It occured to me that I may not have brought things to a neat conclusion on the post earlier about tracking email header data. I did make reference to sending an abuse report. Here’s an attempt to clear up a few things that might still be fuzzy.
1) usually the correct address is ab use@ser viceproviderordomain.com *(spaces inserted to prevent scraping.) It’s worth checking to verify that is correct for the domain you’re looking to report to (abuse is an email address that is required to be working for a domain.)
2) don’t send reports on every single message, you essentially overwhelm the abuse desks ability to cope. Reserve that for incidents that are a step beyond the normal noise. For instance, multiple messages from the same machine (or a flood) multiple bounces that have been sent in your name (without your ok), threatening messages, the list goes on a bit, but the point is to save this for _serious_ problems.
3) include the message headers of at least one sample (I like to send two headers along just to give corroboration. Since it’s possible to create extra Received: lines it makes an argument much stronger to see two messages with the same originating Received: stamps. In other words it makes it easier to see the “point where the lines meet”.
So the only question I see left is how do I get at the headers?
It varies by mail client. I use Evolution under Linux and with Evolution you go to the View menu, message display and select “show email source”.
Under Kmail/Kontact on Linux you highlight the message and select View, headers, all headers from the main menu.
In Yahoo’s webmail there’s a link when you’re viewing a message to view “full headers” at the right hand side near the top. (If you don’t see it, you may need to troll through the options.)
Microsoft Outlook Express, under windows is a bit trickier… when viewing the list of messages, right click the desired message and select properties, then details and it will show the headers in the box. (It is possible to select and right-click copy from here.) When you’ve opened a message “standalone” (in it’s own window as opposed to the preview mode), you can get to the same box from the file menu, then properties.
In Microsoft Outlook, when viewing the message you have to use that message’s view menu, then select options, and there you should see a box with the headers. (Tested with Outlook 98)
And under Mozilla Thunderbird (for Windows) (not sure if the user interface is identical under linux), you can highlight a message (or open it) and then Select the View menu and “message source” should be near the bottom. (It also has a shortcut ctrl-u) I presume that would work while viewing or previewing a message.
Once you can see the headers, all you have to do is copy and paste them into a brief message. It’s best to be kind to the abuse admins, I suspect they get a lot of abuse themselves, so try and avoid the nasty rants about how their flood of junk from a viral system has paralyzed your work for the day. Straight and to the point is how I usually go.
Subject: Machine in **SERVICE PROVIDER DOMAIN** has been sending a flood of junk|virus mail my way
Hi, my name is Avery and I’ve been receiving a large number of viral/spam messages from a machine that appears to be in the **SERVICE PROVIDER DOMAIN** network. Below you will find headers from two messages that seem to have originated from **IP ADDRESS of sick system**
paste header 1
paste header 2
Thanks for your attention in clearing the matter up,
blah blah blah
I tend to like giving the IP of the system that I suspect in the text to keep them from having to connect the dots themselves. Also, if it’s a virus and I know what virus it is (my mailserver AV scanner named it for instance), then I’ll mention that in the email as well. I feel like if nothing else it gives them a bit more information, gives an idea you have a clue and hopefully helps things to get cleared up quick.
Some providers send a quick auto-response back with general info (Telling what “jurisdiction” this email account has, where to take other specific matters, etc.) Sometimes though you hear nothing at all. I don’t think I’ve ever heard anything back outside of the auto response “thank you for your message” stuff. One provider I’ve dealt with several times is pretty good with their response and I can see the flood stop within 24-48 hours usually. On that point your mileage will likely vary wildly.
Related PostsRelated Posts
- Progress... Well, things are shaping up a little better today on some fronts. My webhosting provider apologized for the offensive tone of the subject of their message to me. (Given that they provided the script that they warned me about.) And they've taken my suggestion to pass word along to ALL......
- Modern Computer Viruses are almost NEVER from whom they claim to be from This is one that I've probably talked about before, but it's worth rehashing because of a call I had this afternoon. A customer had been receiving phone calls and email messages from folks asking that he stop sending them a virus. Essentially all of the viruses were claiming to be......
- Stopping email hoaxes and chain emails... How many times have I seen the same chain email about who knows what... it always ends in something along the lines of "I don't know if this is true, but I figure I don't have anything to lose, so pass it along and let's see what happens." Computers were......
- What Are Some Elements You Have To Add To Your Email Advertising Campaigns To Guarantee High Open Rates? High open rates are the dream of marketers who rely on email marketing and advertising to be able to generate sales, but these men and women generally don't recognize this. One of the reasons is simply because they're not paying careful attention to individual aspects of their campaigns that to......
- FAILSAFE RETIREMENT™ System Winners Tonight I used random.org to generate six numbers at random to determine the six commenters who would win a free copy of the FAILSAFE RETIREMENT™ System. Here is a screen shot of the numbers that were generated: Congratulations to readers Ken, FV, Stan/Darla, Steve, Brad and Debbie for posting the comments......
- FAILSAFE RETIREMENT™ System Winners Tonight I used random.org to generate six numbers at random to determine the six commenters who would win a free copy of the FAILSAFE RETIREMENT™ System. Here is a screen shot of the numbers that were generated: Congratulations to readers Ken, FV, Stan/Darla, Steve, Brad and Debbie for posting the......
- Network administration over the holidays
- How do I email lots of people without all their addresses showing up?
- Junk Mail
- Emails to abuse admins
- Anti phishing information (phighting phishing ?)