Sending Virus or Spam Abuse reports

It occured to me that I may not have brought things to a neat conclusion on the post earlier about tracking email header data. I did make reference to sending an abuse report. Here’s an attempt to clear up a few things that might still be fuzzy.

1) usually the correct address is ab use@ser *(spaces inserted to prevent scraping.) It’s worth checking to verify that is correct for the domain you’re looking to report to (abuse is an email address that is required to be working for a domain.)

2) don’t send reports on every single message, you essentially overwhelm the abuse desks ability to cope. Reserve that for incidents that are a step beyond the normal noise. For instance, multiple messages from the same machine (or a flood) multiple bounces that have been sent in your name (without your ok), threatening messages, the list goes on a bit, but the point is to save this for _serious_ problems.

3) include the message headers of at least one sample (I like to send two headers along just to give corroboration. Since it’s possible to create extra Received: lines it makes an argument much stronger to see two messages with the same originating Received: stamps. In other words it makes it easier to see the “point where the lines meet”.

So the only question I see left is how do I get at the headers?

It varies by mail client. I use Evolution under Linux and with Evolution you go to the View menu, message display and select “show email source”.

Under Kmail/Kontact on Linux you highlight the message and select View, headers, all headers from the main menu.

In Yahoo’s webmail there’s a link when you’re viewing a message to view “full headers” at the right hand side near the top. (If you don’t see it, you may need to troll through the options.)

Microsoft Outlook Express, under windows is a bit trickier… when viewing the list of messages, right click the desired message and select properties, then details and it will show the headers in the box. (It is possible to select and right-click copy from here.) When you’ve opened a message “standalone” (in it’s own window as opposed to the preview mode), you can get to the same box from the file menu, then properties.

In Microsoft Outlook, when viewing the message you have to use that message’s view menu, then select options, and there you should see a box with the headers. (Tested with Outlook 98)

And under Mozilla Thunderbird (for Windows) (not sure if the user interface is identical under linux), you can highlight a message (or open it) and then Select the View menu and “message source” should be near the bottom. (It also has a shortcut ctrl-u) I presume that would work while viewing or previewing a message.

Once you can see the headers, all you have to do is copy and paste them into a brief message. It’s best to be kind to the abuse admins, I suspect they get a lot of abuse themselves, so try and avoid the nasty rants about how their flood of junk from a viral system has paralyzed your work for the day. Straight and to the point is how I usually go.

Subject: Machine in **SERVICE PROVIDER DOMAIN** has been sending a flood of junk|virus mail my way

Hi, my name is Avery and I’ve been receiving a large number of viral/spam messages from a machine that appears to be in the **SERVICE PROVIDER DOMAIN** network. Below you will find headers from two messages that seem to have originated from **IP ADDRESS of sick system**

paste header 1

paste header 2

Thanks for your attention in clearing the matter up,


blah blah blah

I tend to like giving the IP of the system that I suspect in the text to keep them from having to connect the dots themselves. Also, if it’s a virus and I know what virus it is (my mailserver AV scanner named it for instance), then I’ll mention that in the email as well. I feel like if nothing else it gives them a bit more information, gives an idea you have a clue and hopefully helps things to get cleared up quick.

Some providers send a quick auto-response back with general info (Telling what “jurisdiction” this email account has, where to take other specific matters, etc.) Sometimes though you hear nothing at all. I don’t think I’ve ever heard anything back outside of the auto response “thank you for your message” stuff. One provider I’ve dealt with several times is pretty good with their response and I can see the flood stop within 24-48 hours usually. On that point your mileage will likely vary wildly.

Related Posts

Blog Traffic Exchange Related Posts
  • The CIA/FBI virus revisited I'm sure you remember the CIA/FBI virus a few weeks back. There was a German version of this and apparently one individual took the warning email to heart and turned himself in for child pornography. Found this at Sunbeltblog and f-secure. It seems the man got the message and turned......
  • Google filtering some searches It caught me by surprise at first. I had done a search and got the following... "We're sorry... ... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected. We'll......
  • Stopping email hoaxes and chain emails... How many times have I seen the same chain email about who knows what... it always ends in something along the lines of "I don't know if this is true, but I figure I don't have anything to lose, so pass it along and let's see what happens." Computers were......
Blog Traffic Exchange Related Websites
  • Critical Mistakes in Keeping Blog Visitors One of the most critical parts of your blog is the section that is visible in the browser window without requiring any scrolling on the behalf of the visitor. What this means, in no uncertain terms, is that the most important and most critical elements need to be in this......
  • The Online Home Improvement Community There are many home improvement communities around the world these days, but the one that is truly international is the online home improvement community.  This is a community that has been building for the last few years and has now come to the point where it can legitimately claim to......
  • FAILSAFE RETIREMENT™ System Winners Tonight I used to generate six numbers at random to determine the six commenters who would win a free copy of the FAILSAFE RETIREMENT™ System. Here is a screen shot of the numbers that were generated: Congratulations to readers Ken, FV, Stan/Darla, Steve, Brad and Debbie for posting the comments......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Leave a Reply

You must be logged in to post a comment.

Switch to our mobile site