Forgot your password?
typodupeerror
Spam

Is There Any Reason to Report Spammers to ISPs? 117

Posted by Cliff
from the does-it-do-any-good dept.
marko_ramius asks: "For years I've been a good netizen and reported spam that I get to the appropriate contacts at various ISPs. In the entire time that I've done this I've gotten (maybe) 5 or 6 responses from those ISPs informing me that they have taken action against the spammer. In recent years however, I haven't gotten any responses. Are the ISP's so overwhelmed with abuse reports that they aren't able to respond to the spam reports? Do they even bother acting on said reports? Is there any real reason to report spammers?"
This discussion has been archived. No new comments can be posted.

Is There Any Reason to Report Spammers to ISPs?

Comments Filter:
  • Yes (Score:5, Informative)

    by YGingras (605709) <ygingras@ygingras.net> on Sunday April 29, 2007 @02:52AM (#18916697) Homepage
    ... but it's rarely worth the effort. Just repport to your favorite real time block list and we'll thank you.
    • Re: (Score:1, Interesting)

      One big reason these days ISPs don't look seriously much into such "tip" about spammers is that, they end up troubling naive users. Remember for the past 5-6 years, spammers use Spam Bot to send spams. The international rates for an ad ware/spy ware victim computer is even $10 (ie., you can command a computer to send spam for $10). If you are an average Joe six pack, I m sure you would have been attacked by spy ware several times. Your system in most such cases would be a spam transmitter, doing the rudi
      • Re: (Score:3, Interesting)

        by walt-sjc (145127)
        Simple. Pass a law that says that those people are "a danger to national security" and REQUIRE that ISPs take them offline until the problem has been corrected. If they are running a spambot, most likely they are also on someone's DDOS / portscanning network too. Allow (require?) the ISP to charge a service fee for reconnection and verification that their machine is no longer vulnerable (penetration testing.)
    • by slarrg (931336) on Sunday April 29, 2007 @05:02AM (#18917195)
      Every time a spammer sends an email to your computer its electrons collect in your inbox. If you don't send another email out those electrons will build-up and short out your machine. Send a report, containing these electrons, to the ISP so they can properly purge the excess electrons and allow other internet users to use them.
      • by YGingras (605709)
        I usually keep a few torrent seeds up just to be sure that I use all those excess electrons. Why upload boring emails when you can upload pr0n^W ubuntu isos?
    • the clueless admins at Charter have their outbound spam filters set so it is next to impossible to report spam. When attempting to forward a spam to the originating ISP, Charter will bounce it back as if the report itself were spam. Even trying to forward the bounced report to Charter results in a bounce. A direct email resulted in no response. Of course, since Charter also blocks outbound port 25 (smtp), I have no choice but to send through their misconfigured relay agent.
      • by tepples (727027)

        When attempting to forward a spam to the originating ISP, Charter will bounce it back as if the report itself were spam. Even trying to forward the bounced report to Charter results in a bounce.
        Have you tried putting the .eml files in a zip file, uploading the zip file to web hosting, and reporting the spam by sending the URL of the zip file?
  • by TheSkyIsPurple (901118) on Sunday April 29, 2007 @03:05AM (#18916759)
    I've worked for a very large ISP, and we never responded to them, but we took action on every single report.

    Often, just counting against a mailhost for eventual blockage and upline reporting... but it helped block spam from other people (and more spam to yourself) at the least.
    • by killa62 (828317)
      Smaller isps take action also.
      I was running an open proxy and forgot to turn off smtp

      they sent me an email a day later

      Greetings,

      We have recently received a report of unsolicited emails originating from your Speakeasy circuit, which is in
      violation of our Acceptable Use Policy. The computer in question is at the following IP address:

      xxx.xxx.xxx.xxx

      A copy of the original spam is included at the bottom of this mail.

      Due to the subject and content of these unsolicited emails, we believe the computer at this IP ad
    • I had an ISP in Texas (EV1, I think) tell me that they were taking action on my report, but due to privacy concerns they couldn't tell me what action was being taken.
  • yep (Score:4, Insightful)

    by gregm (61553) on Sunday April 29, 2007 @03:07AM (#18916767)
    If nothing else just report the spammers to irritate your ISP. If enough of us eat up our ISP's time complaining, those spammer clients of their's will seem less valuable. Also as was said before, please for the love of god report them to the block lists.
    • Re:yep (Score:4, Insightful)

      by Secrity (742221) on Sunday April 29, 2007 @05:13AM (#18917237)
      PROPERLY reporting spam to the PROPER ISP is not a problem and is productive. The problems are when idiots report spam to the wrong ISP and when abusive comments are added to spam reports. For spam email it is only necessary to forward the spam email with FULL headers, and with a SHORT explanation (such as "abc.com" is on your network") if the headers do not indicate why the report is being sent to a particular ISP.

      I provided tier 3 abuse support to a large ISP and set up the abuse desk for the now defunct dialup offering of the ISP, my advice to the abuse desk people was to shitcan any abuse report that contained contained abusive comments added by the person reporting the spam. Adding abusive comments is not reporting abuse, it IS abuse.
      • I ... set up the abuse desk for the now defunct dialup offering of the ISP
        Followed by

        my advice to the abuse desk people was to shitcan any abuse report
        Cause and effect?
        • by Secrity (742221)
          Your quote is taken out of context. Actually, no; it has to do with the fact that broadband has taken over the former dialup market. BTW, the ISP DOES take spam reports very seriously, as long as the sender isn't abusive in the reporting.
          • by pla (258480)
            BTW, the ISP DOES take spam reports very seriously, as long as the sender isn't abusive in the reporting.

            Why should any editorializing in the spam report matter, as long as you have the info you need?

            Like it or not, most of the sheep view spam as the fault of their ISP, not some open Israeli relay (once upon a time I would have said "Russian" or "Taiwanese", but the bulk of what I get nowadays has a ".il" (intermediate) source)

            Let 'em vent. We all know your staff doesn't "deserve" it, but people rea
            • Why should any editorializing in the spam report matter, as long as you have the info you need?
              Why should you be nice to the clerk handing you your Happy Meal? A) Because it is the karmic thing to do, and B) so they don't spit in your burger before handing it to you.
            • by Secrity (742221)
              Non abusive editorializing is harmless and is ignored. In the case of abusive editorializing the purpose of the abuse desk (and the abuse@ address) is to process abuse reports, they are not there to be abused.

              At least 80% of the time the report was sent it to the wrong ISP (usually due to forged headers). When it appears that the report was sent to the wrong ISP, a reply is sent asking the sender why they believe that they sent it to the correct ISP (the sender could be right). In many cases the per
    • If enough of us eat up our ISP's time complaining, those spammer clients of their's will seem less valuable.
      ...unless they use more powerful tools internally to filter out spam complaints.

      - RG>
  • by Peter Cooper (660482) * on Sunday April 29, 2007 @03:11AM (#18916789) Homepage Journal
    The sad thing is that most people who report spam are the idiots of the Internet who don't understand things like joe-jobbing, etc, and assume that because it says "jkrwejkrweq@yourdomain.com" in the From field, it's not necessarily anything to do with "yourdomain.com". SPF is, supposedly, a solution to this but the penetration seems pretty low. Certainly in my experience it's not usually Hotmail or Gmail customers who send the all-caps "STOP SENDING ME E-MAIL" to joe-job victims, but people on various .com domain names most likely hosted at hundreds of different budget web hosts who have poor anti-spam tools (or none at all).
    • > The sad thing is that most people who report spam are the idiots of the Internet who don't understand things like joe-jobbing, etc

      How is this a sad thing?

      As long as the reports go to someone who is smart enough to understand those things, the reports can help.

      The only downside I can think of is that they may believe that AOL is actually sending out these messages, and AOL is a bad company to deal with... I can see how that's sad for AOL, but I didn't realize there were alot of AOL supported on slashdo
      • Re: (Score:3, Informative)

        by Mister J (113414)

        As long as the reports go to someone who is smart enough to understand those things, the reports can help.

        If they go to the wrong person, all that serves to do is annoy someone who has absolutely nothing to do with the spam and can't do anything to fix it. Such emails are usually the most inflammatory, so hackles are already up before you waste time verifying that the original spam was indeed nothing to do with us. Plus, like the boy who cried wolf, every one of these makes you that little bit less inclin

        • by paitre (32242)
          Exactly.
          When I ran the abuse desk at Alabanza (google it, I did my job, and the community loves me to this day for it), abusive complaints ("Why the fuck won't you do anything about your fucking spammers?!") were automatically round-filed. POLITE complaints received action.

          I very rarely personally replied to a complainant. Usually the ones I -did- reply to were people I either knew, or who were common complainants that I saw a couple from a day. Everyone got my auto-responder. I also posted in NANAE, and pa
    • by Deorus (811828)
      > SPF is, supposedly, a solution to this but the penetration seems pretty low.

      SPF is part of Microsoft's SenderID patent and its license is incompatible with the GPL [imc.org], therefore I will personally never republish an SPF record again.
    • Then you have Gmail, which doesn't bother to include an originating IP address for the e-mail which comes out of its depths. How is a discerning netizen supposed to properly investigate when the one piece of originating information is no longer included? Even spam which hops through several intermediate pwn'd machines can at least be tracked back to the closest pwned system by looking at the IP addresses.

      The post office doesn't place a generic zip code stamp over return addresses--why does Gmail?
  • Please continue! (Score:5, Informative)

    by J. T. MacLeod (111094) on Sunday April 29, 2007 @03:32AM (#18916891)
    I work for a regional ISP.

    We frequently receive notifications of spam email as well as virus-laden email that has originated from our network. We only respond to the sender if they request that we do (and even then, if it's not necessary and the request isn't polite, we may not).

    That means we almost never send a reply to the person who notified us. However, we DO take care of every single notification we receive. If we aren't able to immediately contact the customer and fix the issue (generally a home user with a virus doing the spamming), then we either shut off their service or, more frequently, block outgoing connections from their IP to port 25 anywhere.

    Please don't let the silence discourage you. We're hard at work and appreciate the notices that help us keep our networks and services running smoothly for our customers.
    • by mqduck (232646)

      Please don't let the silence discourage you. We're hard at work and appreciate the notices that help us keep our networks and services running smoothly for our customers.


      Here's a thought: Might giving some sort of reply, even a thank-you form letter, not keep people like Mr. marko_ramius from being discouraged? Maybe that's something you and your ilk should consider.

      (P.S. there was no hostility in the above)
    • by hadaso (798794)
      The most interesting facts are in the end of this post. Keep reading...

      I am reporting some of the spam I get, but not most of it. Mainly spam sent by advertisers in my country. Some of it is sent by spammers that tend to use the same ISP and I don't see that the ISPs are doing anything against these spammers. I use SpamCop to report, both because its easier for me, and because I believe it is better service to the receiving abuse desk that gets a reliable report. This is one thing I would like to hear more
  • Many ISPs have a policy not to notify you what they have done and some are not allowed by law (data protection and privacy legislations). So the lack of responce does not mean a thing. Personally I would have preferred that all hook it up into their ticketing system so users get a reply, but some of them still run ticketing on primitive crap that does not have an Email interface (like one well known "best ISP for 200X" in the UK).
  • Not at all! (Score:5, Interesting)

    by VincenzoRomano (881055) on Sunday April 29, 2007 @04:07AM (#18917003) Homepage Journal
    Spammers run their own MTA or MTAs other than those by the ISP.
    Provided that there is a clear proof (and not just someone's report) that a customer is a spammer, they would have two options:
    1. filter out their outgoing SMTP traffic or
    2. shutting down the link

    Spammers then would probably change ISP in a snap.
    The real (technical) point should be: why spammers do exist? One answer could be "because SMTP has not been designed to cope with authentication and authorisation."
    Maybe it's important to look at problems from the correct perspective.
    • by Kjella (173770)
      The real (technical) point should be: why spammers do exist? One answer could be "because SMTP has not been designed to cope with authentication and authorisation." Maybe it's important to look at problems from the correct perspective.

      Well, it might be part of a solution but it's nowhere near it. Even if I had perfect verification that this was sent from $foo LLC., Pacific Islands somewhere, what good would it do? Taking them to the local court would do exactly nothing, whereas any loser with a credit card
    • by walt-sjc (145127)
      because SMTP has not been designed to cope with authentication and authorization.

      That is true, which is why back in 1998 ago they came up with the MSA port (RFC 2476.) There is no need for ANY MUA to use port 25 anymore. ISP's should be blocking port 25 for everyone except mail servers or others that have used the ISP's tool to request that port 25 be open for outbound.
      • Re: (Score:3, Interesting)

        by tepples (727027)

        There is no need for ANY MUA to use port 25 anymore. ISP's should be blocking port 25 for everyone except mail servers or others that have used the ISP's tool to request that port 25 be open for outbound.

        So what should a residential user do if the only ISP in town that offers anywhere the bandwidth he wants (that is, it's this or dial-up) has an unreliable MSA? Should all customers in that town have to subscribe both to Internet access (with a bundled unreliable MSA) and a third-party smarthost?

    • by asninn (1071320)

      The real (technical) point should be: why spammers do exist? One answer could be "because SMTP has not been designed to cope with authentication and authorisation." Maybe it's important to look at problems from the correct perspective.

      Indeed it would be, but your perspective isn't the correct one: what you're saying is essentially the same as "murder happens because guns don't include technology that makes it impossible to kill people with them", or "harassment exists because letters/phone calls/... ar

  • by crossmr (957846)
    My friend works for a local ISP here in town. He was telling me about their system, which will automatically shut people down. If they send a certain number of e-mails in a certain period, a flag goes on their account and their access to the mail server is blocked for 24 hours (the first time).
    When their access is restored, if it continues to happen they get longer and longer blocks. He told me a story about a woman who called in who just didn't seem to understand this concept and her access was currently b
    • by WGR (32993)
      So you are the kind of ISP that prevents people from creating an email list for their Little League team. What you describe is deliberate crippling og service for your customers becuase you are too lazy to find out if the messages sent are legitimate or not.
      • by crossmr (957846)
        I don't work for, or use the ISP.
        Nor do I know what the exact threshold for triggering this system, nor is my friend likely allowed to tell me, he did describe it as taking "quite a bit".
        I doubt this triggers at 50 or 100 e-mails. His description indicated it was something like 1000, and people can contact the ISP if they need to legitimately send more than that at once to have an exception made in their file.
        The vast majority of people out there don't need to regularly fire off 1000 e-mail everyday.

        Next ti
        • by dman123 (115218)
          Speaking as one of those "Little League" list admins, I sent out 4 emails at 80 people a pop, then some others to smaller lists of people, then got banned for 24 hours because of a (previously unknown) cap at 400. in addition to this, I do have a transmit limit of x GB/month, but that's fairly high. So yes, WGR's knee may have blamed the wrong person (you, instead of your friend), but it was not a jerk. Your story about a limit was for surely for recipients, not emails... Yes, 400 emails is on the excessive
          • by crossmr (957846)
            He specifically told me that customers can have exceptions put on their accounts if its for legitimate use, they just have to call the ISP and tell them.
            Why?
            Because in this case the lady wasn't sending legitimate e-mails and it did exactly what it was supposed to. Her computer had become part of a spam sending bot-net through her own ignorance, she only noticed some time later when she went to send an e-mail and was rejected. The average person probably only sends at most a few dozen e-mails a day (under 10
  • I work for a small national ISP. We always take action on spam reports (we hate spam as much as you do, probably more...), but almost never respond to the people who make the reports. There are only two of us, and we're very busy -- and I doubt the people who are complaining about no response are going to look any more favorably on an automatic response.

    Please though, keep reporting. It helps us weed out the spammers we haven't caught by other means.

    Sometimes we just don't get enough information to take act
    • by AlHunt (982887)
      >and I doubt the people who are complaining about no response are going to look any more favorably on an automatic response.

      Sure they would - at least it's an acknowledgment. Send the auto reply.

      Personally, I use a whitelisted acct for people I really want to hear from. The rest I let yahoo or hotmail filter out the spam and change the address if it starts to get spammy.

      • It's not an acknowledgement, is no more of an automatic response than the lack of a bounce message. There's no indication or guarantee that anyone actually looked at the email.

        I appreciate the reports, I just don't have time to thank and follow up with everyone who does it.


      • Greetings,

        The situation you have brought to our attention has been investigated
        and treated by a member of our staff. We have enforced our
        AUP(Acceptable Use Policy) against the offending account.

        Sympatico always enforces a strong anti-abuse policy; customers who
        abuse the network risk having their service terminated. Should you
        encounter any Internet Abuse originating within the Sympatico network,
        please do not hesitate to contact us again at abuse@sympatico.ca.

        Regards,

        Steve
        Internet Security Analyst
        Bell Interne
  • Keep reporting (Score:2, Informative)

    by azander (786903)
    Greetings,
    Please keep reporting. I handle the abuse complaints for a regional ISP. We have never had an actual spammer on our network, but the reports have helped us clean up some very badly infested machines of our users. Since I receive about 50 of these complaints a week, with maybe 1 in 1000 being from our IP space, I have to agree that it is frustrating when people report to me, but the only mention of my IP or domain space is an obviously forged header. At least it is obvious to any
  • Please Report Spam (Score:3, Informative)

    by giafly (926567) on Sunday April 29, 2007 @10:39AM (#18918579)
    Does the spam look legitimate?
    • Yes - please report it. I work for a large email company and we always act on spam complaints, to ourselves or to our ISP. I hate spammers too, because they are not why we wrote the system and they cost us money, so we'll kick them out.
    • No - e.g image spam - why bother? It's probably from an illegal botnet, criminals are not noted for customer service, and any server will be on a short-term contract.
    • by WGR (32993)

      There is a sourceforge project called spam-abuse [sourceforge.net] that analyzes spam to find the abuse address of the ISP that is on Received line just before your MTA. It then composes a polite reuqest to the ISP about the spam and sends the request plus the email source to the ISP.

      I have been using it for about a year to complain about most of my spam and I get about a 10% response rate, with some ISPs much better than others. Smaller ISPs seem to be the best, since it really costs them in bandwith, while the bigger

  • by Tinfoil (109794) on Sunday April 29, 2007 @10:45AM (#18918611) Homepage Journal
    Abouta year or two ago, I was having serious problems with comment spam, with hundreds a day coming from a single IP address. I banned the IP for 7 days and put various protection schemes in place to prevent further abuse. Once the 7 days was up, there were literally thousands of attempts, but now each one was stopped and logged in an easier to understand format. With this in hand, I looked up the address to find it originated from one of The Planet's customers. Even after sending reports with links to the logfiles, months (and tens of thousands of attempts to spam my comments) went before I received any response whatsoever. That response was as a direct result of speaking to one of The Planet's higher profile customers who I've worked with in the past to try to get some help in the situation.

    Only after doing an end-run around the abuse department did I see some *real* action taken on behalf of The Planet. Previously all they seem to have done was moved the customer to a different IP address, which would have been very counter-productive had I just kept blocking the original IP address.
    • by mrcpu (132057)
      I had a very similar experience to this with a Microsoft bCentral hosted site. I have a domain name that used
      to have about 50k different email addresses, although now, there' sjust very few actual accounts, but the 49,997 other accounts are on every other spammers list.

      The bcentral server hits me a quarter million times a day on heavy spam days, I just finally had to put in a permanent ban. Nobody at MS would deal with it, and finding the person to report it to was horrendously difficult.

      ALthough at leas
  • By all means, send your complaint.

    If enough people complain, they will take action. The "legitimate" ISPs at least (as opposed to the "bulletproof" ISP).

    Include the ip address / spamvertized URL on the subject. Makes it easier for the poor lackey they have tasked with reading the abuse mail and opening tickets/reports/whatever.

    Or use a service like spamcop or mynetwatchman (for portscanning attacks). Usually, the postmaster and abuse accounts are not filtered in any way so they get a HUGE amount of spam
  • I run a small ISP hosting mostly dedicated servers. These servers pretty much all expect to have the ability to send outbound e-mail. We monitor and maintain these servers pretty closely, but sometimes a mistake by a client allows a machine to be used for sending spam and doing remote SSH compromise attempts. Those are our two biggest problems.

    For example, one client set up a "demo" account with an extremely easy to guess password. This was compromised by a remote SSH brute-force client, and the account
  • I've been reporting the Yahoo! accounts that have DomainKeys verification since those are, in theory, legitimate and not forged. And a few days after I send the abuse report (include the full headers), I get a note saying that the TOS issue has been resolved.

    I would guess that in the meantime that if the account has pumped out a few million spams, then the traffic would have put up flags, but if that hasn't shut them down, perhaps my email did. Hopefully. Otherwise that DomainKeys thingie will be meanin

  • by mbone (558574) on Sunday April 29, 2007 @11:27PM (#18923651)
    I forward spams to spam@uce.gov . I know that someone looks at at least some of these; does anyone know if it actually does any good ?
  • There's two reasons there's no reason to bother anymore.

    #1: You probably have no clue where the e-mail actually originated. And even if you are educated enough to interpret the headers of your e-mail, #2 becomes the problem.
    #2: These days, 99.9% of the IP addresses that send spam belong to retirees running Windows 98 on dialup connections who use less than 30 hours per month. As soon as I take the time to go through our dialup logs (or our ADSL logs) and track them down, I immediately recognize them (and/or
  • I'd like to thank all the folks at ISPs who've responded here.

    I long since gave up reporting spammers, even ones who appeared to have a legitimate product (or one that would be legitimate if it wasn't spammed for), because the volume is just too high. I can't even afford the bandwidth to accept mail that's potentially spam: I drop connections from dialup addresses at HELO, and I have several countries blacklisted at that level.

    The only spam I report any more is stuff that gets through my filters, doesn't se

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun

Working...