Spam reporting
Encyclopedia
Spam reporting, more properly called abuse reporting, is the activity of pinning abusive messages and report them to some kind of authority so that they can be dealt with. Reported messages can be email messages, blog comments, or any kind of spam
.
varies by country, forbidding abusive behavior to some extent. Spammers' behavior also ranges from somehow forcing users to opt-in
, or cooperatively offering the possibility to opt-out (including FBLs
), to wildly hiding the sender's identity (including phishing
). Abuse reports can be sent by email, unless a mailbox implementation provides for more direct means. The target address of an abuse report obviously depends on which authority the abusive message is going to be reported to. Choices include the following:
The first three methods provide for full email addresses to send reports to. Otherwise, target abuse mailboxes can be assumed to be in the form defined by RFC 2142 (abuse@example.com), or determined by querying either the regional Internet registry
's whois
databases —which may have query result limits— or other databases created specifically for this purpose. There is a tendency to mandate the publication of exact abuse POCs.
Abused receivers can automate spam reporting to different degrees: they can push a button when they see the message, or they can run a tool that automatically quarantines and reports messages that it recognizes as spam. When no specific tools are available, receivers have to report abuse by hands; that is, they forward the spammy message as an attachment —so as to include the whole header— and send it to the chosen authority. Mailbox providers can also use tools to automatically process incidents notifications.
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
.
Email spam reporting
E-mail spam legislationE-mail spam legislation by country
The following table represents laws in respective countries which restrict the use of Email spam.Note: Countries marked with red are listed in the Spamhaus' Worst Spam Origin Countries....
varies by country, forbidding abusive behavior to some extent. Spammers' behavior also ranges from somehow forcing users to opt-in
Opt in e-mail
Opt in email is a term used when someone is given the option to receive "bulk" email, that is, email that is sent to many people at the same time. Typically, this is some sort of mailing list, newsletter, or advertising...
, or cooperatively offering the possibility to opt-out (including FBLs
Feedback Loop (email)
A feedback loop , sometimes called a complaint feedback loop, is an inter-organizational form of feedback by which an Internet service provider forwards the complaints originating from their users to the sender's organizations. ISPs can receive users' complaints by placing report spam buttons on...
), to wildly hiding the sender's identity (including phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
). Abuse reports can be sent by email, unless a mailbox implementation provides for more direct means. The target address of an abuse report obviously depends on which authority the abusive message is going to be reported to. Choices include the following:
- A public reporting hub, or global reputation tracker, such as SpamCopSpamCopSpamCop is a free spam reporting service, allowing recipients of unsolicited bulk email and unsolicited commercial email to report offenders to the senders' Internet Service Providers , and sometimes their web hosts...
. Different degrees of skill are required to properly interact with different hubs. - The domain-specific reporting hub is the recommended choice for end users. If provided, it should be accessible by a visible button or menu item in the mail client.
- A feedback loop subscriber can be selected as a target by a mailbox provider after receiving an end-user report. Users should be aware of their provider's policy.
- The abuse POCPoint of contactA Point of Contact is the identification of, and means of communication with, person and organizations associated with the resource...
of an authenticated domain who handled the reported message. DKIMDomainKeys Identified MailDomainKeys Identified Mail is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients...
is the usual authentication protocol, but SPFSender Policy FrameworkSender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...
can be used in the same way. A mailbox provider choice. - The abuse POCPoint of contactA Point of Contact is the identification of, and means of communication with, person and organizations associated with the resource...
for the IP addressIP addressAn Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
of the last relay. Some skill is required to properly locate such data. This is the default choice for a mailbox provider whose server had received the abusive message (before the recipient reported it) and annotated the relevant IP address. There are various sites who maintain POC databases, such as Network Abuse ClearinghouseNetwork Abuse ClearinghouseThe Network Abuse Clearinghouse, better known as abuse.net, maintains a contact database for reporting misuse on the Internet. It makes entries from the database available , and provides an intermediary service for registered users to forward complaints by e-mail.-See also:* Anti-spam techniques *...
, Abusix, and more. There is also a hierarchy of delegations at the relevant RIRRegional Internet registryA regional Internet registry is an organization that manages the allocation and registration of Internet number resources within a particular region of the world...
, and each corresponding WhoisWHOISWHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores...
record may include a POC, either as a remark or as a more specific database object, e.g. an Incident response teamIncident Response TeamAn incident response team or emergency response team is a group of people who prepare for and respond to any emergency incident, such as a natural disaster or an interruption of business operations. Incident response teams are common in corporations as well as in public service organizations...
.
The first three methods provide for full email addresses to send reports to. Otherwise, target abuse mailboxes can be assumed to be in the form defined by RFC 2142 (abuse@example.com), or determined by querying either the regional Internet registry
Regional Internet registry
A regional Internet registry is an organization that manages the allocation and registration of Internet number resources within a particular region of the world...
's whois
WHOIS
WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores...
databases —which may have query result limits— or other databases created specifically for this purpose. There is a tendency to mandate the publication of exact abuse POCs.
Abused receivers can automate spam reporting to different degrees: they can push a button when they see the message, or they can run a tool that automatically quarantines and reports messages that it recognizes as spam. When no specific tools are available, receivers have to report abuse by hands; that is, they forward the spammy message as an attachment —so as to include the whole header— and send it to the chosen authority. Mailbox providers can also use tools to automatically process incidents notifications.