I didn't see the weather forcasting of the famous ground hog
Punxsutawney Phil on February second, but this month certainly
seemed to usher in a veritable blizzard of bad weather in
the form of spam, at least in my mailbox. The internet watch
gurus have been strangely silent about this storm, but I'm
sure it's not just happening to me.
Ground hog seeing shadow or no, something happened around
the first of February. Suddenly I was getting as many as five
spam messages a day in my mailbox. Since I try not to get
too intimate with the nuts and bolts of programming, which
to me the full headers of e-mail look suspiciously like, I
have never considered e-mail headers very exciting reading.
"E-Mail the Spammer" Advice
But with the stuff landing in my mailbox with such great regularity,
I decided to take action -- and that action was not to mail
the spammer and tell them I wanted off their list. I had read
enough discussions of spam to know that was the last thing
anybody should do. If anyone tells you to e-mail the spammers,
take a look at Randy Cassingham's Spam Primer.
For some reason, the technical support people, at least at
my ISP, tend to advise ignoring spam or deleteing it. And
that had worked for several years now. But the problem had
reached a point where I no longer wanted to do this but I
didn't know how to go from doing nothing to doing something
constructive about it.
As I was contemplating just how much time I wanted to invest
in learning how to be proactive with spam, I helped a friend
get connected to the internet and begin using e-mail. We activated
her account, got her e-mail program working. She sent a message
to a couple of her kids and I went home and sent her a test
e-mail. I went back the next day to walk her through logging
on and check her mail. Much to my amazement, along with the
test messages were two spam letters. This struck me as bizarre
indeed. How did spammers even get her e-mail address this
After this incident I decided whatever time it took, this
spam needed to be reported.
I e-mailed my ISP about the growing problem, asked if they
had noticed it, specifically asked why my friend had gotten
spam so quickly, and waited for an answer. The advice? Tech
support for this ISP had advised e-mailing the spammer to
be taken off the list. Aaaargh!
Besides writing back to my ISP and indicating this was probably
the last thing anyone should do with spam, I also reminded
them that my questions remained unanswered. Why this sudden
blizzard of spam? Why spam in a mailbox that wasn't yet 24
hours old? I didn't know much about headers, but I did recognize
the lack of a name in the "To:" field, where there was nothing
but an open and closed parentheses, as unusual. And I noticed
that the spam went directly to my ISP's provider -- so it
looked for all the world to me like someone within the ISP
provider was trolling for addresses.
Time, I decided, to learn a bit more about spam.
If you really want to know about the ins and outs of spam,
spend some time at Pete Moss Publishing's "Spam News" site,
where you will find a list of spam FAQs, directions for sending
complaints to ISPs, and information about how to keep your
name concealed while using the more popular e-mail list software
around the net such as Majordomo, LISTSERV, and Lyris. Be
aware, though, that posting to a list will make your name
and address public, especially if the lists are archived on
Up to now it's been no problem for me to delete most of the
spam I get, and in the rare case of really obnoxious stuff,
to send a copy with the full header to my local ISP. I didn't
know that ISPs generally use "abuse@[your local ISP net address]"
for users to report spam. After all, I was simply being told
to ignore the stuff.
If you do report a message to your local ISP at their abuse@
address, you will need to expand the mailing address in your
e-mail. With Eudora, that is the "blah blah blah" toggle at
the top of the message. Click on it and you will get a complete
path of where the message came from and what servers it went
through to get to you. Your ISP can block e-mail from the
offending server from your mail address if they have the full
header. Would that tech support knew about such wonders!
Some Like to Know: Other's Don't
A lot of spam was coming into my mailbox from hotmail.com,
usa.net, and aol.com. This makes sense, because these organizations
offer free e-mail accounts. Anyone can sign on, promise to
abide by the rules, than spam the world until someone complains
and they are bounced off. So they sign on somewhere else free
under a bogus name and do the same again.
Since these sites offer free e-mail, I checked them out to
see if there was a convenient way to report spam to them.
Hotmail had a page of contacts which clearly told you how
to report spam by using firstname.lastname@example.org. Neither aol.com
nor usa.net had any place to find out about reporting spam.
When I e-mailed usa.net that I couldn't find any sign of anyone
to report spam to on their site, I got an indignant e-mail
back that they did not condone spam. Conveniently missing
my point. No mention was made of using email@example.com to report
After notifying Hotmail of the abuse by following their instructions,
they acknowledged the complaint, reiterated their determination
to prevent this kind of usage, and told me they had canceled
this account. To make this complaint, all I had to do was
paste the complete copy of the spam with the expanded header
into an e-mail, tell them I didn't like unsolicited mail,
and send it off. I did not have to be able to decipher the
expanded routing address, which was great.
Spam Filters and Automatic Reporting
With a web search, I quickly turned up the Network Abuse Clearing
House and learned a lot about spam there. At this site you
may search for known e-mail addresses for ISPs by name or
by number, but if you want to send a spam complaint through
this site to be forwarded to offending servers, you will need
Using the resources at the Network Abuse Clearing House site
means you have to search around in the expanded header and
figure out which numbers or names to look up, and this can
get to be several addresses if the e-mail has been passed
around a lot of servers. It took me quite a while to figure
out how to really use this site effectively and my first reporting
attempt was incorrectly addressed and bounced, but I eventually
got the hang of it.
The Network Abuse Clearing House provides a lengthy list of
programs you can download and install on your machine to automate
the process of figuring out all these server addresses, but
I really didn't want to deal with trying trying to set up
software to do this. And anyway, it wasn't clear if any of
them worked on a mac (Pete Moss's site does have a list of
Mac filters). Tucows also provides anti-spam filters at their
various associated sites.
Luckily, I turned up Spam Cop in my searching and following
of links. Here's that automatic message generator sitting
handily right there in my browser window ready for me to paste
in a copy of the spam. After you paste in a copy with the
header expanded, you click on the "parse" button and the program
tells you which servers are involved and whether there have
been complaints about these servers before. After you've seen
the analysis, you can decide whether to send the automatically
generated complaint or not. Click the button, and it's done.
There are no longer several e-mail messages to generate for
each server and my mailbox isn't full of numerous notes to
various ISPs. Nice, clean, and simple.
Many of the ISPs I contacted e-mailed back and were happy
to have the information I sent. For the most part, they are
as determined to stamp out spam as any of us, but unless you
take the time to notify them, they may miss some of what's
And yes, I'm still waiting for answers to my questions from