[Don't Buy Chinese] [Do The Right Thing]

[No Frames]

Spam is not from Immune.Com

Contents
Spam is not from Immune.Com
Confirmation Is Required
The Boulder Pledge
How To Stop Spam
Who Really Sent A Message
This Is Where You Are
Fake Headers
But Where Did This Junk Come From?
Black Hole Lookups
Reporting With Abuse Net Service
Reporting Spam Directly
Trace Route
Even More Anti-Spam Help

Spammers (worthless, garbage-mouthed vermin) are attacking this service and many other services. We are being attacked by spammers because we believe your e-mail address is private and should never be used without your permission.

Spammers are also angry with us because we report their disgusting spew. Spam is a repugnant abuse of the Internet, and we'll likely continue to vigorously report spam.

We regret that repeated, widespread, and continuing retaliation attacks by spammers have besmirched the good name of Immune.Com. Spammers try to cause trouble by sending out spam which appears to be from Immune.Com. Because most of an e-mail message can be forged (including who it is "From:"), spammers can and do send e-mail messages with illegal, false "from" addresses @Immune.Com in an attempt to discredit us.

Recently Chinese spammers have been attacking Immune.Com more intensely, creating the false impression that their Chinese spew is somehow from Immune.Com. Yuck!

We have tracked down and reported several kinds of spam that falsely uses a fictitious @Immune.Com, or a real but receive-only @Immune.Com e-mail address as a From: address or return address, forging the dispicable wrong impression that Immune.Com was in any way involved in sending spam. Immune.Com has never, and will never, send unsolicited electronic messages of any kind. Never.

Confirmation Is Required

All Immune.Com services have always operated on a request-confirmation basis. It is impossible for an e-mail address to be added to our member lists without both a request, and also a valid confirmation by e-mail. Subscription requests result in an immediate, automatic confirmation message sent to that same e-mail address.

If a subscription request is forged, the automatic confirmation message alerts the owner of that e-mail address about the attempted larceny. If the confirmation code is not returned promptly, the code expires. The code is only sent to the newly requested member e-mail address, so others cannot forge a confirmation unless they have access to your computer, and access to your e-mail.

The Boulder Pledge

The most important thing we all can do is to be sure that we do not support SPAM. Spammers dread the Boulder Pledge, so we should all support the Boulder Pledge.

The Boulder Pledge by Roger Ebert (the "Thumbs up!" guy) December 1996:

"Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited e-mail message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community."

Simply never buy anything promoted by SPAM. That way spam advertisers can never be 'satisfied' with spammer senders, and spammers will go out of business more quickly.

In addition to the Boulder Pledge to never support spam, it is also possible for all of us to help with the fight against spam.

In fighting spam, you can take on many different tasks, including tracking down the source, where the spam got into the Internet, and various kinds of complaints to the parties who are, intentionally or not, supporting spam. The rest of this page gives you the tools you need to fight spam.

How To Stop Spam

Now that you are here, please look around and learn what you can do to stop the spamming low-lifes from invading your inbox with their junk.

It's usually not a good idea to reply to spam directly. Spammers use all replies to confirm that your address is real, not to remove you, as they claim. They lie. Confirmed addresses are far more valuable to sell to other spammers, so don't reply at all!

Here next are many resources available to help fight spam. There are links from this page to many sites that help you learn about all the issues involved and what you should or should not do about spam.

How To See Who Really Sent A Message

It takes skill and experience to read the technical details that reveal where a spam message really came from. You must find how to see the "transport headers" in your e-mail program, and you must figure out the meaning of the headers after you find them.

Some e-mail programs make it easy, and some make it very hard. Here are some links to Web pages that can help you find the e-mail transport headers in your e-mail program:

How do I get my email program to reveal the full, unmodified email?
How to Show Full Headers
How to Interpret Email Headers (do not log in - just say ok,ok,ok,ok...15 times)

Once you find the transport headers in your e-mail program, the fun has just begun. Now, you must figure out what they mean. It may help to remember that e-mail messages have only three parts - headers, body, and possibly any attachments.

This Is Where You Are

As an e-mail message is passed from the point of origin to the recipient, each device that handles that message is likely to leave a trace of its activities. These traces, showing where the message began, and where it traversed, are added at each step along the pathway. The original record, at the beginning of the message's journey, is likely to be in those traces nearest the message body - at the bottom of the headers, close to the message body.

So, the headers at the top, farthest from the message body, will probably show facts about your e-mail server, where you collect your e-mail from. Each header entry between the point of origin and your own e-mail server should be in the order that the e-mail message was passed. As you work through the headers from the top, toward the bottom, you're getting closer and closer to the spammer who sent it.

These pages try to help you understand what e-mail transport headers really mean:

What Email Headers can Tell You About the Origin of Spam
How to Interpret Email Headers
Figuring Out Fake E-Mail & Newsgroup Posts

Fake Headers

Spammers lie. They try to hide the details about the bad things that they do. As the pages cited above point out, spammers frequently use multiple ways to lie and obscure their dirty deeds.

One way that spammers lie is to place fake headers in spam messages. Remember that the headers nearest to the message body are the "oldest," and closest to the point of origin (the spam 'insertion point'). So, if a message has any fake headers, the fake headers will probably be next to the body, at the bottom of the header section. It is possible to fake one, two, or more headers - but, usually the fake headers will all be before (below) the real headers.

In learning to read e-mail transport headers, it may be smart to begin studying e-mail messages that are legitimate, so you can learn to read real headers from known addresses before you get into the tricky stuff that spammers do.

But Where Did This Junk Come From?

As you discover more and more about an e-mail message's transport headers, eventually you'll become concerned with the IP address (the dotted quad IP, such as 127.0.0.1, is four numbers [0 to 255] separated by period dots) of a computer (server) that sent the spam message.

Two powerful online tools will be your friends: WHOIS and black hole lookups. You'll also learn about trace-route, but be careful that you understand traceroute before you jump to any conclusions - reporting your own Internet Service Provider to their Internet pipeline supplier is probably not going to help stop spam in your INBOX.

WHOIS is an Internet tool to allow anyone to find out the name, and how to contact, any Internet domain name owner.

Here are some pages that will allow you to look up the owner of almost any Internet domain:

Network Tools
Hexillion Tools
Betterwhois
WHOIS and root server check

Note: If a WHOIS record ever contains any bogus information, like a telephone number of 101-555-1212 or a street address in the middle of a river, be sure to report the falsehoods to this free public service database: RFC-ignorant.org

RFC-ignorant.org is the clearinghouse on sites who think that the rules of the Internet don't apply to them. All WHOIS domain records should contain (at least) a contact name, an e-mail address, a telephone number, and a street address. If these requirements are not met, or if bogus data is given, please report the domain to the bad-WHOIS database at RFC-ignorant.org. There may be recent privacy exceptions in Europe - but the point is that there must be a way to contact the domain owner to complain.

Black Hole Lookups

Let's say you just received spam from the bad computer at this IP address: 66.102.130.156

To get an e-mail address to complain to, plug the IP address number of the bad computer that originally sent the spam (in this case, 66.102.130.156) into this tool:

Openrbl Multi DNSBL Lookup

Red in the output result is bad, and green is okay. If the page turns red, the whole network is probably controlled by spammers - so complaining to them is of little use. Instead, learn to use traceroute and figure out the pipeline supplier(s) used by the spam sender, and the product or service that was spamvertised. Complain at least one level above the spammers. Complaining more than two levels above the spammer doesn't usually help - it shows you're frustrated, but clueless, so the complaint may be ignored as a waste of time.

To identify the best e-mail addresses to complain to, look near the bottom of the output from OpenRBL. You should find a line that ends with [Whois & Abuse|SpamCop] like this:

Track "haw-66-102-130-156.vel.net" at [Whois & Abuse|SpamCop]

Click on [Whois & Abuse|SpamCop] to see which network is responsible for that IP address range. In this case (just above), the network is VEL.NET, and the appropriate complaint address(es) is(are) given.

Reporting With Abuse Net Addressing Service

If you are using the ABUSE.NET Spam Complaint e-mail forwarding service, you would just send this complaint to VEL.NET@Abuse.Net. To use the Abuse.net addressing service, you must first register by sending them an e-mail message and you must agree to follow their rules. Here is the page to find out more about this free addressing service:

How does the abuse.net mail forwarder work?

Reporting Spam Directly

Every Internet domain that sends or accepts e-mail must accept e-mail to postmaster@domain.name. Most Internet domains should also accept e-mail to abuse@domain.name.

If you want to send your complaint message directly, you can send complaints to abuse@ and/or postmaster@ at the network identified by the openrbl tool. In the example above, the default addresses to write to would be:

abuse@vel.net
postmaster@vel.net

To check, in advance, if abuse@ and postmaster@ do work, use the free tool here:

EmailDossier

or here:

Verify Email Addresses

If either the abuse@ and/or postmaster@ fail, be sure to save the evidence output until you nominate the rouge domain for listing at RFC-ignorant.org.

Trace Route

To identify the upstream pipeline suppliers for a spammer, trace the path to the spammer's e-mail server and the spamvertised Web page IP addresses using one or more of the NAP looking-glasses here:

Looking Glasses for Public NAPs

Pick one of the looking-glasses, then select trace. Fill in the spammers IP address, and press enter or go.

The closer they are to the source IP, the more likely that are involved in the SPAM, one way or another. Some big spammers have multiple upstream pipelines, so search by traceroute from several geographical directions to find all the suppliers. Then, complain to all the suppliers.

Other online trace route tools are available here:

Traceroute Network Test
Dreamhost Network Check
Openrbl Multi DNSBL Lookup
Network Tools
Hexillion Tools

If an IP address in the trace route report does not resolve to a host name, you can still use the openrbl tool (above) to identify the responsible network to complain to. Networks, especially spam-friendly and spammer-support networks, may deliberately fail to resolve their spam-supporting devices, so don't forget to check to see which network is responsible, and then report the spam to their upsteam supplier.

Be sure you understand traceroute before you use it to complain. Careful targeting of spam complaints is much more useful and more effective than a shotgun approach. Complaining more than two levels above the spammer is usually a mistake - and only indicates cluelessness and frustration.

For example:

If you identified 205.211.188.135 as a suspect IP address number for the bad e-mail server that sent you spam, or a Web site spamvertised in an unrequested e-mail message, then

The openrbl tool says:

Network: ARIN/CIVICH-ON-CA 205.211.184.0-205.211.191.255 @ogh.on.ca

So, complaining to abuse@ogh.on.ca might help. Or, register at Abuse.Net and just complain to ogh.on.ca@Abuse.Net. The Abuse.Net contacts database has other proven good abuse contact addresses - so your complaint will go directly to the right people.

Before you get too far down the spam-complaint road, it is very important to know that, generally, the people you are writing to also hate spam, and they are on your side. Please do not be short or rude with them out of your anger with spam. Be factual, be direct, and file a complete report so that they can act on your report.

The next four links give advice and even examples of sample spam reports, so your reports will be effective enough to nuke a spammer! Now you have the tools to really fight spam. Happy hunting!

Even More Anti-Spam Help

Spam Links - Reporting Spam
How To Complain About Spam
How do I report spam?
Exterminating Spam Step by Step - Really! Example Spam Reports
Spam Glossary
Spam Links
SpamFAQ.Net
geektools SPAMTools
Anti-Spam Resources: Halting the Junk E-Mail Juggernaut - Privacy Rights Clearinghouse - Identity Theft
IP Address Locator
Spam Slammer
How to "Can" Unwanted Email - USA Federal Trade Commission
Google Search news.admin.net-abuse.email
dr. Jørgen Mash's DNS database list checker
Declude DNS database list
Internet Fraud Watch - USA National Fraud Information Center
USA Secret Service 419 Advance Fee Fraud Advisory
Spam Watch
Donate Your Spam To Science
SpamCop - Basic spam-reporting service is free
Domain name registries around the world
DNS Digger
SPAM Laws
Abuse.Net


Contents
Spam is not from Immune.Com
Confirmation Is Required
The Boulder Pledge
How To Stop Spam
How To See Who Really Sent A Message
This Is Where You Are
Fake Headers
But Where Did This Junk Come From?
Black Hole Lookups
Reporting With Abuse Net Addressing Service
Reporting Spam Directly
Trace Route
Even More Anti-Spam Help


For more information, please contact: SpamSucks@Immune.Com
Owner: Ballew Kinnaman <kinnaman@Immune.Com>
Version 1.6
This page resides at http://www.Immune.Com/SpamNotFromImmune.Com.html
Copyright © 2003, Immune.Com, all rights reserved worldwide.