What to do When You Receive Spam

First of all, relax. Spam happens to everyone. The person sending the spam did not single you out, and they are not out to get you. In the world today, we are bombarded with information, unfortunately not all of it is going to be what we want to hear. Do not respond to spam with angry messages, and do not attempt to "spam the spammer" as this simply compounds the spamming problem. This doesn't mean that you shouldn't do anything; however, there are more effective ways to battle spam.

[More Information on Identifying Spam]

Once you have identified an email as spam, follow these steps:

  1. View the header information and determine where the spam is actually coming from. To access the header information of an email follow the client-specific instructions below:


    Email Client Header Instructions
    Microsoft Outlook Express

    With the email message open:

    • Select File from the top menu
    • Click the Properties option
    • Select the Details tab.
    Microsoft Outlook

    With the email message open:

    • select View from the top menu
    • Click Options
    • The header information is displayed in the box labeled Internet Headers
    Netscape

    To view the full header information for all e-mail messages:

    • Select View from the top menu
    • Select Headers
    • Select All
    Eudora

    From the top of an opened email:

    • Click the Blah Blah Blah icon


  2. The important header information is located in the Received lines. Each time an email message is passed between mail servers or computers, a Received line is added to the header. Reading the Received lines from the top down describes the path back to the sender. Therefore, the very last Received line will contain information about the original sender of the email. Recieved lines are formated as follows:

    Received: from anywhere.com (spamman@anywhere.com [194.168.31.1]) by you.ca (0.0.1/0.0.2) with SMTP id MAA00153 for jdoe; Mon, 13 Aug 2002 07:12:42 -0500

    The information located in the from field (coloured orange), contains the name and IP Address of the sender. If this is the last Received line in the header, then you know the email originated from 194.168.31.1


  3. Now that you know the email and IP Address of the sender, you can use a Whois database to find the spammer's domain administrator and the ISP that is hosting them.

    Using the spammer's email address, enter the domain name portion (eg: anywhere.com). If it is a .com, .net, .biz, or .org, domain name, then visit Internic.net and type the name into their Whois search. If it is a .ca domain name, the place to check is the CIRA Whois Database. For a list of Whois servers for the top level domains of all other countries, visit the Top-Level Registries page.

    Using the spammer's IP Address visit one of the following IP Address Whois Databases: whois.arin.net for North America, whois.ripe.net for Europe, and whois.apnic.net for Asia Pacific.

    [More information on Tracing Spam]


  4. Once you have found the spammer's ISP, report the spamming incident to the postmaster or email abuse contact of their domain. If there are no postmaster or abuse email addresses found, send your complaint to the administrative contact of their ISP. Be sure to include a copy of the original spam's header in your message to allow the ISP to locate the spammer's account and deactivate it.


  5. You may also report the spamming incident to a spam blacklisting service. These services keep extensive lists of servers that originate spam and harbour spammers. Many servers on the internet use these blacklists or RBL's to automatically block any messages they receive from servers listed. When you submit spam to an RBL, make sure to include the original headers with your message so that the appropriate action can be taken.

    [More Information on Reporting Spam]