Sending Virus or Spam Abuse reports

It occured to me that I may not have brought things to a neat conclusion on the post earlier about tracking email header data. I did make reference to sending an abuse report. Here’s an attempt to clear up a few things that might still be fuzzy.

1) usually the correct address is ab use@ser *(spaces inserted to prevent scraping.) It’s worth checking to verify that is correct for the domain you’re looking to report to (abuse is an email address that is required to be working for a domain.)

2) don’t send reports on every single message, you essentially overwhelm the abuse desks ability to cope. Reserve that for incidents that are a step beyond the normal noise. For instance, multiple messages from the same machine (or a flood) multiple bounces that have been sent in your name (without your ok), threatening messages, the list goes on a bit, but the point is to save this for _serious_ problems.

3) include the message headers of at least one sample (I like to send two headers along just to give corroboration. Since it’s possible to create extra Received: lines it makes an argument much stronger to see two messages with the same originating Received: stamps. In other words it makes it easier to see the “point where the lines meet”.

So the only question I see left is how do I get at the headers?

It varies by mail client. I use Evolution under Linux and with Evolution you go to the View menu, message display and select “show email source”.

Under Kmail/Kontact on Linux you highlight the message and select View, headers, all headers from the main menu.

In Yahoo’s webmail there’s a link when you’re viewing a message to view “full headers” at the right hand side near the top. (If you don’t see it, you may need to troll through the options.)

Microsoft Outlook Express, under windows is a bit trickier… when viewing the list of messages, right click the desired message and select properties, then details and it will show the headers in the box. (It is possible to select and right-click copy from here.) When you’ve opened a message “standalone” (in it’s own window as opposed to the preview mode), you can get to the same box from the file menu, then properties.

In Microsoft Outlook, when viewing the message you have to use that message’s view menu, then select options, and there you should see a box with the headers. (Tested with Outlook 98)

And under Mozilla Thunderbird (for Windows) (not sure if the user interface is identical under linux), you can highlight a message (or open it) and then Select the View menu and “message source” should be near the bottom. (It also has a shortcut ctrl-u) I presume that would work while viewing or previewing a message.

Once you can see the headers, all you have to do is copy and paste them into a brief message. It’s best to be kind to the abuse admins, I suspect they get a lot of abuse themselves, so try and avoid the nasty rants about how their flood of junk from a viral system has paralyzed your work for the day. Straight and to the point is how I usually go.

Subject: Machine in **SERVICE PROVIDER DOMAIN** has been sending a flood of junk|virus mail my way

Hi, my name is Avery and I’ve been receiving a large number of viral/spam messages from a machine that appears to be in the **SERVICE PROVIDER DOMAIN** network. Below you will find headers from two messages that seem to have originated from **IP ADDRESS of sick system**

paste header 1

paste header 2

Thanks for your attention in clearing the matter up,


blah blah blah

I tend to like giving the IP of the system that I suspect in the text to keep them from having to connect the dots themselves. Also, if it’s a virus and I know what virus it is (my mailserver AV scanner named it for instance), then I’ll mention that in the email as well. I feel like if nothing else it gives them a bit more information, gives an idea you have a clue and hopefully helps things to get cleared up quick.

Some providers send a quick auto-response back with general info (Telling what “jurisdiction” this email account has, where to take other specific matters, etc.) Sometimes though you hear nothing at all. I don’t think I’ve ever heard anything back outside of the auto response “thank you for your message” stuff. One provider I’ve dealt with several times is pretty good with their response and I can see the flood stop within 24-48 hours usually. On that point your mileage will likely vary wildly.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Outlook - duplicate email messages Part I This will likely be a multi-part story because it turns out the solution was one of the more obscure things I think I've run into AND I thought it was worth "dumping" everything I found out in the process here for my own reference and anyone else wandering through. I......
  • Postgrey and the power of Greylisting to fight Spam Wow.... Let me just say that I have typically been inundated with junk mail on my primary address. It's associated with this domain and has been hosted in an older sendmail setup for quite some time (not really by choice, but because that's what was installed on the old vps.)......
  • Modern Computer Viruses are almost NEVER from whom they claim to be from This is one that I've probably talked about before, but it's worth rehashing because of a call I had this afternoon. A customer had been receiving phone calls and email messages from folks asking that he stop sending them a virus. Essentially all of the viruses were claiming to be......
Blog Traffic Exchange Related Websites
  • Joseph Sangl: I Was Broke, Now I'm Not A couple of months ago, a frequent commenter sent me an interesting e-mail. Joseph Sangl said he was going through the process of writing a book. Two weeks ago, his book arrived in the mail. There are a few bloggers with book deals, but this is the first book from......
  • What Are Some Elements You Have To Add To Your Email Advertising Campaigns To Guarantee High Open Rates? High open rates are the dream of marketers who rely on email marketing and advertising to be able to generate sales, but these men and women generally don't recognize this. One of the reasons is simply because they're not paying careful attention to individual aspects of their campaigns that to......
  • FAILSAFE RETIREMENT™ System Winners Tonight I used to generate six numbers at random to determine the six commenters who would win a free copy of the FAILSAFE RETIREMENT™ System. Here is a screen shot of the numbers that were generated: Congratulations to readers Ken, FV, Stan/Darla, Steve, Brad and Debbie for posting the comments......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Leave a Reply

You must be logged in to post a comment.

Switch to our mobile site