Vectors & Interfaces
The networking specialist
 About Vectors & Interfaces Network support services Useful resources PC News Contact The support specialist Support Guide

Reporting Senders of Unsolicited Commercial Emails


This is a guide to help you locate the source of the spam mails that you've received and getting the administrators in charge to act on the complaints.

Some spammers are claiming they have bullet-proof hosting, allowing them to host spam friendly sites (spamvertisers) and sending out bulk emails without worrying about their account getting removed.

If you're getting enough spam to fustrate you, this would be the last of your concern, since your email addresses are almost unuseable already. This would a last attempt prior to changing them.

If your getting the same spam written in the same style, it is most proably from the same source, even though the sites advertised may differ.

In Outlook Express, click on the email then press Ctrl F3. The IP address listed in the "Received from" portion of the mail header is the offending source from which the spam is coming from. However, spammers like to obfusticate it by specifying a list of invalid "Received from" lines in the mail headers thus confusing the users.

If this is the case, you can ensure you get the correct address by locating your own IP address by going to http://www.whatismyip.com, then send a email to yourself. Find the line which shows your IP address and find the exact line in the spam which shows the spammers' IP.

Take note of the spammers' IP address.

Next locate the name of the site advertised. Go to a DOS prompt and do a ping followed by the site's name. Take note of the IP in the ping response.

The go to the following registries to locate the abuse report email addresses of both the spam source's IP address and the spammer site's IP address. This is the most incovenient portion of the work, as you may need to go through the list of registries one by one until you find the one that holds the information.

The various IP block owners are as follows;

APNIC, Asia Pacific range which is normally in the range of 2xx.xxx.xxx.xxx except for 200.xxx.xxx.xxx and 201.xxx.xxx.xxx (Latin America).

RIPE, Europe and Mid-East range, 8x.xxx.xxx.xxx, 217.xxx.xxx.xxx, 18x.xxx.xxx.xxx etc.

LACNIC, Latin America and Caribbean range.

AFRNIC, Africa range.

US ARIN, which owns most of the rest of the other IP blocks.

By locating the IP block owner at the above registries, you can send you spam report to relevant admin contact for both the spam source and their hosting company. It is important that you send the original spam mail as attachment since they will need the full header information to act on. Without the full header information, the report could be forged to sabotage anyone.

The final step is find out which registrar the domain name is registered with from Verisign or if the domain name is a .biz domain, you can check who the registrar is at InterNIC. Then go to the URL of the registrar listed and file a abuse report via their contact us or abuse report page.

This final portion will get the spamvertiser's site removed if they're proven to be spamming. All these may be a lot of work but it can be rather effective as the spammer will lose his Internet connection, his domain name and his site and will not be unable to sell his products.

Be wary that there are some rogue registrars that are just desperate for customers to an extend that they will ignore spam complaints.

If you feel that a particular registrar is happily working with a spammer, you may also file a report against them at this Form for Reporting Rogue Registrar.