Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z - Internet FAQ Archives

The Email Abuse FAQ, Version 2.02
Section - 4. Actions

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Sex offenders ]

Top Document: The Email Abuse FAQ, Version 2.02
Previous Document: 3. Definitions
Next Document: 5. Etcetera
See reader questions & answers on this topic! - Help others by sharing your knowledge
4a. I've been mailbombed - what should I do?

  Contact your ISP immediately.  They can help stop the inflow, and 
  also help track down the source of the mailbomb.

4b. I've received U*E in my mailbox - who do I exterminate?

  By responding in some kind of abusive fashion, you lower yourself to
  the level of the person who sent you the offending message.  You 
  might also lose Net access through your ISP.  There are other ways 
  to fight back;  read on.

4c. I've received U*E in my mailbox - what should I do?

  You could:  ask the sender not to send you any more;  complain to 
  the appropriate people;  just ignore it and delete it.

Ask to be 'removed' from their list:
  Some U*E contains instructions for how to be 'removed' from the 
  sender's mailing list.  Usually this amounts to sending a 
  specifically formatted message to a particular address.  While this 
  is a relatively trivial task, it is not particularly effective; see 
  the sections "4g. I asked to be 'removed' - guess what?  I got another
  U*E", and, "4h. I asked to be 'removed' - guess what?  The message 
  bounced", later in this FAQ, for more on why this method is less 
  than perfect. 

Complain to the appropriate people:
  If you send a complaint, be polite, or at least civil.  Most times 
  the person receiving your complaint is *not* responsible for the 
  U*E;  if you expect their help, a little honey goes a long way.  Be 
  sure to include full headers when sending a complaint.

  Decipher the headers and complain to postmaster@bad-guys.provider. 
  Several sources on header-ography can be found in Appendix I of 
  this FAQ.  Some service providers also have abuse addresses;  i.e., 
  abuse@bad-guys.provider.  If you are on AOL, or another service 
  which engages in filtering, forward to the appropriate address on 
  your system so that they can see where new sources of UBE are, and 
  possibly add them to the list.  For AOL, forward them to postmaster 
  and abuse.

  If you are so inclined, you can do a bit more detective work and 
  possibly find more victi--- umm, legitimate recipients for your 
  complaint.  If the message originated in the US, using whois, or a 
  visit to InterNIC at 
  or its European counterpart at
  might turn up a few more addresses.  Traceroute or a similar tool 
  (tracert from the DOS prompt in Win95) will show the sender's 
  upstream provider;  some people lodge a complaint with them also.  
  There are several web sites available that will do a traceroute and 
  display the results;  use your  favorite search engine to find them.

  Also, there are usually folks on who are 
  willing to help you decipher headers;  be sure to include the 
  complete header in your post.

  (WSPING32 for Win95 has traceroute and DNS lookups built into it.  
  The traceroute in it is much more intuitive for Windows users.  It 
  is available at TUCOWS, and many other Winsock sites.  For Mac users, 
  the program "Mac TCP Watcher" has DNS lookup and a traceroue function.)

  If you have the tools available, you can also block any further 
  email from the source of the U*E.  See 'I never want to see another 
  message from again!' in this FAQ for more 

Just ignore it and delete it:
  If you only ever get one or two U*E messages, this is a logical and 
  reasonable course of action.  When the numbers increase, come back to 
  this FAQ and read about other actions.

4d. Where do these people get my email address?

  1) Run programs that collect email addresses out of Usenet posting 
  2) Cull them from subscriber lists (such as AOL's Member Profile 
  3) Use web-crawling programs that look for mailto: codes in HTML 
  4) Rip them out of online 'white pages' directories
  5) Buy a list from someone who already has one
  6) Take them from you without your knowledge when you visit their 
     web site.  For the latest on web browser security issues, see:
  7) Use finger on a host computer to find online users addresses
  8) Collect member names from online "chat rooms".

4e. How do I keep my address off the lists?

  For a junk-free mailbox, don't browse the web, don't put your email 
  address on a web page, don't subscribe to a large ISP, and don't 
  post to Usenet.  In other words, don't use the Internet. 

  Some people have taken to forging their own From: and Reply-to: 
  lines in their posts.  They might add an easily-recognized 
  'spam-block' to their address, or they might use those header lines 
  to tell folks where to look for their real address (usually in the 
  sig).  Some attempt to boast of their elitist-Unix-nerd-programmer 
  capabilities by burying their email address in a maze of code.  Such
  measures, while effective, are frowned upon by some as 'giving in' 
  to the bulk emailers.

  If you do a lot of web browsing, be careful about filling out forms;
  some outfits take such action as carte blanche to stuff your 
  mailbox.  There are also those who sell addresses collected in this 
  manner.  Don't assume that because you  are visiting the site of a 
  'reputable company' that this will not happen to you.

4f. I did all that and I still get U*E!

  Your options are few;  your address is probably on one of the lists 
  that gets swapped/bought/sold among the bulk email 'community'.  
  Your only alternative might be a new address.  Also, see 'I never 
  want to see another message from again!' for ways 
  to gird your mailbox against the advancing hordes.

  There have been several reports of U*E dropping off considerably as
  soon as someone has stopped posting to Usenet;  this may indicate
  that the U*E outfits are constantly creating new lists, and not
  reusing old lists.

4g. I asked to be 'removed' - guess what?  I got another U*E

  Not surprisingly, many UBE outfits treat a 'remove' request as 
  evidence that the address is 'live';  a 'remove' request to some 
  bulk emailers will actually guarantee that they will send more to 
  you.  For many others, the remove procedure does not work, either by
  chance or design.  At this point perhaps you're starting to get a 
  feel for the type of people with whom you are dealing.

  Also, getting removed doesn't keep you from being added the next 
  time they mine for addresses, nor will it get you off other copies 
  of the list that have been sold or traded to others.  In summary, 
  there is no evidence of 'remove' requests being an effective way to 
  stop UBE.

4h. I asked to be 'removed' - guess what?  The message bounced

  Probably the remove procedure was false.  Any remove procedure that 
  tells you to send remove requests to AOL, CompuServe, Prodigy, 
  Hotmail, or Juno is certainly false.  The bulk emailers are an 
  unpopular lot;  they forge headers, inject messages into open SMTP 
  ports, use temporary accounts, and pull other stunts to avoid the 
  tirade of complaints that follow every mailing.

4i. What about 'Remove Me' web sites and other global 'Remove' Lists?

  They depend on the goodwill of the UBE-sending agencies to work.  
  That is, the senders must use and honor the lists for them to be 
  effective.  There is no evidence that they do so.  There is nothing 
  to stop them from -adding- all those addresses to their lists!  
  Also, because UCE and UBE is sent postage-due, such sites are 
  effectively attempting to legitimize a form of recipient-paid 
  advertising;  you'll have to decide for yourself whether you want to
  support such an effort by placing your address there. 

4j. List of Basic Administrative Contacts
 (This section was lifted almost intact from the Net Abuse FAQ)

  The search for the best person to complain to at any site has led to
  much speculation and arguments, even among admins at the same site. 
  However, if a message to the original poster doesn't get you 
  anywhere, somebody at one of the following addresses might be able 
  to help.  Be aware, though that some of the more experienced and 
  well-financed junksters have their own domains, and simply drop 
  complaints to some of the addresses below into the bit-bucket.  
  Moving upstream may be your only choice.  Some specific addresses 
  are listed in Appendix I of this FAQ, under 'Abuse Addresses of 
  major service providers'.

  A lot of ISP's and network backbones have created 'abuse' addresses 
  for complaints about net-abuse. That's usually the best place to 

  RFC 822, the document which set most of the current standards for 
  Internet e-mail back in 1982, makes it mandatory for all sites 
  which pass e-mail to have a postmaster address so that problems can 
  be reported. The purpose of postmaster has expanded at many sites 
  to include net-abuse, both e-mail and otherwise.

Administrative or Technical Contacts
  If you have access to the whois command, you can type (for example) 
  'whois' to find out who the administrative and 
  technical contacts are for a domain. This will list their e-mail 
  address, and often their phone and FAX numbers.  Whois for InterNIC 
  is available via the web at:
  its European counterpart is at:
  The bulk emailers are aware of this resource as well, and InterNIC 
  does very little to check the integrity or authenticity of the 
  supplied information.  So don't be surprised to find contact 
  addresses such as '', and phone numbers that 
  don't work.

Upstream Providers
  Determining who's upstream using email headers can often be 
  confusing -- many people get it wrong, due to their own 
  inexperience or forgery on the part of the sender. U*E is worthless 
  unless it contains some legitimate contact information, though.  If 
  you've been around the block vis-a-vis headers, and you're familiar 
  with the whois and traceroute tools, you can probably find the 
  upstream provider.
  Now you can send mail to, and it 
  will (probably) be sent to the appropriate contact for that domain. 
  Be advised that this is a wholly experimental service.  Be sure to
  visit the web site before sending email to this service;  it will 
  explain the what the service does, and how to subscribe to it.  You 
  can find it at:

4k. I've contacted everyone involved - heard nothing back!

  Not all ISP's respond to every complaint.  With some, this is 
  because the bulk emailer is his own ISP.  With others, it is due to 
  the volume of complaints received.  Many of the larger ISPs and 
  backbone providers will send an automated response.  Don't be 
  offended by this;  they are probably deluged with complaints.  The 
  more they get, the sooner they'll find a permanent solution, so keep
  sending them.  Also, although the responses are automated, they may 
  still contain specific information;  UUNet's replies contain a 
  unique ID number, intended for use in any further communications 
  regarding that particular incident.

4l. I've contacted everyone involved - they told me to go away!

  Complain to the next step up the chain.  If they, too, brush you 
  off, keep complaining anyway.  Some of the upstream providers claim 
  no responsibility for the actions of their customers;  in lieu of a 
  'short, sharp, shock', the best thing to do is to keep badgering 
  them.  Still other ISPs will tell you there is nothing they can do 
  about such activities;  that is pure poppycock.  If they happen to 
  be *your* provider, you might consider letting them know what you 
  think of their incompetence/laziness/irresponsibility by finding 
  another ISP.  Be sure to tell all your friends.

4m. They told me they canceled the account, but I got another U*E!

  Some sites have been created for no other purpose than sending UBE.
  Some of these will do their best to spread confusion about their 
  natures by misleading and outright lying to those who complain.  
  This has included 'removing' offending accounts, only to give the 
  user another account to start over again.  Also, some UBE 
  'operators' use a 'hit-and-run' strategy, getting free trial or 
  'throwaway' accounts at other ISP's to actually send the mail.

  In addition to that, forging headers is *extremely* common.  At 
  least one UBE'r has been kicked off an account, forged his next 
  barrage with the (no longer valid) address from the ISP that kicked 
  him off, *and* bounced the mail off of that provider's mail server.

  In UBE, appearances are often deceiving.

4n. I sent a complaint - they said they had nothing to do with it!

  A) They had nothing to do with it.  The headers were misread or 
  2) They're a bunch of lying, no-good such-and-so's.  If you're 
     pretty certain that's the case, send as much evidence as you have
     to their postmaster and their upstream provider.

4o. I sent a complaint - they responded with threats!

  See 2) above.  Sometimes, threats come from newbies, so simply 
  sending evidence to their postmaster is enough to get them booted.  
  Also, depending on the nature of the threat, other legal measures 
  may be available to you.

4p. I never want to see another message from again!

  Some ISPs (MindSpring is one) maintain server-level junk filters.
  If your ISP does not do this, ask them to consider it.  They may
  also subscribe to the Realtime Blacklist (RBL), which is a list 
  of sites deemed to be sources of net abuse.  More on the RBL 
  can be found at:
  AOL also gives its members another tool, keyword 'Mail Controls', to
  block email at the individual level.  Ask your ISP to provide 
  similar tools.  Better still, ask them to provide even -better- 

  Some email client programs are equipped with filters which will 
  dump, bounce, or auto-reply to email based on user-defined criteria.
  Note that this does not prevent the U*E from being received and 
  stored on your mail server until you deal with it.  Some email 
  programs will download and act on just the headers; others require 
  the entire message to be downloaded before acting on it.

  Consider getting a procmail filter set up if your connection method 
  and ISP will allow it.  Procmail is a subject in and of itself;  
  some good starting points can be found in The Email Abuse Resource
  List, found at:
  Also,, .misc, and .usenet often
  have threads on the latest procmail tricks and stunts.  In addition,
  there is a newsgroup, comp.mail.misc, that discusses procmail among 
  other things.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:


Top Document: The Email Abuse FAQ, Version 2.02
Previous Document: 3. Definitions
Next Document: 5. Etcetera

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:

Last Update March 27 2014 @ 02:11 PM