Let us help YOU get to the inbox like we've helped these others!
Here’s how to report spam to the source host (in other words the platform that is hosting the spammer and through which they are sending their spam). The flip side of what we do here at Get to the Inbox by SuretyMail, which is certifying good senders, is nuking bad senders, i.e. spammers. Here is how to do that.
Before we get to how to report a spammer, first let’s distinguish between different types of spam. There is:
1. Email you receive from a company with whom you have done business or made an inquiry, but did not sign up to be on their mailing list.
2. Email you receive from a legitimate company with whom you have never done business.
3. Email you receive from non-legitimate sources.
With respect to type 1, email you receive from a company with whom you’ve done business or made an inquiry – as much as we hate to say it, the simplest thing for you is to just hit the ‘unsubscribe’ link. Yes, you shouldn’t have to unsubscribe from something to which you never signed up in the first place, but it is the easiest way to dispense with getting those mailings, the assumption being that legitimate companies will honor your opt-out request. Don’t forget that under Federal law, those companies have ten days to remove you from their list, so you may keep getting their spam for a week or so.
Type 2 email, that which you receive from a legitimate company with whom you have never done business, is even more annoying, because you never even contacted this company, and here they are spamming you. Nonetheless, if they are a company you know, the easiest thing to do is to unsubscribe. But you may not want to do the easiest thing, you may be annoyed enough at them for spamming you that you may want to let their email service providers and ISPs know that they are spamming. That they somehow acquired your email address and added it to their mailing list with no contact, let alone consent, from you. If so, read on.
Type 3 email, email you receive from non-legitimate (by which we mean not known to you or the average person) source, is the most problematic, but often the most satisfying to report. That said, Type 3 email falls into two subcategories: email from a source that seems as if it could be legitimate, but clearly how they got your email address was not legitimate; and email from purely ultra-spammy, shady characters (such as herbal supplement or prescription drug spam). Note that this last type of spam is also often a, or even carrying malware, so for someone who is not a cyber professional it’s best to just delete it and forget it.
An example of the first subcategory – email from a source that seems as if it could be legitimate, but clearly how they got your email address was not legitimate – would be a spam like this (this is a real spam from our archives):
From: Retail Gazette newsletter @newsletter.retailgazette.co.uk
Subject: Sales of FMCG goods rise 3% across Europe – Latest Retail News
Date: November 22, 2013 1:01:12 AM MST
Sales of FMCG goods rise 3% across Europe
Fast-moving consumer goods (FMCG) sales for the third quarter of 2013 rose 3 per cent from 1.2 per cent compared to the same period last year, according to Nielson. The global insights firm said that the rises were driven by 2.8 per cent inflation and a 0.2 per cent rise in sales volumes. Turkey experienced the highest nominal year-on-year sales growth (+9.5 per cent) in Q3 among the 21 European countries measured, followed by Portugal (+6.6 per cent) and Norway (+4.2 per cent).
Mind you, we had this spammer nuked, and yes it was very satisfying.
We assume that everyone has received and can identify spam which would fall into the second category, email from purely ultra-spammy, shady characters (such as herbal supplement or prescription drug spam).
So, for the average person who wants to get into reporting spammers, we recommend reporting spam from category 3, and maybe from category 2, depending on your preferences.
In order to report a spammer, you need to ascertain through what services they are sending the spam. You will want to determine what website (if any) they are advertising in their spam, and who are the providers who are provisioning that website. What we mean by the latter is who is the domain registrar for the website, and who is hosting the website.
If the spammer is using an email service provider (“ESP”), the easiest way to find out which ESP they are using is to hover over any included unsubscribe link, to see where it leads.
We did this and found that the spammer was using the ESP called SilverPop through which to send their spam, so we knew to report this particular spammer to ab***@si*******.com.
“abuse” is the industry standard for the email address that all Internet companies should have set up for the purpose of receiving complaints about things such as spam coming from their system. This is known as a “role account” (other common role accounts include ‘postmaster’ and ‘info’).
At this point, if you have reported the spammer to their ESP, you will have done more than 90% of the spam recipients out there, and you may want to stop there. But be aware that what is most likely to happen is that the spammer will just go to another ESP. Which is why we also always make sure to get the spammer’s webhost in on the game.
To determine who is the spammer’s webhost (i.e. the platform on which the spammer’s website is being hosted), we like to use a service called SecurityTrails’ DNS Trails. You just paste in the URL of the website and it will tell you where it is hosted, and even the IP address on which their website is hosted.
This tells us that this spammer’s website is being hosted by 34SP.com, and is hosted on IP address 22.214.171.124.
What this means is that you can now send your spam complaint to not only their ESP (SilverPop) but to the host of the website that they are advertising in their spam.
It is important to understand that the more information you can provide up front in your spam complaint, the more effective it will be.
And that leads us to the last part of our tutorial: finding the headers in the spam, and including them in your complaint.
All spam complaints need to include a copy of the offending email, including the full headers. And if the spam was not sent through an ESP, but directly from the spammer’s computer, those headers may be the only way to determine where to send your spam complaint.
Now, email headers are those things that include the routing information for the email: who sent it, to whom they sent it, the subject, etc..
But those are only the things that everybody sees when they open an email that they have received. There are ‘hidden’ headers as well – i.e. headers that are not displayed when you open an email to read it. These headers tell the complete story of the journey that email took to reach you – every computer and routing system and route that it took, from the moment the spammer clicked “send” up until the moment it was delivered to your inbox.
Nearly all email programs (Outlook, Apple Mail, etc.) and email providers (Gmail, Yahoo, etc.) provide a way to see your full headers. (See our tutorial on how to find your email headers here.)
Here are the full email headers from a piece of spam we recently received (note that this fake confirmation was for something that nobody ever requested be sent to us):
From: “Sierra Consultants”
Subject: Please confirm your subscription to Sierra Consultants’ Newsletter!
Date: November 20, 2013 11:23:53 AM MST
Received: by 10.112.210.225 with SMTP id mx1csp375487lbc; Wed, 20 Nov 2013 10:24:23 -0800 (PST)
Received: (qmail 9931 invoked from network); 20 Nov 2013 18:24:21 -0000
Received: (qmail 9929 invoked by uid 30297); 20 Nov 2013 18:24:21 -0000
Received: from unknown (HELO p3plibsmtp01-06.prod.phx3.secureserver.net) ([126.96.36.199]) (envelope-sender
Received: from p3plsmtp22-01.prod.phx3.secureserver.net ([188.8.131.52]) by p3plibsmtp01-06.prod.phx3.secureserver.net with bizsmtp id ruQF1m00l19tJ5w01uQFsW; Wed, 20 Nov 2013 11:24:15 -0700
Received: (qmail 23238 invoked from network); 20 Nov 2013 18:24:15 -0000
Received: (qmail 22368 invoked by uid 30297); 20 Nov 2013 18:23:54 -0000
Received: from unknown (HELO p3pismtp01-049.prod.phx3.secureserver.net) ([184.108.40.206]) (envelope-sender
Received: from drone168.ral.icpbounce.com ([220.127.116.11]) by p3pismtp01-049.prod.phx3.secureserver.net with ESMTP; 20 Nov 2013 11:23:54 -0700
X-Received: by 10.68.163.132 with SMTP id yi4mr2124698pbb.152.1384971863002; Wed, 20 Nov 2013 10:24:23 -0800 (PST)
Received-Spf: pass (google.com: domain of SRS0=gFqF=U5=bounce.secureserver.net=srs0=7qon=u5=icpbounce.com=bounces+12*********************@bo****.net designates 18.104.22.168 as permitted sender) client-ip=22.214.171.124;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of SRS0=gFqF=U5=bounce.secureserver.net=srs0=7qon=u5=icpbounce.com=bounces+12*********************@bo****.net designates 126.96.36.199 as permitted sender) smtp.mail=SRS0=gFqF=U5=bounce.secureserver.net=srs0=7qon=u5=icpbounce.com=bounces+12*********************@bo****.net; dkim=pass firstname.lastname@example.org
Content-Type: multipart/alternative; boundary=”cdf82e78-582d-4a55-9037-dacf81ae37d3″
Generally speaking, the bottom-most domain address that you see in the headers will be from where the spam originated. In this case, it was sent from a mail server calling itself “icpbounce.com”, and it’s pretty clear that this is owned by “icontact.com”, in fact the headers saying “list-unsubscribe” clearly show that you can unsubscribe via icontact.com. icpbounce.com is one of iContact’s servers.
At the top of the headers, you can see that the spam was sent to an email address at dearesq.com.
Everything in between is the routing that it took to get from iContact’s server to the inbox at dearesq (some of the intermediate headers show various checks and authentications that took place along the way).
You don’t have to worry about most of this information (unless you are looking in the headers to figure out where to send your complaint), you simply have to include these headers with your complaint, because the companies to whom you are complaining will need them.
After you send in your complaint, you may never hear from the companies to whom you sent your complaint. This doesn’t mean that they haven’t acted on it – some companies are just too busy, too understaffed, or too small to answer every spam complaint individually. But some companies do respond, and every once in a while you will get a response like this:
Thanks for bringing this to our attention. We take spam prevention very seriously. We have filters that put suspicious emails into a queue to be inspected by our Spam and Fraud team. We subscribe to the Spamhaus blacklist so that we can weed out emails containing blacklisted domains. We also block on a number of other vectors (suspicious phrases, known bad Reply-To addresses, etc.).
I’m recommending to our team that we remove this user’s ability to send email.
And that is a very satisfying result.