Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z - Internet FAQ Archives

FAQ: Help! I've Been Spammed! What do I do?

[ Usenet FAQs | Web FAQs | Documents | RFC Index | Property taxes ]
Archive-name: net-abuse-faq/spammed-FAQ
Posting-Frequency: biweekly
Last-modified: 1998/02/08
Version: 0.9
Copyright: (c) 1996, 1997 Gregory Byshenk, Chris Lewis
Maintainer: Gregory Byshenk <>

See reader questions & answers on this topic! - Help others by sharing your knowledge
Help!  I've been Spammed!  What do I do?
A guide for the beginner.

By Greg Byshenk, based in part on an original by Chris Lewis

Comments welcome.

Posting-Frequency: biweekly
Version: 0.9
Last-Modified: 1998/02/08

1.1:  Introduction
1.2:  Email versus Usenet spamming
1.3:  What is Spam?
1.4:  That's not spam!
1.5:  A note on "flaming" and other "abuse".

2.1:  Ok, I understand that, but what can I _do_ about it?
2.2:  Some things _not_ to do.
2.2a: What about "UNIVERSAL" Remove Lists?
2.3:  What about messing with my email address?
2.3a: A better solution than munging your address.
2.4:  So what _should_ I do?
3.1:  Make Money Fast!/chain letters.
3.1a: Other Frauds and Scams.
3.2:  Email Spam / Junk Email.
3.2a: I got junk email that wasn't even addressed to me...
3.2b: Someone told me that sending junk email is _illegal_.
3.2c: How do junk emailers get my address, anyway?
3.3:  Spam on Usenet.

4.1:  Usenet groups for reporting spam.
4.2:  Reporting Spam to Usenet.

5.1:  When to send a "REMOVE" request.

6.1: Further info.

1.1: Introduction

"Spam", either via email or on Usenet, seems to be a growing
problem, and one that hits more and more people, new users
and old hands alike.  Unfortunately, the new user may not be
sure about what to do when spammed:  some actions are useless
or even counterproductive, while others require a bit of 
knowledge to put into practice.

This FAQ attempts to give general suggestions on what you can
do about spam, including how and to whom to complain, and
where you can report spam and learn more, as well as some
recommendations on what _not_ to do.

1.2: Email versus Usenet spamming

For the most part, the general guidelines we'll give here are 
common between email and Usenet spamming.

1.3: What is Spam?

Know your terms!  Spam is essentially the same thing posted 
many times.

On Usenet, spam is the same (or substantially the same) article
posted multiple times (to many groups, to one group many times,
or to many groups many times).  Email spam is the same message
broadcast to multiple recipients who did not request it.

For more details, see

The Net Abuse FAQ, at

   URL: <>

The Current Spam thresholds and guidelines FAQ, at

   URL: <>

and/or The Email Abuse FAQ, at

   URL: <>
   FTP: <>

1.4: That's not spam!

Yes, there are a lot of annoying, off-topic and stupid postings 
out there.  But that doesn't make it spam.  _Really_.  Spam is
almost always off-topic, at least in some of the groups to 
which it is posted, but just being off-topic does not make a 
post spam.

The defining characteristic of spam is _volume_, and volume 
_only_.  The content is irrelevant.

1.5: A note on "flaming" and other "abuse".

"Flames" and other verbally abusive posts and emails are _not_ 
spam.  Nonetheless, in sufficiently egregious cases, you may 
wish to complain about them.  If you wish to do so, you can 
use the suggestions below to complain to the administrators of 
the site from which the abuse comes.  Some providers prohibit 
random flames and abuse, and may discipline the person bothering 

Note that this is _not_ universal, and the administrators may 
tell you to get stuffed.  If this happens, there is little you 
can do but ignore the messages.  Do _not_ report such things 
to the* newsgroups, which are intended 
to deal with abuse _of_ the net (things that are damaging to 
the net itself) rather than abuse _on_ the net (such as 
"abusive" language that just happens to occur on the net).

Note further that, while harrassment or threats may be illegal, 
they are not abuse _of_ the net.  If you are being harrassed 
or receiving threats via the net, then you should take it up 
with the administrators at your provider, and perhaps even with 
the police.  The readers of the net-abuse groups may be able 
to provide assistance in tracking down from where such messages 
are coming (if, for example, they are forged), but are not 
charged with enforcing civil or criminal law.

2.1: Ok, I understand that, but what can I _do_ about it?

The easiest thing is simply to ignore it.  That's what most 
people do, and there's nothing at all wrong with doing so.

Doing anything more will require at least a bit of thought and
effort, in part because so much spam is forged or has its true
source hidden in some way, and in part because even reporting
the spam to despammers can be counterproductive if not done 

So, if you're not interested in expending the effort, feel 
free simply to ignore the spam.  Don't worry, it almost 
certainly will be dealt with in time.

You can even automate (to varying degrees, depending on your
software) the process of ignoring it: use your newsreader's
killfile and/or learn to filter your mail (see "2.3a: A better
solution than munging your address" below).

Another option is to join the Coalition Against Unsolicited
Commercial Email, or at least check out the information they
provide, at 

   URL: <>

In addition to providing a lot of information, CAUCE is also
involved in backing legal solutions to junk email.  Check out
their site or "3.2b: Someone told me that sending junk email
is _illegal_," below for more on this.

2.2: Some things _not_ to do.

    - Don't mailbomb or threaten.  Anyone.  Especially ISPs.  
      It's too easy to forge spams in other people's or ISP's 
      names, or just not be able to read the header right.  If 
      you mailbomb, chances are you'll mailbomb the wrong person.

      Recently, a site was knocked off the net due to a revenge 
      spam.  A spammer that was kicked off forged a massive email 
      spam to look like it had come from the site, and many
      people attacked the innocent site -- just what the revenge-
      spammer wanted.

      So don't.  Apart from that, mailbombing can be considered
      to be a denial of service attack.  In some cases, you could
      end up with criminal charges against you.  In most cases,
      you will be violating the policies of your own site, and
      could end up losing your own account.

    - If the spam article is more than 4 or 5 days old, _don't_ 
      bother with it -- it's past history.  On Usenet, even if 
      it hasn't already been dealt with, it's probably too late 
      to despam it.  Their ISP probably knows all about it, as 
      well.  So, in such a case, just ignore it.

    - Never, _never_, repost or remail the spam where you 
      found it.  Especially with chainletters -- your group
      already got hit with it, so why make it worse?

      On usenet, the only place one should repost spam is in 
      one of the* groups (see "4.2: 
      Reporting Spam to Usenet" below).

    - If you get email spam with a long CC: list, do _not_ under
      any circumstances issue a "reply all".  Doing "reply all"
      in this situation can actually result in a virtually
      unstoppable mail loop.  This applies even more if the 
      From: addresses appears to be a mailing list exploder 
      (such as a "listserv" or "majordomo" address).  If you
      reply to one of these, hundreds or perhaps thousands of
      people will see your complaint.  And complain to you.  

    - This is not a definite "rule", but it is the considered 
      opinion of those who deal with it that you should _not_ 
      send in a "REMOVE" request when you recieve junk email 
      (except in a few special circumstances:  see "When _should_ 
      I send a REMOVE request?" below), even if the junk email 
      says that you can be removed from the mailing list by doing 

      The reason for this is that, in far too many cases, sending 
      a REMOVE request is ineffective:  even if the junk emailer 
      actually _does_ remove your name from their current list, 
      when they rebuild their list the next time, you will be 
      added right back in again.  In addition, there is some 
      evidence that some junk emailers use REMOVE requests as 
      addresses to be _added_ to their mailing list.

      So don't waste your time.

2.2a: What about "UNIVERSAL" Remove Lists?

The latest thing these days is that junk email will arrive
with instructions on how to not just have your name removed
from future mailings by the current joker, but also to have
your name added to a "universal" REMOVE List.

Should you sign up?  The best answer is probably the same one 
given above:  "don't waste your time."  Why?  Because a 
"universal" remove list will most likely be just as much a 
waste of time as a plain ol' ordinary REMOVE List.  In the
first place, there are several "universal" remove lists, none 
of which are truly universal.  In the second place, there is
no evidence that being on a "universal" remove list does 
anything at all to reduce the amount of junk email sent to

What was the best known "universal" remove list was that 
produced by the Internet Electronic Mail Marketing Council 
(IEMMC).  You may have seen references to this group in the 
headers of junk email you've received in the past, along with 
comments about "responsible email marketing" or some similar 
twaddle.  Unfortunately, the IEMMC was (primarily) a product of 
Sanford Wallace (of Cyberpromo fame), and lost its net connection 
along with the rest of Cyberpromo.  For a historical perspective, 
you can check out the Adopt-a-Spammer-- Cyber Promotions page, at:

but it looks like the IEMMC is gone forever.  Sanford Wallace 
keeps making noises about starting his mailing service up again, 
but it doesn't seem that anyone will give him a connection.

Reasons for ignoring what the IEMMC says are available at
Tom Betz's "Proof that you couldn't trust the IEMMC" page at:

   URL: <>
There are other lists and organizations that claim to be
able to remove your name from the junk emailers' mailing
lists, such as that of Aristotle, at:

   URL: <>
but I have seen no evidence _whatsoever_ that any of them
accomplish anything at all.   

2.3: What about messing with my email address?

It is becoming rather common for people to mess up their email 
address when they post to Usenet, so that the headers say it
came from "", "", 
or "".  The reason for
this is to foil the address-gathering bots that junk mailers 
use to cull email addresses from news spools.  Certainly the 
actions of the junk emailers are unacceptable, but it is not 
clear that messing up headers is any better.

I am unhappy (as are quite a few others) with this state of 
affairs.  In the first place, it is a violation of RFC 1036, 
which requires that the From: line of a Usenet post contain 
the address of the person sending the post.  In the second 
place, it can make even the appropriate replies to a post 
difficult or impossible to send.  Finally, if the address is 
messed up in the wrong way, it can lead to further problems 
down the road.

But it is fairly common.  If you _are_ thinking of messing 
up your address, however, there are a few things that you should 
know, and I would _strongly_ recommend that you check out the 
Address Munging FAQ: Spam-Blocking Your Email Address before 
doing it.  You can find it at:

   URL: <>

2.3a: A better solution than munging your address.

A better way to deal with the problem is to filter your mail.
You can use something like Procmail (mail filtering software
for UNIX machines) or the built-in capabilites of your mailer
(most mailers have at least minimal filtering abilities).  There 
are also various ways to use procmail easily, such as the Procmail
Filters Kit, at:

   URL: <>

Filtering will usually take at least a bit of effort, but the
results can be quite good.  For more info, check out the
Filtering Mail FAQ, available through the Infinite Ink FAQ 
Launcher, at 

   URL: <>
   URL: <>

You can also ask your provider to block out the more insistent
junk email sites.  AOL allows you to reject such mail using
AOL's filters, and many providers will block sites that send
nothing but junk email.  Some others provide site-wide filters
that you may choose to use.

There are also some more-or-less automated mail-filtering

    - Adcomplain, by William McFadden, is a bit of software
      for UNIX, that automatically composes and mails complaints
      about various types of spam.  It is available at:
         URL: <>
    - Also for UNIX is the NAGS Spam Filter, available from
      Netizens Against Gratuitous Spamming, at:
         URL: <>
    - And there is a similar program for PCs called "Spam Hater",
      available from Net Services at:
         URL: <>
    - Finally, for those who use Netscape to read mail and
      had despaired of being able to filter out junk mail,
      there is a piece of software from Voidstar Systems
      called NS-Route that would appear to allow at least some 
      minimal filtering for Netscape.  You can find it at:
         URL: <>

Even more finally, there are some new entries in the blocking game, 
about which I don't know very much, but that could be worth checking 

	- Roadblock is a filter for Windows 95, and can be found at:

		URL: <>

	- The mapSoN Utility -- according to the creator -- provides some 
	  advanced filtering capabilities with keyword-based "whitelisting". 
	  It needs to be installed on your ISP's equipment, so you may need 
	  their ok.  Info is available at:

		URL: <>

	- "The Spam Bouncer" is a procmail spam filter and is at:

		URL: <>

	- "Nail 'em!" isn't really a filter, but it is a publicly accessible 
	  script that auto-complains about spam.  It can be found at:
		URL: <>

2.4: So what _should_ I do?

There are a number of possible actions that can be taken, 
varying somewhat depending on whether the issue is usenet spam, 
junk email spam, or a chain letter, and also depending on how 
much work you want to do.

Some general rules:

    - In most cases, it is best to report spam to the "postmaster" 
      or"abuse" address at the site where the spam originated, 
      and not to reply to the person who sent it.  The reason 
      for doing so is that the vast majority of spam is produced 
      by people who know quite well that it is annoying and abusive, 
      but simply don't care, so there isn't much point in letting 
      them know that you find it annoying and abusive.  The only 
      response that complaints will garner is an abusive one, or 
      more spam.

      It is generally better and more productive to report spam 
      to the administrators of the site from which the spam came.  
      Spamming violates the Terms of Service (TOS) or Acceptable 
      Use Policy (AUP) of most sites, and the administrators 
      are the ones who are best able to deal with it.  In addition, 
      responsible administrators will want to know if one of 
      their users is spamming.

    - The easiest (although not always the best) place to complain 
      to is the "postmaster" address at the site where the spam 
      was sent.  This will often (though not always) take the 
      form:, where the spam was sent by  That is, if the spam was sent by, the postmaster address would be  The "postmaster" address is 
      required by RFC 822 for all machines from which mail is
      sent, and mail sent there should reach some appropriate 
      person except for the most worthless, abusive sites.

      [Note: is used above only as an example. 
      Cyberpromo is one of the _most_ obnoxious junk email 
      sites, and sending to is (at
      best) equivalent to sending your mail to the trash (at
      worst, it could get you on _more_ junk email lists).]

      In addition, many sites also provide an "abuse" address, 
      which is often in the form:  It generally 
      won't hurt to try to send a response to the abuse address, 
      since mail to "abuse" will often get to the right people 
      more quickly than will mail to "postmaster".  Unfortunately, 
      mail to "abuse" may bounce when the site doesn't use this 
      address, and some sites have created their own rather odd 
      names for reporting abuse.  But, unless and until "abuse" 
      becomes a true standard, you will have to take your chances 
      in this area.

    - And there's another problem.  The From: and Reply-to: 
      addresses in email and on usenet are extremely easy to 
      forge, and many (if not most) spammers use this factor 
      and spam using forged addresses.

      Figuring out where such a spam came from requires knowing 
      something about how to read headers, which is beyond the 
      scope of this FAQ.  Fortunately, there are several places 
      that cover just this subject:

	  - The oldest (so far as I know) is the alt.spam FAQ or 
        "Figuring out fake E-Mail & Posts", at

        URL: <>
      - Another useful tutorial is "Reading Email Headers," at:
        URL: <>
      - As is "Spam Lessons," at:
        URL: <>

	- Another guide to reading headers and figuring out where to 
	  complain (targetted especially toward spam) is "The Anti-Spam 
	  How-to," available at:
	URL: <>

    - Also useful in this area is "How To Complain To The Spammer's 
      Provider" from the folks, which provides a good
      introduction to how and to whom to complain about spammers.
      Find it at:

         URL: <>

      The folks at also provide a complaint service.  If
      you register with them, you can send any junk email to their
      address and they will forward it to the most likely complaint
      addresses.  Info on the service is at:

         URL: <>
    - If you wish to go it alone, a good way to track down info
      about the source if spam is the "Sam Spade, Spam Hunter"
      ACME Address Digger, at:
         URL: <>
      The address digger provides access to a bunch of useful
      tools for tracking the source of spam, all in one 
      convenient location.

	  Also from the same folks is the personal version of Sam Spade
	  that you can run on your own machine.  You can find it at:
		URL: <>

	- There is also another set of "Anti-Spam Tools & Resources" 
	  that is especially good for international spam.  It is
	  available at:
		URL: <>

    - Whenever and wherever you complain, _always_ include the 
      _full_ headers of the spam about which you are complaining.  
      Without full headers, it is generally impossible to be 
      sure from whence the spam really came; because so much 
      spam is forged, just the From: line isn't enough.

    - Apart from complaining to the source, you can also report 
      spam to the usenet newsgroups where the despammers hang 
      out.  You can also get help in figuring out spam yourself 
      from some of the "old hands" reading these groups.  (See 
      "Usenet groups for reporting spam" below.)

3.1: Make Money Fast!/chain letters.

The easiest spams to deal with are probably chain letters 
(generally referred to on the net as "Make Money Fast" or MMF, 
due to that being the subject of one of the more common chain 

    - Be sure that you understand what chain letters are - see
      the URL below.

    - There are only a few different varieties:  "Charles Kust",
      "Dave Rhodes", Recipes, another that goes like "I found
      it!", and a new one that tells you to "Post the article
      to at least n newsgroups", where "n" is most often 200.

    - The first time you see a chainletter, report it _only_
      to the originator and/or their postmaster .  _Never_ repost
      it or followup to it in the group where you found it.

      A chain lettter is one case when it doesn't hurt to respond 
      to the one who posted it.  Because these are actually 
      _unlawful_ in the US (see the URL below), they are generally 
      posted only by those who don't know any better, and letting 
      the one who posted it know is usually enough.

    - Write your message reasonably politely.  One possible
      message could be:


        Please be aware that your message (included below) is
        both spam (one of many thousands of copies posted), and
        an illegal chain letter fraud.  Please stop posting
        them immediately, and cancel them if you can.

        Please read the following URL for a full explanation
        of the legality of these messages:

        <Include full copy of original MMF>

3.1a: Other Frauds and Scams.

Various other forms of fraud may be unlawful, as well, and they
do not magically become lawful by being disseminated via the

For example:  dealing in securities (stocks, etc.) is pretty
strictly regulated, and someone touting stocks via spamming
is probably at least close to the legal edge; health claims
made for any drug are regulated and must be demonstrated, and
someone spamming the health benefits of their product probably
does not have FDA support; there are certain legal requirements
regarding what is a legitimate Multi-Level-Marketing program
(as opposed to being an illegal pyramid scheme), and the _vast_
majority of so-called "MLM" programs advertised via spamming
do not meet the legal test, thus being illegal; etc.

There are a number of email addresses to which you can forward
information on suspected fraudulent offers:

   <>			pyramid schemes (FTC)
   <>		postal fraud (including
   					  chain letters)
   <>	fraud office (IRS)
   <WEBO@FDADR.CDRH.FDA.GOV>		food/drug fraud (FDA)
   <>		National Fraud Info Center

More information on fraud is available from the Internet
Consumer Fraud Information Service, at:

    URL: <>

For chain letters originating in Canada, or using Canadian 
mailing addresses, you can try:

   <>		Bureau of Competition

Or use the fill-in form on the RCMP web site, at

    URL: <>

3.2: Email Spam / Junk Email.

Email spam is easy to identify -- if you receive some junk mail 
that you didn't ask for or end up on a mailing list that you 
didn't ask to be put on, then it's spam -- but identifying its 
source can be much more difficult.

The problem here is that junk emailers all know that everyone 
hates to receive junk email, so they have become quite creative 
in forging their addresses.  Some junk emailers for hire offer 
"flame-proof mailboxes", and Cyberpromo (one of the big junk 
emailers who tried to get an injunction barring AOL from blocking 
mail -- and failed) has gone so far as to create whole new phony 
_domains_ to send junk mail from in an attempt to get past people's 
mail filters.

So, in order to complain effectively about junk mail, you will 
need to learn at least a little bit about reading headers; just 
sending to will more likely than 
not just cause your mail to bounce.

But there is one trick that sometimes works.  Because junk emailers 
generally want to sell you something, they have to give you some 
way to contact them.  So you can check out the _body_ of the 
message, which will very often contain an email address or a 
web page to go to for "more information".  And you can try 
complaining to the postmaster at the domain in _that_ address.

And you could always check out the URL above (under "So what 
_should_ I do?") and learn to read email headers.

Finally, you can report junk email spam to* 
on usenet and let the despammers take a crack at it (see "Reporting 
spam to usenet" below).

And, remember, _always_ include full headers whenever you complain.

3.2a: I got junk email that wasn't even addressed to me...

This probably wasn't a "mistake", but mail sent using the Bcc: 

What the Bcc: (Blind Carbon Copy) header does is send email to 
an address without including that address in the mail when the 
recipient finally gets it.  Some junk emailers use this feature 
to send the same email to hundreds or thousands of different 
people without having a To: or Cc: list that is hundreds or 
thousands of lines long.

What the recipient sees is a piece of email that is addressed
To: someone else.  Some junk emailers even try to make their
junk mail look like it was personal mail intended for someone
else that "accidentally" got mailed to you.  Don't be fooled.
There isn't any way that mail sent to someone.else@somewhere.
else could end up in your mailbox "by mistake".  (If your ISPs 
mailer is messed up, it might be possible for mail addressed 
to someone.else@your.domain to arrive in your mailbox, but mail 
sent to some other ISP should _not_ end up in your mailbox.)

3.2b: Someone told me that sending junk email is _illegal_.

    - Maybe that person was right... then again, maybe not.
[note: this section on the legality of junk email is almost
entirely US-centric, for a number of reasons:  1) so far as
users on the net are concerned, the US is still the big boy
on the block; 2) the overwhelming majority of spam on the
net originates in the US (even if it might be sent to those
outside the US or pass through sites outside the US on the
way to its destination); and 3) I am not a lawyer even in
the US, and any attempt to cover legal issues outside the
US would be well beyond my abilities.  That said, it should
be noted that just _sending_ junk email may be a violation
of the law in some countries; spammers and spammees should
check their local laws.]    

As of July, 1997, there is movement on this front: whether or
not junk email _is_ illegal now, at least certain forms of it
may become so in the near future.

There have now been introduced _three_ different bills dealing 
with junk email:  HR 1748 by Chris Smith in the House of
Representatives, S 771 by Murkowski in the Senate, and S 875
by Toricelli also in the Senate..  They are not at all the same:  
the Murkowski bill bans address-forging and requires the use of
keywords in junk email, but permits its sending; the Toricelli
bill requires that junk emailers remove you from their lists if
you so request, but still permits them to send it until you
"opt out"; the Smith bill amends the "Junk Fax" law to prohibit 
unsolicited commercial email, but does not prohibit non-
commercial bulk email.

The text of the Murkowski bill is available at:

   URL: <>
the Torricelli bill at:

   URL: <>

and the Smith bill at:

   URL: <>

More information on these bills is available at:

   URL: <>

   URL: <>

and at the Coalition Against Unsolicited Commercial Email's
site, at:

   URL: <>

CAUCE supports the Smith bill.

There has also been considerable discussion of these bills
in the Usenet newsgroup.

Until such time as a new law is enacted, the legal status
of junk email remains unclear.

    - One reading of the "Junk Fax" law (US Code, Title 47, 
      Sec. 227) is that, because of the way if defines "fax 
      machine", a computer with a modem and printer is a fax 
      machine under the law, and thus, sending junk email to 
      such a computer is a violation of the law.

      On another, equally plausible reading, the "Junk Fax" 
      law cannot possibly apply to email, because (among other 
      things) if it did, then just about _every_ email message 
      would be a violation.

      Because there has not yet been any judgment by a court on 
      this matter, the question remains open.  In any case, junk 
      email has _not_ (yet, anyway) been held to be illegal by 
      a court, which is what matters where the law is concerned.

      If you wish, you can read the relevant parts of the law 
      yourself at:

         URL: <>

    - There are those who have attempted to collect "proofreading" 
      or "data storage" fees from those who send junk email, by 
      giving notice that they will charge fees for junk email 

      As in the case of the "Junk Fax" law, however, there has 
      not yet been a judgment by a court that such charges are 
      legally enforceable.  In addition, many knowledgeable people 
      argue that any such notice cannot be considered a binding 

    - In addition, it is _possible_ that some junk emailers could 
      be in violation of fraud statutes when they forge their 
      messages to appear to come from sites other than their own.

      Again, this has not, to my knowledge, been tested in court.

    - Finally, there is the possibility that the "Junk Fax" law 
      could _explicitly_ be extended to embrace junk email, as is
      proposed in the Smith Bill (HR 1748).  Until such a bill is
      actually _passed_, though, it has no force.

    - So, the answer so far is:  the possibility of junk email 
      being declared illegal remains open, as (again, to my
       knowledge) no court has expressly _rejected_ the arguments 
      above, but neither has any court ruled that junk email 
      _is_ illegal.

      The current status of Cyberpromo v. AOL suggests that no 
      one has the "right" to send you email, but this means 
      only that you can block attempts by anyone to send you 
      email, not that they can't try to send it to you.

    - Also available is a somewhat longer discussion of the ways 
      to respond to junk mail using legal means, provided by a 
      reader, at:

         URL: <>

    - And, finally, there is an excellent review of the legal
      issues involved in UCE by Michael W. Carroll in the Berkeley 
      Technology Law Journal, at:

         URL: <http://server.Berkeley.EDU/BTLJ/articles/11-2/carroll.html>
      Cyberspace Law - Unsolicited E-mail provides some information 
      on legal issues relating to junk email, at:

		URL: <>
	  and The E-LAW Locator can provide information on legal issues 
	  relating to the net, at:
		URL: <>

    - All that said, remember also that even if just sending
      junk email is not illegal, the mere fact that something
      occurs via email does not mean that other laws do not
      apply.  Chain letters and other forms of fraud are
      unlawful even if the communication occurs via computer
      (see 3.1 and 3.1a above).
3.2c: How do junk emailers get my address, anyway?

The most common source of email addresses seems to be posts to
usenet.  It is fairly easy to use or write a program to collect
From: addresses from usenet posts, and if you post to usenet, 
it is likely that your email address will be collected.

Some mailing lists allow anyone to get a list of subscribers,
and it is possible that your email address was collected in 
this way if you are on a mailing list.

Some machines allow outsiders to collect users addresses, and
this is another possibility.

Finally, once you are on one list, that list is quite likely
to be sold to other junk emailers or for a junk emailer for-
hire to use the same list to send junk email for large numbers
of people. 

3.3: Spam on Usenet.

The first thing to do with spam on usenet is to be sure that 
it actually _is_ spam.  Remember, what makes something spam is 
that there are _lots_ of copies.   You'd be surprised how many 
people will post one, but only one, wildly off-topic article 
into one group.  Remember, a single post, no matter how wildly 
off-topic, is not spam.

If you see a single massively cross-posted article (typical 
multi-group trollbait), it probably _isn't_ spam.  Such massive 
crossposts may be supremely annoying, but a crosspost (even a 
massive one) is only a single copy of the article on the news 
server, so it isn't the same thing many times.

    - You may wish to report even a single massively cross-
      posted article to the poster and their ISP, as some people 
      post such articles without meaning to be abusive, and some
      ISPs have policies against such posts.

      Be prepared for a nasty response, though.  There are people
      who enjoy massively crossposted trolls and post them just
      to muck things up on Usenet, and there are many ISPs who
      see this as sufficiently close to attempting to control
      content that they will not get involved.

You can't really consider something spam on usenet unless you 
see multiple copies of it, either the same thing posted multiple 
times (with different message-ids) in one newsgroup or posted 
individually (not crossposted) to multiple newsgroups.  In short, 
if you don't see more than one copy, you can't say that it's 

    - The one exception to this rule is the "alpha-spam", which 
      is the practice of attempting to post to _every_ usenet 
      group (in alphabetical order, hence the name).  If you 
      see something that looks like:

      Newsgroups: alt.conspiracy.netcom,alt.conspiracy.usenet-cabal,,alt.consumers.experiences,,,alt.cosuard,,alt.cows.moo.moo.moo,alt.crackers,alt.cracks,

      then it's _probably_ an alpha-spam, and, thus, a spam.

If you see something that you think _might_ be spam, and you 
want to get a better idea, you can check with dejanews, at 

   URL: <>

You can go to dejanews and do a search on the subject of the 
post you're wondering about:  if dejanews shows that the same 
article has been posted 20+ times, then it is definitely spam.

Complaining about usenet spam is more or less the same as 
complaining about email spam.

    - You can try complaining to the postmaster or abuse 
      addresses at what seems to be the poster's site, but 
      usenet spams are forged so often that this will often 
      be unsuccessful.  

    - You can learn to read usenet headers so that you can 
      get a better idea of where forged posts _really_ came 
      from (again, check out the URL above under "So what 
      _should_ I do?").

    - You can report the spam to the despammers reading the* groups.

And _always_ include full headers whenever and wherever you 

4.1: Usenet groups for reporting spam.

There is a whole hierarchy,*, related 
to spamming and other net-abuse.  Each of the groups in this 
recently reorganized hierarchy has a specific function, and 
reporting of spam will be most useful if it is done in the right 
place.  The relevant groups are:

    - (nanas) - A group specifically 
      and only for the reporting of cases of net abuse (including 
      spam), this is _the_ best place to post reports of spam to 
      usenet.  nanas is robomoderated, and posts to nanas must 
      have the Followup-to: line set to either nanau (for reports 
      of usnet spam) or nanae (for reports of junk email spam).  
      Further info on nanas should be available from "The* Homepage," at the URL below.

    - (nanau) - A group primarily 
      for _discussion_ of net abuse on usenet, including spam.  
      Followups to reports of spam on usenet are directed to 
      nanau, but nana.sightings is a better place for the first 

    - (nanae) - A group primarily 
      for _discussion_ of net abuse via email, including spam.  
      Followups to reports of spam via email are directed to 
      nanae, but nana.sightings is a better place for the first 

      and also exist, but are of less
      relevance in terms of reporting spam.

    - More info on the* hierarchy is available
      at "The* Homepage," at

         URL: <>

4.2: Reporting Spam to Usenet.

General guidelines:

    - On Usenet, the only places where you should post copies
      of spams are in "abuse" groups designed for it.  Such as (nanau), 
      (nanae), or (nanas).

    - If you do copy spams to abuse groups, ensure that the
      posting is a proper "followup" format, with ">" or "|" 
      indentation.  If you don't, then your posting might be 
      considered part of the original spam and cancelled by the 

    - Check nanas/nanau/nanae first to see if the spam already 
      has been reported.  If it has, consider not reporting, 
      unless you have additional information to add, such as 
      different From: or Received: lines, paths, etc.  Posts 
      with different headers can be useful in better analysis of 
      the origin  of a spam, but a bare "I got one, too!" adds 
      nothing of value.

    - Be sure to include _all_ headers.  Without full headers, 
      it is usually impossible to tell for certain where a spam 
      really came from, and little can be done about it.

Make Money Fast! Chain Letters:

    - Do not report first-time MMFers to nana*.  Most
      administrators will reeducate their users when they're 
      notified.  The URL above (in the sample MMF complaint 
      letter) will reform 99.9% of the remainder.

    - If you see more MMFs from the same person more than a day
      or two later, _then_ report it to nanas.  And, when reporting
      it to nanas, include no more than the headers, the first 
      paragraph,and the list of suckers.  There are only a few
      basic variants of the letter, and the despammers have seen
      them all, more times than they would like.  Posting the 
      full letter is just a further waste of bandwidth.
Junk Email Spams:

    - Always check nanas/nanae _first_.  If the spam has already 
      been reported, don't bother reporting it again unless you 
      have something new and important to add.

    - If you've complained to the site from where the spam was 
      sent, and received a useful response (saying, for example, 
      that the sender is being dealt with), then consider not 
      reporting the spam to nana*.  Any site can have an occasional 
      junk emailer, and if the administrators deal with the problem, 
      it isn't really necessary to publicize the junk mail.  And 
      this leaves nana* free to concentrate on the problem sites 
      and dedicated spammers.

    - Always include full headers, especially the Received: lines.

Usenet Spams:

    - Always check nanas/nanau _first_.  If the spam has already 
      been reported, don't bother reporting it again unless you 
      have something important to add.

    - Don't report any potential spams to nanam unless you are 
      pretty darn sure that it really is spam.  If you don't see
      at least two separately posted copies in at least 4 groups 
      total, then you can't be sure.  

    - If it doesn't appear to be "it's everywhere it's everywhere!",
      consider reporting only to the user and their ISP.  In such 
      cases, the article is probably not something that the
      despammers can do anything about, and reporting it on
      usenet is just a waste of your time and a further waste
      of bandwidth.

    - Always include full headers.

5.1: When to send a "REMOVE" request.

There are at least three cases in which you may, despite what 
is said above (under "Some things _not_ to do"), wish to send 
in a REMOVE request to a junk emailer.

    - Some people are attempting to _bill_ junk emailers for 
      the use of their equipment to receive and store junk email.  
      I don't put much faith in the success of such efforts 
      (see 3.2b above), but if you choose to attempt this route, 
      you _must_ let the junk emailer know that you plan to 
      charge them.  

      If there is to be any chance of collecting, you will 
      need something that at least _could_ be a contract:  if 
      the junk emailer isn't even _aware_ of your charges, it 
      will be nigh on impossible to convince a court that the 
      junk emailer has agreed to them.

      Technically, such a message would not need to be a REMOVE 
      request -- it could be a notification of the archiving 
      charges and a notice that further mail will constitute 
      acceptance of the terms -- but the terms must be communicated 
      to the junk emailer.

    - Some people are arguing that the continuing sending of 
      junk email messages constitutes "harrassment".  It is 
      possible that continuing to send junk email after a request 
      to cease _could_ be considered harrassment, but such a 
      charge would require at the very least that the one being 
      harrassed tell the harrasser to cease.  If you haven't 
      told the junk emailer to stop sending mail, then you won't 
      have much to stand on in a harrassment complaint.

    - Some junk emailers are attempting to (and, in some cases, 
      succeeding at) snowing providers by claiming to be 
      "responsible" junk emailers.  One supposed hallmark of 
      being a "responsible" junk emailer is that one actually 
      _honor_ REMOVE requests.

      If you wish to convince such a junk emailer's provider 
      that the junk emailer is _not_ "responsible", then 
      demonstrating that they do _not_ honor REMOVE requests 
      (by showing that they continue to send junk email after 
      receiving a REMOVE request) may succeed.  

      Of course, in some cases, the provider doesn't really care, 
      and even such a demonstration of lack of responsibility 
      will accomplish nothing: anyone who buys the "responsible
      junk emailer" defense probably won't take action even when
      the defense is shown to be a sham.  In addition, acceding 
      to the demands that you should send a REMOVE request also 
      serves to legitimize sending the junk email in the first 
      place, something that many people find completely unacceptable:  
      if everyone wanting to sell something were to send you just 
      _one_ junk email, you would spend all of your time sending 
      REMOVE requests.

6.1: Further info.

    - If you wish to start tracking spam, there are lots of sources of
      information.  Some of them are:

      The Net-Abuse FAQ, at 
        URL: <>

      the Internet Spam Boycott, at 
        URL: <>

      The Coalition Against Unsolicited Commercial Email, at
        URL: <>

      the Network Abuse Clearinghouse, at
        URL: <>

      Fight Spam on the Internet, at
        URL: <>

      the SpamFAQ, at 
        URL: <>

	  The Anti-Spam Campaign, at:
		URL: <>

	  The Email Abuse Resource List, at:
		URL: <>

	  Spambusters!, at:
		URL: <>

      Stop Junk Email, at 
        URL: <>

      the Stop Spam FAQ, at 
        URL: <>

    - In addition, I have quite a few links to information, tools, and
      suggestions at 
        URL: <>

gregory byshenk          "Help!  I've been Spammed! What do I do?" at
chicago, illinois usa    <>           Take a bite out of SPAM! <>

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer: (gregory m. byshenk)

Last Update March 27 2014 @ 02:11 PM