Reporting SPAM

by Joellen Windsor
CCIT Postmaster

Please do report spam. As postmaster, I appreciate receiving reports from our users of unwanted email--commercial and otherwise. I maintain quite a few filters that reject spam messages due to content in the header or the body before messages are even sent to spamassassin. Also, I maintain a "black hole" list of hosts (and zombies) which have sent spam to our site. It's currently stops over 1,000,000 Internet addresses. One of my main sources is reports from our users. Below are instructions for reporting spam to abuse@email.arizona.edu in case you haven't seen it before.

In order for me to take action on spam, I need to have the expanded mail headers. Most spam has forged From: addresses. The expanded headers tell where it really came from. You can expand the headers and report spam in Webmail by simply clicking on the "Report as Spam" button. Instructions for expanding the headers for other mailers are at the SpamCop website (not UA) Not covered at that site:

Pine: use the H command to expand the headers (Turn headers off after forwarding by using the H command again.)

Netscape 7: While reading the message, click on View -> Message Source. Then cut and paste the full headers from the message source window into the body of the forwarded spam.

After you expand the headers, forward the email to abuse@email.arizona.edu.

Spam complaints need to be "timely". A week or two after the fact, the spam is "old news" at the originating site. They've already dealt with the spammer if they are going to. And the spammer has probably already moved on.

Here is the CCIT page on reporting spam.

Some spammers send spam under falsified identities. Often the spammers use security holes to hijack mail hosts to send their spam. These spammers tend to hit-and-run. Their opt-out instructions are complete lies and don't work at all. I try to cut down on the amount of spam we get this way by sending complaints to the Internet Service Provider of the sender since sending bulk email is against the Terms and Conditions of ISP's accounts. I also ban mail hosts which are misconfigured allowing them to be hijacked by spammers. And I can set up systemwide filters to stop email which contains data found in the spam messages.

Other spam comes from commercial bulk email companies using their own mail servers. When spam comes from a commercial bulk email company which is using their own mail hosts and not trying to hide their identity, the opt-out instructions usually work. I use what I find in the expanded mail headers to figure out which type is which. I suggest that, if you are not sure which type you are dealing with, you submit spam to abuse@email.arizona.edu before trying to opt out.

When my investigation indicates that the spam you report comes from a bulk email company, I will try their procedure to "opt out" your email address. I may later ban bulk emailer from sending to email.arizona.edu if they are not responsive to unsubscribe requests.

One exception, I never try to opt out of porn spam. Some of the sites are businesslike--they just unsubscribe you. Others, unfortunately, throw all sorts of objectionable material onto your browser until you have to reboot to get it to stop. For porn spam, I tend to go right to the banning and filtering stage.

by Joellen Windsor
CCIT Postmaster