, but the most common terms are “full headers”, “all headers” and “raw view”.
Now you will note that in addition to seeing the traditional headers such as “From:”, “To:”, “Subject:”, and “Reply-To:”, you will also see lots of other lines, many containing IP addresses. The answer to the question “to whom do I report this spam” lies within these lines. These lines can tell you where the spam originated (or at least what the next closest link was), where it went from there, through which Internet locations it hopped, and generally the path it took to get to your front door. You only have to know how to read the information. If you want to delve even deeper, you can learn all sorts of things, such as where the spammer was geographically when they sent the offending message, what time they sent the spam, and what sorts of resources they abused in the process. But for our purposes we just want to know the path the spam took to get to you.
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
However, rather than tell you how to read those lines, We are going to refer you to a couple of sites which will not only tell you how to read those headers, but which will do so very well. The links are at the end of this missive.
Once you have determined the path which the email likely took, you will a) realize that indeed the email never came close to the domain which is featured in the “From:” address, and b) have a good sense of where its been (no, that doesn’t mean that you can put it in your mouth), so that you know to whom to report it.
Now, once you know the sites which were involved, how do you determine the email addresses to which you should send your complaints? Conventional wisdom holds that any responsibly administered mail server will maintain either or both of postmaster@domain and abuse@domain. These are known as role accounts, and while there can be many other role accounts (for example “root”, “webmaster” and “news”), these are the only two with which we need concern ourselves for this exercise. Of course, conventional wisdom is not always right – the recommended role accounts are not always set up, but that is not your problem. We recommend that once you determine to which sites you want to send the reports, you send them to postmaster@domain and abuse@domain. So, for example, if you have figured out that one of the domains involved in transitting the spam is “jafljdjadjk.com”, you may want to send email to firstname.lastname@example.org and email@example.com (note that this is a made up domain, so that if any spammer scrapes these addresses it won’t cause anybody real to get spammed).
When reporting spam, you should always assume that the site to which you are reporting the spam probably does not know that they have an embarrassing spam problem, and so should approach them with gentleness and respect (good advice for all initial encounters, online and off, we think). You should also assume, particularly with an Internet site of substantial size, that their abuse staff is horribly understaffed and overworked, and so a delay in response of a few days may not be unreasonable (in fact some sites don’t respond to the person making the report at all).
Ok, we promised you some links to sites which will teach you how to divine the information contained in the headers of your spam, and here they are:
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!