Section 5 - Basic Spamfighting

5.1 I've received some spam... what can I do?

Most people ignore the spam they receive. They either don't have the time or the expertise to deal with it. Their decision is understandable, but in the end inaction only helps the spammers because they can point to statistics and say "I sent my spam to 7 million email addresses and only 190 people complained so the other 6,999,810 must have been happy to receive it".

Alternatively, spam-victims might try to use a spam's "remove address". The concept here is that by sending a message to a given email address you will tell the spammer to remove you from their mailing list. However, these things almost universally fail to work. In the rare cases where your "remove request" actually reaches the spammer, they'll just take it as an indication that email sent to your address is actually read by a human, and thus your address becomes _more_ valuable to them, and they send you _more_ spam.

The best thing to do is: complain, complain, complain! Most ISPs have Terms of Service (or Acceptable Use Policies) that forbid spamming, so if you can tell the spammer's ISP that their customer broke these rules, then you can get the spammer's account cancelled! As well as giving you personal satisfaction, this will serve as a deterrent to this and other spammers, and with any luck prevent him from profiting in any way from his spam.

(As an aside, an ISP will sometimes try to "educate" a spammer before terminating their account, as sometimes a company will send a spam without considering the issues involved. This topic is explored in the second part of this FAQ, "The Evils of Spam".)

5.2 How can I find a spammer's ISP?

The tricky bit is working out just who is the spammer's ISP. The address in the "From:" field is almost certainly forged in order to throw you off the scent (and may even belong to an innocent third-party), so you have to learn to read the "full message headers", which are a bit like a log of an email message's travels through the internet. The spammer will try to forge these too, but in most cases it's still pretty easy to work out which ISP the message came from.

Header-reading is beyond the scope of this document, but here are a few links where you can find out more:

BUT... when complaining, please remember that the people at the spammer's ISP are not the bad guys. They didn't know their customer would turn out to be a spammer. There is a great temptation to fire off a few pages of verbal abuse, but remember that you are angry with the spammer, not the abuse staff at his ISP. The spammer will have abused them too, probably breaking their Terms of Service. And there is nothing an ISP can do to prevent, completely, any chance of Internet abuse emanating from their machines. So be polite. Point out what has happened without dramatic or obscenity-clad embellishment. Hostile or infantile behaviour will do you no good at this stage.

If the abuse staff sends you a response that is blatantly offensive, then it may be time to revise your opinion of them (although always be aware of the potential for a misunderstanding), but you should start out from the assumption that these people are your friends.

Most abuse departments won't act against a spammer until a non-trivial number of complaints have been received. This is because people sometimes forget that they have signed up for legitimate mailing lists or requested other types of email, and complain about it as spam. If you are convinced that a message was spam but the spammer's ISP claims that it wasn't, then there are further steps you can take. We will discuss these in later sections of this document.

5.3 Can I do anything about a spammer's website?

Assuming that the ISP agrees to take action, the spammer's account with that ISP will often be cancelled. Unfortunately, the spammers have caught on that their accounts rarely last long after they send their spam, so they've taken to using cheap "throw-away" accounts, opened solely for the purpose of sending spam which advertises ("spamvertises") websites held on other providers. The spamming accounts will get cancelled soon after the spam-run is complete, but the website will remain intact and thus the spammer can safely benefit from their spam (in terms of sales over the web, or clicks on banner advertisements, or whatever). That's the idea, at any rate.

Largely, this doesn't work as most web-hosting companies have clauses in their Terms of Service forbidding the use of spam to advertise the websites they host. Sending a quick complaint to the hosting company will often result in the spammer's website being removed.

But how to find the web-hosting company? The spammers may try to conceal this, but there's one snag - they want potential customers to reach their website, which means that the website's URL is probably somewhere in the spam. Once you find it, you can use tools like "traceroute" and "whois" to work out who's hosting the site. Here are some useful online versions of these tools:

But if you'd prefer to run them from your desktop, rather than surfing over to a webpage every time you want to run a traceroute, then you can download versions of the tools from these links:

"traceroute" is a tool that gives you the list of machines on the Internet, where a message sent from the source machine to another machine would pass through. "Whois" is a tool for looking up the owner of a domain or IP address. A detailed look at either of these is beyond the scope of this document, but again here are some useful links:

NOTE: Make sure you know what you're doing before you start writing complaints based on the results of tools like "traceroute" or "whois", as it's very easy to make mistakes. In particular, don't automatically email every email address you see in a whois output - sometimes these are merely the writers of the whois servers! If in doubt, ask in the newsgroup for confirmation.

Spammers will often try to obscure the true address of their website by spamvertising the address of an intermediate site or giving the address in an obscure format, but in most cases it's pretty easy to work through their tricks. We'll look at this in more detail in section 1.3.1.

Using the result of a "whois" or "nslookup" tool, you can also find out whose providing nameservers or DNS services for a spammer's domain. These are just as vital to the website's operation as the web-hosting company - you may wish to complain about the spammer's activities to them as well.

5.4 What if the spam doesn't include a website?

Alternatively, the spam may not advertise a website and will instead be soliciting replies by email. You can use the techniques described above to work out who is hosting this email address ("drop-box") and complain to the provider, which will probably cancel the spammer's email account. Good, eh?

5.5 What if the spam doesn't even include an email address?

A few spammers - particularly chain-letter spammers - don't include any electronic ways of contacting them, giving only a postal address or a telephone number in their spams. In these cases, there tends to be less you can do.

Most postal addresses found in spams will actually be P.O. boxes (e.g. Mailboxes Etc). Some of these mailbox providers may have rules against business use or certain types of business uses (e.g. chain letters or MLM); if so and you complain, they may take action.

In fact, chain letters soliciting money are illegal pyramid schemes in many countries, so reporting them to the authorities may be a good idea. For example, in the United States you can forward such chain letters to your local postmaster or postal inspector, or the postmaster/postal inspector local to each address on the chain letter, or present them to the clerk at your local post office saying "I received this illegal chain letter asking for money". You can also send them by email to or

Incidentally, I do NOT recommend making personal visits to addresses advertised in spams. Nothing good can come of such episodes. If you desperately want to contact the spammer, send him a letter.

Many spams will include phone numbers you're supposed to call for more information. Sometimes these will play recorded messages giving the address of a website or an email address, in which case you can complain to the relevent ISP as usual. In other cases, it can be worthwhile checking the type of phone number it is - many spammers give premium-rate numbers and don't include legally required warnings, in which case you can complain the provider or the regulator or whatever is relevant to the locality. (On this note, _always_ check the call charges before calling a spamvertised phone number. If in doubt, don't call it.)

Note that in many countries, a freephone number can still detect your number even if you have call blocking enabled. Use a pay-phone if this worries you.

By the way, if you call a spammer's phone number and actually reach the spammer or his family, DON'T be abusive. It does no good and only makes the spammer feel like the victim.

(Well that's all I know. Can anyone think of anything more for this section?)

5.6 Who else can I complain to?

The key with most spamfighting is summed up by this simple motto: "Follow the Money". Have a look at the spam and the spammed website and see how the spammer's intending to earn off it. Is he using an external merchant to charge credit cards? If so, complain to them and often they'll stop dealing with the spammer. Does he have banner ads? If so, complain to the suppliers of the banner ads. If there's a form on the spammer's website that sends information to an email address, complain to the ISP of that email address. Most legitimate businesses on the Internet aren't keen to sully their reputations by working with spammers.

Remember: always be polite. The ISPs are not your enemies and a single polite word will get you a lot farther than a screenful of abuse.

As an aside, the U.S. Federal Trade Commission has a project for analysing and classifying spam, and have invited Internet users to forward their spam to This won't help you in the short-term but it could be of long-term benefit in the fight against spam. They also occaisionally take action against outright scams that are reported in this way.

5.7 What email address do I complain to?

At most ISPs, the address for sending complaints is "abuse@<isp-domain>, e.g. or However, a few ISPs have non-standard abuse department email addresses; in these cases it can be hard to know where to send your complaint. To the rescue comes; a database of ISP abuse addresses. It can even forward complaints automatically to the relevant abuse addresses if you supply the complaint and the name of the Internet provider! Have a look at

5.8 Can't this all be automated?

All this reading headers, working out webhosting providers, and so forth is a pain. Spamcop is a service that aims to automate this process; you give it your spam and it writes and mails the complaint for you.

Spamcop has a reputation for sending complaints to a few incorrect places, so you have to keep an eye on what it's doing, but if you think you might find it useful, then have a look at (Note that has no relation to

5.9 Should I hack into the spammer's computer?

No; hacking is very seriously frowned upon by most of the anti-spamming community. Apart from the fact that it's illegal, it allows the spammers to portray themselves as honest businessmen being assaulted by electronic terrorists. If we are to eliminate spam it is important that we retain the moral high ground.

Copyright © 2002-2023 by SORBS | Terms & Conditions | Privacy Policy