Top Navigation Bar

Fight Back

Keeping Spam at Bay


When you receive an unsolicited e-mail that you know you didn't ask for, report it! Effectively fighting spam is not a quick-and-dirty process. There is some detective work involved, and some technical know-how needed. Don't worry. The more you do it, the more you learn. Here are some tips to help you get into the nitty-gritty of tracing spam.

First, you need to view the header of the e-mail to find out where to report it to. This is almost always hidden from view by your e-mail application. You usually have to give some sort of command to view the header information. See the documentation for your e-mail client.

Once your have the header, look for the first IP address that is included in brackets, such as []. This is usually near the very beginning, and is the most reliable method of uncovering the true source of the e-mail. Your ISP puts this number there, so it can't be forged. Most spammers "forge" the rest of the headers to trick you into thinking that the e-mail came from somewhere else, so it's not much use reading beyond this address.

Now you must find out who is behind this IP address. This information will tell you the ISP that hosts this address. If you don't have the proper tool, try going to the Network Tools web site and performing an "Express Trace" on the address. This site performs an Internet trace, a domain-server lookup, and finally a registration lookup. It is the registration at the end that will usually tell you the ISP behind the IP address.

Now that you have the ISP, forward the offending e-mail to the ISP at the address, where "isp" is the name of the ISP that you found. Most spam attempts to hide the source to avoid being reported, because most ISP's will kick the spammer off immediately. Most important: make sure you forward the original message, preferably as an attachment, to the abuse addresses. This will preserve the header and allow the ISP(s) to analyze the offending document. Also, copy the subject of the original e-mail into the subject of your complaint e-mail. Finally, in your message, type a brief message complaining about the unsolicited e-mail, and asking the ISP to take action according to their policies on such e-mail. Here is the text I use, placing the offender's IP address within the square brackets:

Attached is a piece of unsolicited e-mail that I just received through your service [IP ADDRESS]. Please take action according to your policies on "spam". Thank you.

If you are ambitious, and want to give the spammer more headaches, then dig into the message itself and find any links that the spammer provided for responses. It's most useful to view the source of the message. See your e-mail client's manual on how to do this. These links will usually be "obfuscated" (a popular geek term meaning "garbled".) There are a ton of tricks they can use to make the address hard to read. But remember, if the browser can decode it, then so can you.

Once you have the ISP that hosts the "response" site, send a message to them, too. Send it to all of the addresses,, and Most e-mail clients let you send one message to many addresses at once. Tell them that the site has been set up to receive responses to spam. Many will shut the site down.

But wait! There's more! Spammers have taken to using "relay" web sites to get you to their "real" web site. These are temporary web sites that are set up to forward you to the final destination. This temporary web site takes all of the fire from spam complaints, and eventually gets shut down; the spammer will just set up another one. If you save the target page to a file, instead of browsing to it, you can view the file and see where it is sending you to.


Spam Recycling Center

You can also send your spam to the Spam Recycling Center. They keep statistics to help anti-spam legislation and other efforts. Forward it as an attachment to Make sure the subject is the same as the original spam's subject. Forwarding the e-mail as an attachment gives them an unaltered copy to work with.

Spam Cop

Unfortunately, they don't report the spam to the ISP involved. If you want to try a tool that automatically picks apart your spam and provides you with a ready-made report to send to the ISP's it finds, try Spam Cop. Unfortunately, Spam Cop will just report relay web sites, and will not follow the links on them. If you don't want to spend hours picking apart your spam by hand, Spam Cop offers a good compromise between thorough hand-investigation and just deleting the junk. If you pay a fee, you get to insert any more information and reporting addresses that you may uncover.


You may get a response back, but more often you may not. The more you fight back, the harder you make it for these spammers to stay in business. Eventually, you will notice that the amount of spam coming into your e-mail box is starting to dwindle. This is a sure sign of success! Keep it up! Keep the spam and the replies in a folder in your e-mail client as notches in your belt.

Make sure you don't report legitimate lists that you have subscribed to; this just makes trouble and the ISP and the listmaster won't like you very much afterward. Most legitimate e-mails from list servers have a short piece of text in the e-mail explaining themselves, how you got yourself subscribed, and how to unsubscribe.


Currently, there are not any federal laws specifically aimed at spam. Some states, such as Washington, have created laws against it. If you live in one of these states, it is up to you to enforce these laws. One person is doing just that. Check out Ben Livingston's site at He has successfully sued some spammers in small claims court, and is going after more. There is also an article in InfoWorld about Ben's efforts. Use this for inspiration.

Back to Spam Page