We know how it can get ø you've just received your umpteenth junk email and you're starting to get fed up. But what do you do? We will show you how to find out where the spam comes from and how to report the spam abuse to the proper establishments.

Sending spam from our network is a direct violation of our Acceptable Use Policy. If we discover that a customer is sending unsolicited email, their account is terminated. However, much of the spam that our customers receive comes from other Internet providers, so unfortunately we aren't able to delete their account. The Internet provider of the spam sender will need to be alerted by you, the recipient.

How can you tell what provider a spammer is using? This guide will show you how. The first thing you need to know is that spammers are very tricky! Often times they will spoof (another word for fake) the To and From lines of their emails. Don't always trust what you see! If the From line says johndoe@netnet.net (for example), it doesn't necessarily mean that it actually came from a NetNet customer, and it's also possible that no such email address even exists!

Another tactic that spammers use is to set the From line to the same thing as the recipient (YOUR email address) when of course it's unlikely you would send junk mail to yourself. This is a ploy to make people curious enough about the email to read it, and this trick seems to work very well. Don't panic! Other people unfortunate enough to receive the same spam message will not see your email address, rather their own.

To find out what provider a spammer is using, you will need to know about something called headers. Normally, email programs will display normal or brief headers. Brief headers normally only show To, From and Subject, all of which can be set to anything the spammer wants! You'll need to do some further investigating to find out where the message really came from. For this, you'll need to look at the full message headers.

Full message headers give us additional information, such as the route that the message took before it arrived, any mail servers it passed through, and (in many cases) the IP Address of the sender. An IP address is a numerical designation given to any computer connected to the Internet. Each Internet provider has a range of IP addresses they can provide to their customers. If you have the IP address of the sender, it's possible to find out which provider it belongs to and thus where you should report the spam abuse.

Each mail program has it's own method of displaying the full message headers. For instance, in Outlook Express, first you would want to highlight the message in question by clicking on it. Next, use the File pull-down menu and select Properties. A new window will appear with General and Details tabs. Click on the Details tab and you'll be able to view the full message header. It should appear something like this:

It may look confusing at first, but with the right knowledge you can find a lot of information in the full header. As a general rule of thumb, the further down the full header you go, the closer you get to the source. Let's break it down:

Return-Path: sue@hotmail.com

This shows where the message was apparently from. Again, this address was most likely faked by the spammer

Received: from faulkner.netnet.net (tunnel1.netnet.net [192.168.0.1])

by fitzgerald.netnet.net (8.12.4/8.12.4) with ESMTP id g6JFlqN0001737;

Fri, 19 Jul 2002 10:47:52 –0500

This shows that our server faulkner.netnet.net transferred the message to fitzgerald.netnet.net (another one of our mail servers) for delivery. This is normal.

Received: from hotmail.com (dsl-207.50.143-pool-226.cwpanama.net [207.50.143.226] (may be forged))

by faulkner.netnet.net (8.11.5/8.11.3) with SMTP id g6JFkwk30707;

Fri, 19 Jul 2002 10:46:59 –0500

In this section of the full header, we can see that faulkner.netnet.net accepted a message that was apparently from hotmail.com. You might think that it's time to contact Hotmail to complain, but hold on because we're not done yet! Immediately after hotmail.com you'll see (dsl-207.50.143-pool-226.cwpanama.net [207.50.143.226] (may be forged)).

Aha! We now have the domain name (cwpanama.net) and the IP address (207.50.143.226) of the sender. The sender of the message had faked the name hotmail.com to make it harder to trace. Very tricky!

Now that you know where the message actually came from, it's time to contact the spammer's provider to file a complaint. Usually you want to write to abuse@provider and support@provider. In this case, I would draft an email to abuse@cwpanama.net and support@cwpanama.net.

Usually the best thing to do is to forward the original spam message as an attachment so the full headers are preserved. Doing a simple forward only sends the simple headers, which would do no good. To forward a message as an attachment in Outlook Express, you would first highlight the spam message in the list, then go to the Message pull-down menu and select Forward As Attachment.

In the body of the email, be polite – after all, it was most likely not the service provider's fault, rather one of their customers. We suggest something like this,

Subject: Spam Abuse Complaint

Dear Sir or Madam:

Attached is an unsolicited email I received from someone using your network. I'm sending this to you so you can trace the spam back to the group or individual user. Please do everything in your power to see that this spamming activity is stopped. If possible, please reply to confirm you got this email

Thank you!

After that, you simply wait. Some providers (such as NetNet) have a very strict policy against their users sending spam and will take immediate action. Others may not be so helpful, and yet others will do nothing at all. The point is that you've at least tried, and you can feel good about the fact that you've done your part to help eliminate spam!

If you have any other questions, please feel free to contact us.