• PC World
• » Software
• » Browsers & Add-Ons

Tracking Spammers

ISP administrators do much of the work needed to keep RBL, RSS, and ORBS up-to-date, but you can assist antispam organizations by complaining directly to the ISP that spawned the spam. To determine this, look at the spam's header information. Most e-mail programs have a command that displays the headers, though it might not be obvious. In Outlook, open the spam message in its own window, then choose View, Options. In Netscape's Messenger e-mail client, the command is View, Headers, All.

Once you've displayed the message's headers, look for the lines that start with the word "Received"--you'll probably find several occurrences, the last of which shows the ISP domain name from which the mail originated. Server addresses are usually constructed in this manner: "servername.domainname.domainsuffix." Here's an example of a spam header:

Received: from spam ([123.45.67.89])

By mailserver.somewhere.com (8.8.8/8.8.8) with SMTP id DAA89705;

Mon, 15 Jan 2001 03:21:24 -0400

Someone using a computer called "spam" sent this message through a server called "mailserver" at an ISP named "somewhere.com."

Are you feeling empowered yet? Having deduced the domain, send a polite message to "postmaster @domain" or "abuse @domain" (where domain is the actual name and suffix of the spam's originating domain) asking that the spammer's access to the site's mail servers be curtailed. In some cases, you'll get an answer back saying that the ISP is looking into it or has already curtailed the spammer's access. In most cases, though, you won't get a reply. That doesn't mean your actions are in vain. If anything, the ISP's administrator is probably too swamped with similar messages to respond. If you continue to receive spam from the same ISP, report the ISP to MAPS (see the organization's thorough Reporting E-Mail Abuse FAQ to find out when and when not to do so), or you can report it to ORBS.

For details on how to find and contact a spam's source ISP, see the page " How to Complain to the Spammer's Provider." Other sites that can help you finger spammers include SpamCop and Sam Spade. To listen in on veteran spam hunters, subscribe to the news.admin.net-abuse.email newsgroup.

Of course, you can also take other steps to prevent spam. The most important tactic is not to respond to spam, even when the message asks you to reply or click on another link to be removed from the spam list. Keep your e-mail address off public mailing lists and Web pages. If you want to include your address in an e-mail signature or Web page, munge it. Munging will make it unreadable by the address-harvesting applications that spammers use to build their e-mail databases, but (with luck) it will still be understandable to humans. Here's a munge primer:

The key is to change an element on either side of the "at" sign (@) to render the address invalid while making it clear to people that a small, obvious change to the address will validate it. For example, you can munge the address "myname@domain.com" to "my nameNOSPAM @domain.com," or "myname at domain dot com," or perhaps "myname@REMOVETHIS domain.com." If you've come up with a munge that is even trickier or easier to understand, I'd appreciate it if you would send me an e-mail describing it. You can address it to me at scott@NOspaMnbauer.com.