» How to Legally Fight Back Against Spam and Report it «

Fighting Back!

Page index

• Intro
  
  
• Fighting back and reporting works, really
  
  
• .  .  .  Reporting organisations such as Spamcop
  
  
• .  .  .  whois
  
  
• .  .  .  Black Hole lists
  
  
• ISP's and other companies I've reported Spammers to include...
  
  
• ISP's Responses and autoresponses
  
  

Recommended: Visit Spamlaws.com for the latest UCE laws in the US, Europe and others

Introduction

NOTE:   This is about peaceful and legitimate ways to fight back the tide!

It's about naming names and reporting Spammers to the FTC, to your own government agencies where appropriate, getting legal address and suing the beggers (to come) and, most importantly to having the Spammers ISP's disconnect their lines, even the domain Registrars will take action. Passing hard to move to another web host when your domain name is unassigned, deleted off the records.

Where appropriate, report them to companies. For instance, Microsoft, Symantec and McAfees are more than happy to get 'in your face legal' with Spammers and credit card scammers offering illegal copies of their products. Plus, in these cases, the FTC is on firm ground.

It's about making ISP's aware who there are, where they live. Basically, once a service provider boots a user off their system they should tell every other provider in the area. You will probably even be doing someone a favour - admins unaware of breach in security, home users completely unaware they have this worm or that and are sending out countless spam on behalf of some anonymous crook. ISP's are generally savvy enough to know the difference between a duped user and a Spammer.

A T3? A 2Mb/s DSL? Ha! I wouldn't even let Spammers have a mobile phone, let alone a domain!

Naturally, these type of people will move to a new office, use a friends cable modems, whatever it takes. But sooner or later, when all their friends have been disconnected; when the cost of moving office starts tooting up; when hiding from landlords, bailiffs and police chasing outstanding bills get to be a pain; then maybe then will give up. Often of course they will use every dirty trick available to hide their identity, but even then, it's more than possible to make their vile campaigns fall flat.

And I don't want any rubbish about 'lawful business' and 'freedom of speech'. A shovel is a shovel is a shovel. Dressing Spam up in the semblance of legality doesn't change the nature of the beast.


Deleting isn't the answer...
At present, as some of you are more than aware, it's frustrating, hugely time consuming, technically challenging at times and a ruddy minefield the rest of the time, but if more folk fought Spam, the problem would wither an die.   For instance, (Jan 2004) one clown used my domain to fake the address so I'd get all the bounces and complaints. In the last few days since I've so far had ISP's and registrars - here and in China - close eight of his domains.

You can just see your Grandma phoning:

Iain dear, this IP, use RIPE or ARIN ?
…
'K, I'll have the begger, so I will

Even getting the headers is beyond most users...

Ummm, why? I am forced to ask. More to the point,   …   Speechless.

If I ever sit down and dust off my programming skills I am darn sure I could write a plug-in for Outlook that, at the press on a button gets the headers and validates the senders in much the way SpamCop does. A second click forwards the lot to the ISP's, FTC and Registrars. And Microsoft, with it's multi-billion cashflow and rafts of PhD's can't do this why !?

Deleting? You've all ready got the message down. Half the time that's enough to tell a Spammer the address is live - or deliver a viral payload.
Filtering and Blocking? At bests that's playing for time.
Nope, we need Dummies Guide to 'Whack a Spam'
Short of someone writing such a Dummies... book Microsoft, and Co. needs to stop posturing and give the masses the email equivalent of an elephant gun.
Next time a sick UBE pops it's ugly head up, your old Nan, she's click's on her Outlook Express 12 bore, and blows it's ruddy head off!

ISP's the world over will choke at the idea, but at the end of the day, a million Silver Surfers reporting spam will kill it in weeks, eh!

- Paul


A few important layers... Actually, almost every article I have ever read misses these, even through specialists are fully aware of them.
I've only been seriously fighting Spam for a year, zealously so the past few months, and I've noticed a few nasty trends...

ISP's run by Spammers
Registrars (run by ISP's) run by Spammers

Enough to make your blood run cold, no. Spammers are, it appears, using their ill gotten gains to set up ISP's and even registrars.

Naturally, you get Spam and you complain to the ISP, who does nothing, but you get even more Spam.
Undeterred, you complain to the Registrar who, naturally, has the power to kill rogue domains.
And you get even more ruddy Spam.

Formally reporting the matter to the FTC as an official complaint generally has the desired off making them stop a while.

You can add these to our list...

1. Reporting Spam domains to the Registrar.
2. Reporting Spam friendly ISP's to their suppliers (ie MCI, AT&T)
3. Reporting Spam friendly Registrars to their assigning body (ICANN etc)
4. Officially and formally reporting the lot to the FTC.

Obviously I'm not talking here about the odd Spam for oriental medicine, but UBE campaigns lasting weeks and months across multiple domains etc.

Ackadia's new Anti-Spam Policy

Decided to improve my tactics...

From now on, such as time allows, I will report Spammers abusing my mail box to:

• ... where possible, the person being spoofed for them to take action
• ... the FTC
• ... their web host
• ... their Registrar
• If I see someone pop up too frequently, as appropriate I can, will, and in fact do report the matter to local, regional and international authorities and all concerned bodies and interested parties.
• If they really annoy me - like this lot behind the 'Blind Date' scam, I will concentrate on them to the exclusion of all others. Basically, I'll kick up such a stink that no Registrar or Host will want to risk them of their accounts...

Addenda October 2004:
This makes a difference, it really does, but Ackadia is a about more than Spam and frankly, when even your children noticed you are obsessing it's time to stop. So I filter it all out for peace of mind and to let me get on with other things. This section as a whole will, of course, remain reasonably current as my time allows.

Fighting back and reporting works, really:

Yahoo and email headers


Results!

I'll move this to a new area. I've responses from well over a 100 ISP's and registrars from all over the world. Some are extremely positive, others tell us exactly who is supporting Spammers, if only by inactivity. Oh yes, I will be naming names, Tucows and company!

Spammer / Advertiser : www.rxmoreusa.com : [ 68.157.173.136 ]

ISP has indicated spam will cease ISP resolved this issue sometime after Sat, 6 Dec 2003 12:26:56 UTC

Using last resort contacts mike.clark@guilfordcommunications.com

ISP has indicated spam will cease ISP resolved this issue sometime after Sun, 7 Dec 2003 22:30:29 UTC

www.omahasteaks.com (est 1917) is obviously so desperate for customers they have resorted to Spamming foreign nationals in the insane hope we will jump on a plane and fly to the States for steak. Idiots! This sort of practice becomes illegal in a fortnight.

Meanwhile, I'm going after these for harvesting my address....:
hostmynetworks.com leads me to 4igm.com, which is Future Vision Communication of Florida

ISP has indicated spam will cease ISP resolved this issue sometime after Sun, 21 Dec 2003 08:21:23 UTC

It appears even the Chinese ISP's are blocking spammers. Wonders will never cease!
Report routing for 218.5.76.184: abuse@xmidc.com.cn

ISP has indicated spam will cease ISP resolved this issue sometime after Thu, 8 Jan 2004 15:19:04 UTC

Rogers:

Thank you for your email. We have taken appropriate action with this subscriber under the terms and conditions of our End User agreement.

Netvision

Dear Sir/Ms,
We have contacted the responsible NetVision customer, and explained the severity of performing abuse.
Should you encounter further abuse from this or any other NetVision customer, please feel free to send your complaint to us, and we will take the appropriate action.

This may include, but is not limited to, warning the responsible account holder or discontinuing the account's membership with NetVision.

Always enclose previous letters when contacting us.

Regards,
Eran Rosen, NetVision Abuse Team, Omega Center, MATAM, Haifa 31905
The No.1 Israeli Internet & Intranet Services Provider

Reporting them

Reporting them - You can also report spammers via these organisations:

• Kelkea Anti-Spam service(Formerly Mail-abuse.org rbl)
  
  
• Abuse.net
  
  
• 
  
  

Whois

WHOIS :

• Apnic.net
  
  
• Arin.net's whois
  
  
• Domain White Pages
  This place rocks. Even gives the IP ranges to block
  
  
• Cyberabuse.org's whois
  
  
• Geektools' whois
  
  
• Network Solutions' whois
  
  
• OpenRBL.org - whois, and list of RBL's the domain is blocked by
  
  
• Ripe.net's whois
  
  
• Whois.biz
  
  

Blackhole lists

BlackHole lists

• www.njabl.org - DNSBL lists
  
  
• See also the links page
  
  

ISP's and other companies I've reported Spammers to include:

Here's a tiny selection of the ISP's and corporations I've reported Spammers to and, below that, a few replies to encourage you to report the beggers yourselves.

If Spammers feel the greed to abuse me, I feel the need to have their ISP kick them off the networks. Works for me


I use and other resources to get the real sender details, then:


I Report offers of pirate software to:

postmaster@autodesk.com - for 3D Max etc
postmaster@cakewalk.com
postmaster@macromedia.com
abuse@microsoft.com - falsified Microsoft letters - invariably a virus
piracy@microsoft.com - dodgy copies of Windows, Office etc etc
spamkiller@nai.com - McAfees pops up now and again.
spamwatch@symantec.com - fake copies of Norton Internet Suite is a favourite with Spammers

I report fraud to all involved parties, including:

spam@ebay.com
spoof@ebay.com
spoof@paypal.com
stop-spoofing@amazon.com.
mail-abuse@yahoo-inc.com (usually 419 fraud using Yahoo as a stop point)

NOTE:
As a parent the term "zero tolerance" doesn't begin to come close to when it applies to child exploitation Spam, or indeed adult UCE to my kids...

Federal Obscenity Statute:
18 U.S.C. 1470 - TRANSFER OF OBSCENE MATERIAL TO MINORS
It is a violation of criminal law for any person to knowingly or attempt to send or transfer obscene material to another individual who has not attained the age of 16 years.

• This Cyberangels link is useful
  
  
• Interpol use this address: [ children@interpol.int ]
  
  
• FBI
  
  
• Metropolitan Police
  
  
• National Center for Missing & Exploited Children (US)
  
  
• In Hope
  
  
• Contacting your local police: London, England
  
  

Generally Spammers and spoofers (and their advertisers) I report to the FTC and all ISP's and authorities involved, including …

This list rapidly passed 100 and 200 ISP's, registrars etc, so many do obviously take it seriously.

Response from the FTC to reporting a mail-bombing Spammer:

Thank you for visiting the FTC's web page and for using our NEW electronic Talk To Us form. Here's what happened to your information after you sent it to us:

One of our consumer counselors reviewed the information you sent us. If it was related to the FTC's law enforcement responsibilities, we entered it into our shared law enforcement data system. We share this data system with law enforcement agencies throughout the United States and Canada. Attached is your electronic response, which includes your reference number. Any enclosures can be found at www.FTC.GOV under the News Releases, Publications, Speeches option.

Information from consumers like you helps Federal, State and Local authorities investigate possible illegal practices and enforce our laws. Someone from the Federal Trade Commission or another law enforcement agency may contact you if they need additional information to help them in an investigation.

Thank you for using our Talk To Us form, and please continue to use the FTC's web page, www.ftc.gov, to get free information to help you avoid costly consumer problems.

ISP's Responses and autoresponses include:

• Cogneto
  
  
• Covad
  
  
• Domains by Proxy
  
  
• Dreamhost
  
  
• Fibertel S.A. (Argentina)
  
  
• Hanaro Telecom (South Korea)
  
  
• Hotmail - Long post!
  
  
• Info Avenue
  
  
• Outblaze
  
  
• Rogers Hi-Speed Internet
  
  
• Shaw High-Speed Internet Service (Canada)
  
  
• Symantec Corporation
  
  
• Sympatico - Bell
  
  
• Telus
  
  
• Videotron
  
  
• XO Communications
  
  

Cogneto

DO NOT SEND ATTACHMENTS
ADDITIONAL NOTES ON REPORTING INCIDENTS

To ensure your report will be investigated as quickly as possible please review the following guidelines and RESEND YOUR REPORT IF NECESSARY as reports lacking necessary information may NOT be investigated. We do not accept attachments please forward all log files, headers, etc within the body of your email.

>Reporting Spam (Unsolicited Commercial/Bulk Email)

>If you have received Spam from a Cogeco subscriber, please ensure that you have pasted the full message header along with the body of the message received within the body of your complaint. For information on extracting headers see http://home.cogeco.net/headers

>Reporting USENET Violations

When reporting a Usenet posting violation by a Cogeco subscriber, please ensure that you include the post in question with the full message header along with a working link to the charter/FAQ of the Usenet group in question. For information on extracting headers see http://home.cogeco.net/headers

>Reporting security violations

If you are reporting a security violation by a Cogeco subscriber, please ensure that you include only the relevant log entries that pertain to the offending IP address. Log entries must contain a time stamp, time zone, source IP address, protocol(TCP/UDP/ICMP) and any applicable ports involved.

---

PLEASE LIMIT YOUR COMPLAINT TO ONE OFFENDING IP ADDRESS PER SUBMISSION.

---

Cogeco is dedicated to ensuring that our service is used in a manner that is consistent with the policies set forth in its Terms of Service Agreement and Acceptable Use Policy, a copy of which can be found at http://www.cogeco.com/aup cogeco takes all reported abuse complaints seriously, and will handle them in accordance with the above policies in a timely and efficient manner. Should we require further information regarding your complaint, we will contact you.

Please note, the security department gives priority to investigating reports and although it is not always possible for us to provide a direct human response to your complaint, we do investigate *all* complaints. As such, please do not interpret a lack of response as a lack of action taken. If we find that a customer is in violation of our policies, we will take the action necessary to cease the activity in question.

Cogeco strongly recommends that all Internet users download and maintain an active and up to date anti-virus and/or intrusion detection program on their computer.

In the interests of your system security we are also providing additional security links that you may be interested in, please note these are not Cogeco promoted, endorsed or supported sites but merely an educational reference for you to learn about systems security

***Remember that virus scanners need to be updated with new virus signature files on a regular basis and Windows machines need to be updated on a regular basis.***

• Windows Update Site
  
  
• Tredmicro's Housecall might prove useful
  
  
• Free download of Ad-Aware which detects and removes spyware.
  
  
• For a free trial of The Cleaner which detects/removes trojans visit Moosoft.
  
  
• To perform a personal security port scan visit DSLReports.
  
  
• To test your email security visit GFI .
  
  
• To test your browser security visit: Qualys.
  
  
• Broadband Reports have a great spam FAQ.
  
  
• Wilders.Org is an all around great security site.
  

Covad

COVAD'S POLICY ON NETWORK ABUSE

We would like to thank you for bringing this matter to our attention. We take network abuse very seriously within the Covad domain, and we apologize for any inconvenience this has caused you. Due to the large number of complaints we receive, we may not provide any further response regarding this incident. However, Covad investigates each reported incident of abuse, and we will take all appropriate action to warn, suspend, and/or terminate a subscriber that has violated Covad's Acceptable Use Policy or Terms of Service.

Domains by Proxy

Dear Sir or Madam,

Thank you for contacting us regarding unwanted email that you received from intimate-travel.com

Our preliminary investigation reveals that we are providing our Private Registration service to this domain name. While Domains by Proxy is the company whose name appears in the WHOIS as the registrant of the domain name, we are not involved in the operation of the site, nor are we responsible for the mail you've received. For more information on our service, please visit Domains by Proxy

Because Domains by Proxy is neither a registrar nor a hosting/email provider, we are unable to affirmatively stop the mailing of which you complained. However, we will investigate your complaint and if we can determine that either spamming or some other abuse is/has taken place, we will cancel our service. Although Domains By Proxy is designed to protect personal identities, we will NOT allow someone to "hide" behind our services for the purpose of sending of spam or engaging in other forms of abuse. Such conduct is prohibited under the terms of our Domain Name Proxy Agreement and our Anti-Spam Policy.

We highly recommend that you also complain to the hosting provider of the offending domain; the hosting provider will in turn, lead you to who is providing the actual e-mailing services for the offending domain. You can determine the hosting provider by performing a WHOIS look-up on the offending domain and viewing its published domain name servers. You can then send your complaint to <hostingprovider@abuse.net>. Make sure you provide all relevant information in your email to the hosting provider, including complete original message headers. For more information on how to report spam complaints, please view www.abuse.net

Thank you for your submission.

Regards,

Domains By Proxy
Spam and Abuse Department

Dreamhost

Thanks. These people are on our radar - I've gotten one or two complaints in the last few days. Looks like typical 'affiliate' type spam; I don't feel comfortable taking the site down yet. However I will make sure that the affiliate(s) and links in question are disabled, and have let them know that if this type of spam continues, we will shut them down, whether or not the spam comes from affiliates.
-
William
DreamHost Abuse Team
abuse@dreamhost.com

Fibertel, S.A. (Argentina)

Dear Sir,

We are sending this reply in order to inform you that FiberTel S.A will be taking the appropiated warning actions due to this kind of behavior not supported by the Acceptable Use Policies ('AUP') that details the admitted and prohibited actions by our company for the use of its services and equipment.

We thank the valuable information submitted, as it is the main way to mantain the cordiability of the services' use.

If you want to know more about our acceptable use policies ('AUP'), please visit them at Fibertel S.A.

Thanks in advance and if you have any doubt do not hesitate to contact us,

Sebastián Pablo Iranek
Centro de Atención al Cliente
Grupo CableVisión

Telephone: 4778-6000
abuse@fibertel.com.ar

Hanaro Telecom, inc.

The spam mail that you reported us was received and processed.
Hanaro Telecom, Inc. warned those who transmitted spam mail contrary to the Article 50 of "Act on Protection of Information and Promotion of Information Communication Network" not to send spam mails any more. If a spammer doesn't stop sending spam mail, Hanaro Telecom, Inc. will report spam mail transmitter to the related authorities. In addition to looking into legal actions to compensate for the mental and physical damage.

[Related Provisions of Laws and Regulations]

- Article 50 of the Act on Protection of Information and Promotion of Information and Communication Network (Restriction on Transmission of Advertisement Information)
- g) Anyone cannot transmit the profit-based advertisement information contrary to the expressed opinion of a recipient not to receive such mails. - h) Those who want to transmit the profit-based advertisement information by e-mail under the regulation of the Article, they should indicate in such e-mails information on as in each of the following subparagraphs as specified by the enforcement regulation of the 'Information and Communication Act.

1. Purpose of transmission and main contents
2. Name and contact information of transmitter(or sender), etc.
3. Matters related to the opinion of denying further reception

For more information, please refer to the Antispam Policy of Hanaro Telecom, Inc on website.

Spam Admin nospam@hanaro.com

Hotmail

This is an auto-generated response designed to let you know that our system received your support inquiry and a Support Representative will review your question and respond to you soon. Please note that you will not receive a reply if you respond directly to this message.

IF YOU ARE NOT A HOTMAIL CUSTOMER AND ARE REPORTING ABUSE OR Spam FROM HOTMAIL:

Please note that we will need to see full message headers when you forward the offending mail to Hotmail. Full message headers are required for us to take any necessary action on the reported account. If you need help on how to view complete header information, please consult the Help associated with your e-mail program.

IF YOU ARE A HOTMAIL CUSTOMER:

While you are awaiting response from a Support Representative, here is some additional information about how you can help protect your account. We realize that this e-mail message is lengthy, but please read the entire message below because the answer to your question may be included.

Within this message is information on:

1. Limiting Junk E-mail ('spam')
2. Turning on the Junk Mail Filter
3. Reporting Abusive or Unwanted E-mail

We strictly enforce the MSN Website Terms of Use and Notices(TOU), which forbids e-mail abuse. We ask for your support to help Hotmail prevent unwanted, abusive, or fraudulent e-mail.

---

I. Limiting Junk E-mail ('spam')

Hotmail employs the following methods to help protect you against spam:

- We limit the number of individual recipients for each e-mail message.
- We don't allow numeric characters at the beginning of an e-mail address. Any Hotmail sign-in name beginning with a numeric character is a forgery.
- We include "X-[Originating-IP]: [xxx.xxx.xxx.xxx]" in the header of each e-mail message that Hotmail delivers. Any e-mail message without this entry in its full header didn't come from Hotmail.
- We use industry standard security technologies to help block our relay hosts from those who send spam.
- We take legal action against senders of unsolicited bulk e-mail who forge Hotmail addresses.

List brokers and individuals who send spam use many tools and techniques to gather e-mail addresses wherever they appear online. Here are some suggestions to help you reduce the amount of spam that you receive.

Do:
- Remove yourself from any unprotected member directory.
- Open another e-mail account that you can use as an address for newsgroup and listserve publications or for posting on bulletin boards.
- Use the "Block Sender" option in Hotmail to block the delivery of e-mail from a specific sender.
- Use the Junk Mail Filter feature of Hotmail to filter spam into your Junk Mail folder.

Don't:
- Use your primary account to post to an online service or any Internet bulletin board.
- Use your primary account to post in a Usenet newsgroup or mailing list.
- Spend time in chat rooms or an online service that displays your address of your primary account.
- Include yourself in an unprotected member directory of an online service (the Hotmail Member Directory helps protect you from spam because we do not display member addresses).
- Reply to unsolicited e-mail messages with a "remove" request because this only validates to the sender that your address is current.

---

II. Turning on the Junk Mail Filter

The Junk Mail filter protects you from unsolicited e-mail messages (also known as spam). Hotmail examines all incoming mail that you have not blocked or filtered. If it determines that the message is junk mail, Hotmail directs the message to the Junk Mail folder.

To set the Junk Mail Filter

1. Click the "Options" link on the upper-right side of the page.
   
   
2. On the left side of the page, click "Mail" and then click the "Junk E-mail Protection" link.
   
   
3. Click the "Junk E-Mail Filter" link.
   
   
4. Select "Default," "Enhanced," or "Exclusive" to enable the filter. See below for a description of what each level of filter does.
   
   
5. Click "OK" to save your settings or "Cancel" to return to the "Junk E-Mail Protection" page.
   

What is filtered at each level setting:

- Default vs. Enhanced. The Junk Mail Filter looks at a number of different clues in e-mail and tries to determine whether the message you received is junk mail. Setting the filter to "Enhanced" results in a stricter interpretation of what mail is valid than setting it to "Default." An "Enhanced" filter can result in more valid mail being filtered to the Junk E-Mail folder than you want, and you may need to check the folder from time to time to ensure that nothing you want has been defined as "junk." If you find valid mail in your Junk Mail folder, select the message and click the "Not Junk" button. - Exclusive: An "Exclusive" filter means that messages reach your Inbox only if they are from an address in your Contacts or safe list, service announcements from Hotmail, or e-mail that you have consented to receive from MSN. This uses encryption to help protect against junk mail. By setting your Junk Mail Filter to "Exclusive," you accept only e-mail from your friends. This is e-mail equivalent of "don't talk to strangers."

Remember to check your Junk Mail folder at regular intervals to ensure that the filter catches only the messages you want to delete. For example, mailing list mail and mail forwarded from another e-mail address may be filtered to the Junk Mail folder. To ensure that these e-mail messages go to your Inbox, create Hotmail filters or add the sender's address to the Safe List.

To add an address to your Safe List

1. Click the "Options" link on the upper-right side of the page.
   
   
2. On the left side of the page, click "Mail" and then click the "Junk E-mail Protection" link.
   
   
3. Click the "Add Senders to Safe List" link.
   
   
4. In the box at the left of the page, type the address or domain you want added to your Safe List.
   
   
5. Click the "Add >>" button to add the address or domain.
   
   
6. Click "OK" to save your settings or "Cancel" to return to the "Junk E-Mail Protection" page.
   

To add a sender to the Block Sender list

1. Click the "Options" link on the upper-right side of the page.
   
   
2. On the left side of the page, click "Mail" and then click the "Junk E-mail Protection" link.
   
   
3. Click the "Block Specific Senders" link.
   
   
4. In the box at the left of the page, type the address or domain you want added to your Block List.
   
   
5. Click the "Add >>" button to add the address or domain.
   
   
6. Click "OK" to save your settings or "Cancel" to return to the "Junk E-Mail Protection" page.
   

Note: Hotmail offers two additional ways to block senders. While you are reading a message, click the "Block" button in the toolbar. Or, while viewing the messages in your inbox, select the check box next to unwanted messages and click the "Block" button in the toolbar.

Hotmail also allows you to create Basic or Advanced custom filters. Basic custom filters allow you to filter incoming e-mail by subject or e-mail address. Advanced custom filters allow you to filter incoming e-mail by subject, e-mail address, sender name and the "To" or "Cc" lines.

To create a Basic custom filter

1. Click the "Options" link on the upper-right side of the page.
   
   
2. On the left side of the page, click "Mail" and then click the "Custom Filters" link.
   
   
3. On the "Custom Filters" page, click "Create New" to access the "Create Basic Filter" page.
   
   
4. Under "Step 1: Filter Criteria," select the filter criteria you want to apply to incoming e-mail. You can filter incoming e-mail by subject or the sender's e-mail address.
   
   
5. Under "Step 2: Folder," select a folder to which you want your messages delivered. You can also choose to delete incoming messages.
   
   
6. Click "OK" to save your settings.
   

To create an Advanced custom filter

1. Click the "Options" link on the upper-right side of the page.
   
   
2. On the left side of the page, click "Mail" and then click the "Custom Filters" link.
   
   
3. On the "Custom Filters" page, click "Create New" to access the "Create Basic Filter" page.
   
   
4. Click the "Advanced Filter" link above and to the right of the "Step 1: Filter Criteria" heading.
   
   
5. Under "Step 1: Filter Criteria," select an option from the first drop-down list. You can choose to filter incoming e-mail by subject, e-mail address, sender name and the "To" or "Cc" lines.
   
   
6. From the second drop-down list, choose either "Contains," "Does Not Contain," "Contains Word," "Starts With," "Ends With," or "Equals."
   

   - "Contains" searches for a specified word, partial word, or phrase (for example, the filter "Fred" finds all instances of "Fred," "Frederick," "Freddie," and so on).
   - "Does Not Contain" is the opposite of "Contains" (for example, the filter "Fred" finds all instances of anything other than "Fred" such as "Scarlett," "Rhett," and so on).
   - "Contains Word" searches for the exact word, not a partial word (for example, the filter "Fred" finds all instances of "Fred" not including "Frederick," "Freddie," and so on).
   - "Starts With" searches for a sentence or word that begins with the specified word or partial word (for example, the filter "FredTech@hot" finds all messages that contain "FredTech@hot," such as, "FredTech@hots.com," "FredTech@hotday.com," and so on).
   
   - "Ends With" searches for a sentence or word that ends with the specified word or partial word (for example, the filter "@aol.com" finds all messages that contain "@aol.com," such as "vleigh_gwtw@aol.com," "gablec_gwtw@aol.com," and so on).
   
   - "Equals" searches for the exact phrase (for example, the filter "Fred Smith" finds all instances of Fred Smith, but not "Smith, Fred," "Fred S. Smith," and so on).

   
   
7. In the third text box, type the string for which you want to search.
   
   
8. Under "Step 2: Folder," select a folder to which you want your messages delivered. You can also choose to delete incoming messages.
   
   
9. Click "OK" to save your settings.
   
   To apply newly created filters to e-mail currently in your "Inbox," on the "Custom Filters" page, click "Apply Filter(s) Now."
   

---

III. Reporting Abusive or Unwanted E-mail

Report e-mail abuse to MSN Hotmail

If you have received abusive, harassing, or threatening e-mail messages from an MSN Hotmail account, follow the steps below to report it. To report junk e-mail, please see the "Report junk e-mail to MSN Hotmail" section below.

1. Turn on full message headers. MSN Hotmail will need this information to identify the true origin of the abusive message you received:
   
   If you have an MSN Hotmail account. Click "Options" in the upper-right corner of any page. Click "Mail" on the left side, and then click "Mail display settings." Next to "Message headers," click "Full," and then click "OK."
   
   If you do not have an MSN Hotmail account, consult your e-mail program's online Help to determine how to view full message header information.
   
   
2. Forward a copy of the abusive message to: abuse@hotmail.com
   
   

Report junk e-mail to MSN Hotmail

If you have an MSN Hotmail account, follow the steps below to report junk e-mail:

1. Select the message in your Inbox you want to report as junk e-mail.
   
   
2. Click the "Junk" button, located on the toolbar of your Inbox.
   
   
3. Choose either to report the selected message, or to report the message and block future messages from its sender.
   
   

If you do not have an MSN Hotmail account, follow the steps below to report junk e-mail coming from an MSN Hotmail account:

1. Consult your e-mail program's online Help to determine how to view full message header information. MSN Hotmail will need this information to identify the true origin of the junk e-mail message you received.
   
   
2. If the message header contains an "X-Originating-IP" line, forward a complete copy of the message (including the full message header) to:   [ report_spam@hotmail.com. ]
   If there is no "X-Originating_IP" line, then the message header has been forged and is not from an MSN Hotmail account. Unfortunately, we are unable to take any action.
   

Viewing Full Message Headers in MSN Explorer:

1. From your Inbox, click the check box next to the message you want to view the full header information for. Do NOT open the message.
   
   
2. From the "View" menu, select Message Headers.
   
   
3. Click the "Details" tab and highlight and copy all the text in the "Internet Headers for this Message" window.
   
   
4. Open the e-mail in question and forward a complete copy of the message, including the full message header you copied at the beginning of your message, to:   [ abuse@msn.com ]
   

Viewing Full Message Headers in Outlook Express or Outlook:

1. On the unopened mail, place your cursor over the mail, right-click, and click "Options."
   
   
2. Under "Internet headers," copy the contents of the full header.
   
   
3. If you are reporting abuse (abusive, harassing or threatening e-mail you have received), open the e-mail in question and forward a complete copy of the message, including the full message header you copied at the beginning of your message, to: abuse@hotmail.com
   
   
4. If you are reporting junk e-mail, open the e-mail in question and forward a complete copy of the message, including the full message header you copied at the beginning of your message, to: report_spam@hotmail.com
   

You can keep up to date with the fight against spam at:   www.cauce.org

Remember that MSN Hotmail also has comprehensive online help available--just click "Help" in the upper right corner.

Info Avenue

Info Avenue does not permit abusive Internet activity. If we determine that one of our users is involved in abuse, the Internet account will be subject to termination. You may view our Acceptable Use Policy by visiting [ www.infoave.net/acceptable_use.html ].

Outblaze

Hi

This account was earlier terminated for a violation of our AUP.

Any further spam you see apparently from this account is forged and does not originate on our network.

Outblaze is one of the largest providers of webmail services in the world. As a responsible ISP, we hate spam, and we do not allow our network to be abused by spammers.

Our acceptable use policy can be found at www.outblaze.com/antispam/

Thank you for reporting this incident. Please feel free to report further incidents of abuse originating from our users to us at abuse@outblaze.com

We encourage you to use www.spamcop.net to send out automated spam complaints, if you face difficulties complaining manually to each spam you receive.

Rogers Hi-Speed Internet

*IMPORTANT INFORMATION*

Thank you for your email. We have taken appropriate action with this subscriber under the terms and conditions of our End User agreement.

Rogers strictly enforces abuses against their End User Agreement and customers who abuse the network risk having their service terminated. Should you encounter any further Internet Abuse originating within the Rogers network, please do not hesitate to contact us again at abuse@rogers.com. To better serve you we would appreciate it if you could include the offending IP in the subject line of your email.

Sincerely,

EUA Management Team
Rogers Hi-Speed Internet

www.rogershelp.com/help/content/knowledge/rogers_docs/

This is in response to your email: …

Shaw High-Speed Internet Service

Thank you for your information regarding the alleged violation of Shaw High-Speed Internet Acceptable Use Policy.

Based on the information provided, we have identified the offending computer and will take appropriate action(s).

These actions may be:

- Issue a warning by email indicating a complaint has been registered
- Issue a warning that service may be suspended if activity continues
- Suspend or terminate Shaw High-Speed Internet connection to customer

If your message is in regard to any threat of violence, bodily harm, or other danger, please contact your local Law Enforcement Authorities immediately! If you feel this case also consists of illegal activity, we encourage you to issue a formal complaint with your local Law Enforcement Authorities. If warranted, Shaw High-Speed Internet will cooperate fully with the Law Enforcement Authorities involved.

Our AUP can be located at secure.shaw.ca/policy/Use-Policy.asp for reference.

Acceptable Use Policy Management Team
Shaw High-Speed Internet Service
Shaw Cablesystems G.P.
2400 - 32nd Avenue N.E.
Calgary, Alberta, T2E 9A7
Telephone: (403)750-7420
Facsimile: (403)539-6831
mailto:internet.abuse@sjrb.ca (JKL)

Symantec

Thank you for taking the time to alert us about the Spam (unsolicited e-mail) you received. Please be advised that the e-mail you forwarded to us is not affiliated with Symantec or any approved Symantec partner and has been sent without Symantec's knowledge or consent. This e-mail may very well be offering counterfeit and/or pirated software or may be a credit card scam.

Spams offering deeply discounted Norton or Symantec brand products are highly suspicious and are investigated by Symantec. If you continue to receive e-mails offering Symantec software at deeply discounted prices and/or if the offers say that the software will arrive in anything other than Symantec's standard yellow boxes, the offer may very well be illegal in nature.

In response to these e-mails and the organizations/individuals behind them, Symantec has developed a task force to investigate the e-mails and put a stop to their proliferation, including initiating criminal and civil action as appropriate. We ask you for your assistance in helping us put a stop to this practice by continuing to forward any similar e-mails to our task force at SpamWatch@symantec.com, so that we can investigate who is sending the e-mails and attempt to stop them. We rely on reports from individuals such as you, employees and contacts throughout the hi-tech industry about Spams such as this.

If you have purchased software purported to be a Symantec software product through any of these Spam offers, we would appreciate it if you would send us the disc you received together with the sleeve, the envelope it was mailed to you in and any packaging, invoices, e-mails, order forms and proof of payment or other documentation you have relating to this purchase. We will then examine the product to determine if it is counterfeit or authentic.
Please send these materials to:

Manager,
Brand Protection,
Symantec Corporation,
20330 Stevens Creek Blvd.,
Cupertino, CA 95014.
USA

Lastly, we also advise you not to respond to these e-mails, as any response only confirms the accuracy of your e-mail address, resulting in even more messages filling up your In Box.

Even though we do not authorize them, we apologize for any inconvenience these e-mails have caused you and pledge to you that we are doing our best to put a stop to them. For more information please go to www.symantec.com and visit our SpamWatch Response Center at www.symantec.com/spamwatch/ to learn more about Spam and piracy, including the warning signs and tips to help you protect your privacy and avoid Spam and credit card fraud scams. If you have concerns about a product you have ordered from a Spam offer (including nondelivery of product) using your credit card, you may also wish to contact your credit card institution to see what remedies may be available to you. You may also wish to read Business Week's article entitled "Software Scams on Internet Time" to learn more about our efforts to combat Spam and the proliferation of pirated and counterfeit Symantec software at www.businessweek.com/magazine/content/02_39/b3801035.htm

Thank you again.

Chad Sharpe
Internet Security Investigator

Symantec Corporation

Bell Sympatico.ca

Dear Paul,

Thank you for your recent message regarding Bell Sympatico Internet Service. You can expect a response from a Sympatico Member Services representative shortly.

Please review the following information on Internet abuse related issues.

Please note, that in order to investigate an abuse related investigation all senders must include all relevant logs or header information of the email received as well as a short description of the incident.

(1) For information on obtaining email headers, follow this link:  www1.sympatico.ca/help/local/bell/contactabuse/spamdeep.html

All complaints are taken seriously, should we receive a high volume of mail or that the issue has previously been addressed, we may not be able to respond individually to each message received. We investigate each case fully, once the investigation is complete, action in accordance with our policies will be taken against the offending account. Please understand that due to certain privacy concerns and legal restrictions, we cannot share with you the outcome of our investigation or the specific steps we take to address your concerns.

1.Spam complaints
If you are reporting "spam", we require full headers of the email, (1) to investigate the complaint. We can only assist/investigate with spam that originates from the Sympatico network.

2.Hacking Complaints:
If you are reporting "hacking" attempts such as scans/probes that your firewall has detected, we will need the log files of your firewall program that indicate originating IP address, date and time in GMT format and the type of scan/probe. Please only provide logfiles that originate from the Bell Sympatico network. For more information on firewall programs and general network security, please follow this link:   www1.sympatico.ca/help/local/bell/contactabuse/hackdeep.html

3.Virus Complaints:
Every effort will be made to notify customers if we identify that they are transmitting computer virus (es). If you have received a virus via email from a Bell Sympatico customer, we require the complete email header (1). For additional information on virus and anti-virus software, please follow this link:   www1.sympatico.ca/help/local/bell/contactabuse/blurb4.html

For questions relating to Internet security please visit the Sympatico Abuse website:   abuse.sympatico.ca/

As Bell Sympatico does not allow any abuse of our Acceptable Use Policies, and we maintain a "zero tolerance" policy towards spam and network abuse of any kind. You are strongly encouraged to review our Acceptable Use Policy that is available at the following Web page:   www1.sympatico.ca:80/help/local/bell/aup.bell.html

AUTO REPLY - Please do not respond.

Thank you for contacting the Sympatico Internet Abuse team.

Telus

Hi

Hello,

Thank you for your information regarding the alleged violation of TELUS Internet Service's Acceptable Use Policy.

We have investigated your complaint and have taken action.

If you feel this case also consists of illegal activity, we encourage you to issue a formal complaint with your local Law Enforcement Agency. If warranted, TELUS Internet Services will cooperate fully with the Law Enforcement Authorities involved.

Sincerely,

Karen
Abuse Team
TELUS Internet Services

• abuse@telus.com
  
  
• {Now MyTelus.com
  
  

Hello, (again)

Thank you for your information regarding the alleged violation of TELUS Internet Services Acceptable Use Policy.

Based on the information provided, we have completed our investigation and issued one of three responses.

1) an email warning by email indicating complaint has been registered
2) a verbal warning that service may be suspended if activity continues
3) suspension of TELUS Internet Service to customer
We are unable to disclose which action was taken due to privacy rules. If you have any further issues with TELUS IP addresses, please send the most recent header or logs detailing the activity so we may take further action.

Sincerely,

Karen

Videotron

Thanks for reporting abuse. For all complaints regarding spam, viruses, electronic harassing, hacking attempts or else, you might get faster service if you fill the form available at the following address: www.videotron.com/services/en/abuse.jsp.  

Complaints sent through this web form, against users using our Internet services use a system permitting faster and more efficient processing..

XO Communications

XO Communications Network Investigations Team  :  abuse@xo.com

Your message will be reviewed and resolved according to XO's Terms of Service & Acceptable Use Policies. XO Communications customer accounts that fail to abide by the Terms of Service may be fined, terminated, or both.
[ www.xo.com/legal/statement.html ]

[ support.xo.com/abuse ]