SPAM

SPAM

This document is intended as a guide for Green River College students and faculty to help them in dealing with unwanted spam. Others are welcome to use this document as a reference, but some particular comments may be specific to within Green River College.

If, after reading this document, you have identified the source of a virus or spam email as originating from the GRC address space, please forward it (with the intact headers, as described below) to abuse@greenriver.edu

Spam Related Links

EXPLANATION OF PROCESS

The following is a simple summary of the process to follow when sending a spam complaint. The first thing you should do is determine the actual origin of the spam, the second thing you should do is to find out where to send your complaint to based on that information, and lastly of course, email the complaint.

SAMPLE COMPLAINT

The following message is an example of a spam complaint that could be sent for the sample spam below:

SAMPLE COMPLAINT

 

SPAM SAMPLES

Below is an actual piece of spam that has been anonymized for protection of the user it was sent to.

SPAM SAMPLES

Note that to even see a message like this, it’s necessary to view the full headers for an email. Instructions for finding the full message headers in some of the most common mail programs are below.

 

Office 365
  1. Select the message you want to see message headers for.
  2. From the More Actions… button, click View Message Details.
  3. The full headers will be displayed in a new window.
Mozilla Thunderbird
  • Select the message you want to see message headers for.
  • Go to the View menu and select Message Source.
  • The full headers will be displayed in a new window.
Outlook 2011 (Mac OSX)
  • Select the message you want to see message headers for.
  • Right-click on the message and select View Source.
  • Find the full headers under Internet Mail Headers.
Outlook 2010
  • Select the message you want to see message headers for.
  • Open the email in a new window by double-clicking it.
  • From the File menu choose Info, then
  • Find the full headers under Internet Headers.
Outlook 2007
  • Select the message you want to see message headers for.
  • Open the email in a new window by double-clicking it.
  • Click the expansion button in the lower right corner of the Options toolbar box. (The box by default holds the Follow Up and Mark as Unread buttons).
  • Find the full headers under Internet Headers.
Outlook 2000, 2002, 2003
  • Select the message you want to see message headers for.
  • Open the message in a new window by double-clicking it.
  • Go to the View menu and select
  • Find the full headers under Internet Headers.
Outlook Express
  • Select the message you want to see message headers for.
  • Right-click the message and select Properties.
  • Open the Details tab in the dialog box.
  • The full headers will appear in the dialog box.
Apple Mail
  • Select the message you want to see message headers for.
  • Go to the View menu and select Message and then Long Headers.
  • The full headers will appear in the dialog box.

PROCESS

Now that we’ve got the full source of a spam message that was sent to us, let’s look at it to try and figure out where email originated from and see how we can alert the system administrator of the spam.

Note that the first three lines of the above source show the path the email took. In some messages, multiple hops will be made, but they will almost always be composed of three-line blocks such as this. In those cases, you will want to go to the last block on the list to find the first email server that received the message. See the below examples for more on this.

Notice that the message claims that:

Notice

Meaning a machine named leo who claimed to be pomuhn02193.netvigator.com with an IP address of 208.151.78.193 sent a message through nersp.nerdc.greenriver.edu to the user on Wed, 25 Apr 2001. The machine name is configured by the user so we can’t trust that, and the name pomuhn02193.netvigator.com can be faked easily, but it’s harder to fake the IP address. So, 208.151.78.193 is our first bit of information that will lead us to our spam report.

Now it’s time for us to find out where to send our complaint based on the IP. Our first stop is https://www.whois.com/whois where you will search for that IP address. When the results are displayed, scroll down through the listing and you should find contact information for reporting abuse. It will look something like:

reporting abuse

ADDITIONAL EXAMPLES

Here are some additional examples to demonstrate how to locate the correct source IP from an email. Note that even the source IP on the first connection can be spoofed, however, it requires an insecure mail server to send through to do that, and, in that case, often going to the second server the mail was sent to and complaining that their mail server is misconfigured can be a positive step to take.

EMAIL #1

EMAIL #1

The source IP appears to be: 12.18.100.217

EMAIL #2

EMAIL #2

As this shows, many spam messages are in a foreign language. The source IP appears to be: 212.15.118.43