|
Policies & Guidelines
SOS Services
Spam Information
Incident Reporting
Security Guides
Setting Passwords
SOS Staff
FAQ

ITS sponsors an annual security
awareness campaign
 |
Making Complaints
About Spam
Since commercial spammers use
technical forgery methods, tracking them down is almost impossible. The
best way to deal with this type of e-mail is to delete it. There is currently
no foolproof way for system administrators to configure the campus wide
e-mail system to determine what is spam and what is valid e-mail.
To
send spam, a spammer must have Internet access, so he or she must be a
customer of an Internet Service Provider (ISP). All ISPs have acceptable
use policies which state what a customer can and cannot do using their
Internet connection and the sanctions for infractions. Not all acceptable
use policies are alike, nor are they enforced in any uniform way.
However, complaining to an ISP of receiving spam from their network is
one way to get relief from some spam.
To make a complaint, you must:
-
Find out which IP address within the spam e-mail’s
full header initiated the spam mailing.
-
Find out which ISP owns the range of IP addresses
which contain that one address.
-
Find the ISP’s e-mail address that handles this
type of complaint.
1.
Phony addresses in the "From" line of a spam mail are usually
not an indication of which ISP was used to send the spam. Most are not
valid addresses in the first place. You need to find the IP address
from which the spam was mailed. An IP address is a grouping of four
numbers, separated by a period, with a maximum value of 255. An
example is [123.123.123.123].
To
find the initiating IP address of the spam mail, display the full
headers of that message. The method of displaying headers is different
with each brand of e-mail software. View the header
page to see instructions for displaying full headers for many common e-mail
clients.
Examples
of e-mail header with the message body of an e-mail worm and different
types of spam can be viewed by selecting one of the links below:
- Header
and message body together, of an e-mail which carried an attachment
that was infected with a common e-mail worm, the
W32.Mimail.A@mm. (printable .pdf
version)
- Header
and message body together, of a mass mailed spam e-mail. (printable
.pdf version)
- Header
and message body together, of a mass mailed spam e-mail, with two real
hops, no forgery, before arriving at Penn State. (printable
.pdf version)
- Header
and message body together, of a mass mailed spam e-mail, where the spammer
just went crazy, and inserted THREE bogus hops into the headers, before
sending. (printable
.pdf version)
- The
IP address of the Penn State e-mail server ([146.186.15.17]
see the top line) has been forged as the machine name at the
originating hop, and as the receiving server in the faked first hop.
(printable
.pdf version)
- An example
of a spammer using web-based e-mail, in this case Yahoo, as the mailer
for the spam. The spammer still needs an ISP to use this Internet
service, so the hop from
[80.88.128.12], a Danish ISP, to Yahoo is not faked.
(printable
.pdf version)
Once
the full header is displayed, decide which IP address found within the
header is the source so that the ISP of origin can be determined in the
next step.
2. Next, you will need
to enter the IP address into a whois lookup (pronounced who-is) listed
below to find the ISP which is responsible for it. Once the lookup is
complete, report it to the responsible network.
|
Country |
Address |
|
ARIN – American Registry for Internet Numbers
Covers the United States, Canada, some Caribbean
nations, some Mexico, and some older more established address
ranges in other parts of the world which have not been reassigned
to their regional NCCs.
|
http://www.arin.net
|
| LACNIC – Latin American and Caribbean
Internet Address Registry |
http://www.lacnic.net/ |
|
RIPE NCC – Réseaux IP Européens Network Coordination
Centre
Europe, including Russia and some western
former Soviet bloc nations, Africa, and the Middle East.
|
http://www.ripe.net/ |
| AfriNIC - The Allocation and Registration
of Internet Number resources is AfriNIC's core activity. These
are performed by AfriNIC Registration Service. |
http://www.afrinic.net/ |
|
APNIC – Asia Pacific Network Information
Centre
Most of continental Asia, and Pacific Ocean
nations, including Australia and New Zealand.
|
http://www.apnic.net/ |
|
Brazil:
Due to Brazil’s large population and rapidly
expanding Internet coverage, LACNIC has a separate whois database
used for Brazilian contacts.
|
http://whois.nic.br/ (Brazilian NR Whois tool) |
|
Japan - JPNIC Whois Gateway
|
http://whois.nic.ad.jp/cgi-bin/whois_gw
(Choose English) |
|
South Korea - KRNIC Korea Network Information
Center
|
http://whois.krnic.net/english/ |
| Taiwan (Republic of China) - TWNIC Taiwan
Network Information Center |
http://www.twnic.net/English/Index.htm |
|
Certain other Asia Pacific Whois sites:
Due to their large populations and rapidly
expanding Internet demands, some Asian nations have more comprehensive
listings in their individual Whois databases. Start with
APNIC Whois. If minimal information is given for an ISP
contact in one of the following countries, the APNIC output
will further direct you to search one of these.
|
return
to the top
Return to relevant pages:
|