It occured to me that I may not have brought things to a neat conclusion on the post earlier about tracking email header data. I did make reference to sending an abuse report. Here’s an attempt to clear up a few things that might still be fuzzy.
1) usually the correct address is ab use@ser viceproviderordomain.com *(spaces inserted to prevent scraping.) It’s worth checking to verify that is correct for the domain you’re looking to report to (abuse is an email address that is required to be working for a domain.)
2) don’t send reports on every single message, you essentially overwhelm the abuse desks ability to cope. Reserve that for incidents that are a step beyond the normal noise. For instance, multiple messages from the same machine (or a flood) multiple bounces that have been sent in your name (without your ok), threatening messages, the list goes on a bit, but the point is to save this for _serious_ problems.
3) include the message headers of at least one sample (I like to send two headers along just to give corroboration. Since it’s possible to create extra Received: lines it makes an argument much stronger to see two messages with the same originating Received: stamps. In other words it makes it easier to see the “point where the lines meet”.
So the only question I see left is how do I get at the headers?
It varies by mail client. I use Evolution under Linux and with Evolution you go to the View menu, message display and select “show email source”.
Under Kmail/Kontact on Linux you highlight the message and select View, headers, all headers from the main menu.
In Yahoo’s webmail there’s a link when you’re viewing a message to view “full headers” at the right hand side near the top. (If you don’t see it, you may need to troll through the options.)
Microsoft Outlook Express, under windows is a bit trickier… when viewing the list of messages, right click the desired message and select properties, then details and it will show the headers in the box. (It is possible to select and right-click copy from here.) When you’ve opened a message “standalone” (in it’s own window as opposed to the preview mode), you can get to the same box from the file menu, then properties.
In Microsoft Outlook, when viewing the message you have to use that message’s view menu, then select options, and there you should see a box with the headers. (Tested with Outlook 98)
And under Mozilla Thunderbird (for Windows) (not sure if the user interface is identical under linux), you can highlight a message (or open it) and then Select the View menu and “message source” should be near the bottom. (It also has a shortcut ctrl-u) I presume that would work while viewing or previewing a message.
Once you can see the headers, all you have to do is copy and paste them into a brief message. It’s best to be kind to the abuse admins, I suspect they get a lot of abuse themselves, so try and avoid the nasty rants about how their flood of junk from a viral system has paralyzed your work for the day. Straight and to the point is how I usually go.
Subject: Machine in **SERVICE PROVIDER DOMAIN** has been sending a flood of junk|virus mail my way
Hi, my name is Avery and I’ve been receiving a large number of viral/spam messages from a machine that appears to be in the **SERVICE PROVIDER DOMAIN** network. Below you will find headers from two messages that seem to have originated from **IP ADDRESS of sick system**
paste header 1
paste header 2
Thanks for your attention in clearing the matter up,
blah blah blah
I tend to like giving the IP of the system that I suspect in the text to keep them from having to connect the dots themselves. Also, if it’s a virus and I know what virus it is (my mailserver AV scanner named it for instance), then I’ll mention that in the email as well. I feel like if nothing else it gives them a bit more information, gives an idea you have a clue and hopefully helps things to get cleared up quick.
Some providers send a quick auto-response back with general info (Telling what “jurisdiction” this email account has, where to take other specific matters, etc.) Sometimes though you hear nothing at all. I don’t think I’ve ever heard anything back outside of the auto response “thank you for your message” stuff. One provider I’ve dealt with several times is pretty good with their response and I can see the flood stop within 24-48 hours usually. On that point your mileage will likely vary wildly.
Related PostsRelated Posts
- Progress... Well, things are shaping up a little better today on some fronts. My webhosting provider apologized for the offensive tone of the subject of their message to me. (Given that they provided the script that they warned me about.) And they've taken my suggestion to pass word along to ALL......
- Microsoft Outlook - duplicate email messages Part I This will likely be a multi-part story because it turns out the solution was one of the more obscure things I think I've run into AND I thought it was worth "dumping" everything I found out in the process here for my own reference and anyone else wandering through. I......
- Postgrey and the power of Greylisting to fight Spam Wow.... Let me just say that I have typically been inundated with junk mail on my primary address. It's associated with this domain and has been hosted in an older sendmail setup for quite some time (not really by choice, but because that's what was installed on the old vps.)......
- Spread your Company's Marketing Message through Corporate Blogging Creating a marketing message is a lot like building a house of cards: The building process can take a long, painstaking amount of time, however it can take mere moments to send everything tumbling. Sometimes all it takes is a single piece of thoughtless communication to completely contradict your......
- Joseph Sangl: I Was Broke, Now I'm Not A couple of months ago, a frequent commenter sent me an interesting e-mail. Joseph Sangl said he was going through the process of writing a book. Two weeks ago, his book arrived in the mail. There are a few bloggers with book deals, but this is the first book from......
- FAILSAFE RETIREMENT™ System Winners Tonight I used random.org to generate six numbers at random to determine the six commenters who would win a free copy of the FAILSAFE RETIREMENT™ System. Here is a screen shot of the numbers that were generated: Congratulations to readers Ken, FV, Stan/Darla, Steve, Brad and Debbie for posting the......
- Network administration over the holidays
- How do I email lots of people without all their addresses showing up?
- Junk Mail
- Emails to abuse admins
- Anti phishing information (phighting phishing ?)