SOS - Making Spam Complaints

Since commercial spammers use technical forgery methods, tracking them down is almost impossible. The best way to deal with this type of e-mail is to delete it. There is currently no foolproof way for system administrators to configure the campus wide e-mail system to determine what is spam and what is valid e-mail.

To send spam, a spammer must have Internet access, so he or she must be a customer of an Internet Service Provider (ISP). All ISPs have acceptable use policies which state what a customer can and cannot do using their Internet connection and the sanctions for infractions. Not all acceptable use policies are alike, nor are they enforced in any uniform way. However, complaining to an ISP of receiving spam from their network is one way to get relief from some spam.

1. Phony addresses in the "From" line of a spam mail are usually not an indication of which ISP was used to send the spam. Most are not valid addresses in the first place. You need to find the IP address from which the spam was mailed. An IP address is a grouping of four numbers, separated by a period, with a maximum value of 255. An example is [123.123.123.123].

To find the initiating IP address of the spam mail, display the full headers of that message. The method of displaying headers is different with each brand of e-mail software. View the header page to see instructions for displaying full headers for many common e-mail clients.

Examples of e-mail header with the message body of an e-mail worm and different types of spam can be viewed by selecting one of the links below:

Once the full header is displayed, decide which IP address found within the header is the source so that the ISP of origin can be determined in the next step.

2. Next, you will need to enter the IP address into a whois lookup (pronounced who-is) listed below to find the ISP which is responsible for it. Once the lookup is complete, report it to the responsible network.

Country	Address
ARIN – American Registry for Internet Numbers Covers the United States, Canada, some Caribbean nations, some Mexico, and some older more established address ranges in other parts of the world which have not been reassigned to their regional NCCs.	http://www.arin.net
LACNIC – Latin American and Caribbean Internet Address Registry	http://www.lacnic.net/
RIPE NCC – Réseaux IP Européens Network Coordination Centre Europe, including Russia and some western former Soviet bloc nations, Africa, and the Middle East.	http://www.ripe.net/
AfriNIC - The Allocation and Registration of Internet Number resources is AfriNIC's core activity. These are performed by AfriNIC Registration Service.	http://www.afrinic.net/
APNIC – Asia Pacific Network Information Centre Most of continental Asia, and Pacific Ocean nations, including Australia and New Zealand.	http://www.apnic.net/
Brazil: Due to Brazil’s large population and rapidly expanding Internet coverage, LACNIC has a separate whois database used for Brazilian contacts.	http://whois.nic.br/ (Brazilian NR Whois tool)
Japan - JPNIC Whois Gateway	http://whois.nic.ad.jp/cgi-bin/whois_gw (Choose English)
South Korea - KRNIC Korea Network Information Center	http://whois.krnic.net/english/
Taiwan (Republic of China) - TWNIC Taiwan Network Information Center	http://www.twnic.net/English/Index.htm

Certain other Asia Pacific Whois sites:

Due to their large populations and rapidly expanding Internet demands, some Asian nations have more comprehensive listings in their individual Whois databases. Start with APNIC Whois. If minimal information is given for an ISP contact in one of the following countries, the APNIC output will further direct you to search one of these.