Is There Any Reason to Report Spammers to ISPs?

marko_ramius asks: "For years I've been a good netizen and reported spam that I get to the appropriate contacts at various ISPs. In the entire time that I've done this I've gotten (maybe) 5 or 6 responses from those ISPs informing me that they have taken action against the spammer. In recent years however, I haven't gotten any responses. Are the ISP's so overwhelmed with abuse reports that they aren't able to respond to the spam reports? Do they even bother acting on said reports? Is there any real reason to report spammers?"

Yes

[YGingras]

... but it's rarely worth the effort. Just repport to your favorite real time block list and we'll thank you.

Please continue!

[J. T. MacLeod]

I work for a regional ISP.

We frequently receive notifications of spam email as well as virus-laden email that has originated from our network. We only respond to the sender if they request that we do (and even then, if it's not necessary and the request isn't polite, we may not).

That means we almost never send a reply to the person who notified us. However, we DO take care of every single notification we receive. If we aren't able to immediately contact the customer and fix the issue (generally a home user with a virus doing the spamming), then we either shut off their service or, more frequently, block outgoing connections from their IP to port 25 anywhere.

Please don't let the silence discourage you. We're hard at work and appreciate the notices that help us keep our networks and services running smoothly for our customers.

Re:Definitely report if you have clue

[Mister J]

As long as the reports go to someone who is smart enough to understand those things, the reports can help.

If they go to the wrong person, all that serves to do is annoy someone who has absolutely nothing to do with the spam and can't do anything to fix it. Such emails are usually the most inflammatory, so hackles are already up before you waste time verifying that the original spam was indeed nothing to do with us. Plus, like the boy who cried wolf, every one of these makes you that little bit less inclined to care about the real spam reports that come in. Oh, and forget replying to such messages - I learned long ago that "It's nothing to do with us" is rarely an answer they're interested in hearing, no matter how politely you put it and how detailed your explanation of "this is why and here's who's really responsible" is.

Keep reporting

[azander]

Greetings,
    Please keep reporting. I handle the abuse complaints for a regional ISP. We have never had an actual spammer on our network, but the reports have helped us clean up some very badly infested machines of our users. Since I receive about 50 of these complaints a week, with maybe 1 in 1000 being from our IP space, I have to agree that it is frustrating when people report to me, but the only mention of my IP or domain space is an obviously forged header. At least it is obvious to anyone who can read email headers. I will not respond to any report unless specificly asked, and even then it will be a short reply stating that it is either been dealt with, it is not our user, or that it is under investigation. No details are ever given out due to privacy.

    We do not (yet) block port 25 by default, however we do rate restrict it, and monitor usage on a per-IP bases. We have been in business for over 13 years and due to that, management is not happy with having to contact our customers to get them to update their email client settings. We are setting up all new clients to use SMTP authentication and all helpdesk tickets dealing with email get them switched over as well. We figure that in another 1 maybe 1.5 years we will have everyone switched over and then we can block all port 25 access without causing too much disruption (Management's bigged fear).

Please Report Spam

[giafly]

Does the spam look legitimate?

• Yes - please report it. I work for a large email company and we always act on spam complaints, to ourselves or to our ISP. I hate spammers too, because they are not why we wrote the system and they cost us money, so we'll kick them out.
• No - e.g image spam - why bother? It's probably from an illegal botnet, criminals are not noted for customer service, and any server will be on a short-term contract.

Re:Dont bother - they're in on the racket

[Anonymous Coward]

ISP's are not common carriers and never have been. When will this myth die!?!

Re:No, I strongly disagree...

[MightyMartian]

with any sort of port blocking, either inbound or outbound. Unless free and open communications are allowed, they're not an ISP, they're a "web browsing service provider," and they are damaging, not helping, the Internet. Port blocking is anathematic to the purpose of the Internet, it interferes with open peer to peer communications. Port blocking is the equivalent of governmental prior restraint.

Yeah, if the block MS file sharing ports and leave open relays in place, they're not really ISPs.

Give me a break. I see nothing wrong with an ISP closing down ports that, through a lack of foresight or through simple bad security engineering, pose serious risks to client security and to the ISP's own network.

When I worked for an ISP, we closed down port 25 on all clients. If someone wanted to run a mail server, all they had to do was call us, and they almost inevitably would anyways to get the DNS entries set up. 99.9% of consumer Internet connections do not require file sharing and SMTP ports open. Actually, 99.9% of consumer connections don't require a whole shitload of those ports be open, and it's ludicrous to assert that Joe Average surfing the web, sending email through Yahoo, GMail or his Outlook Express client and doing some music sharing and video downloading somehow should be treated like servers.

At my old job, I spent about a quarter of my time directly or indirectly dealing with spam. We had to set up proxy servers to block distributed dictionary attacks that were literally bringing our mail server down. I had customers screaming about going away for three or four days and coming back to fifty spam messages. The customer and the stability of the network spoke loudly, and I took the action needed. Our SMTP server would only relay email coming from authenticated connections, we wouldn't let ordinary customers send out on port 25, which did a helluva lot to abrogate the effect of worms. Yeah, it meant customers sending to remote mail servers had to do some change to their MUA port settings, but the number of people that had to do that was pretty small. It didn't get rid of spam, but it sure took a bite of it.

from a DomainKeys account I will

[DuctTape]

I've been reporting the Yahoo! accounts that have DomainKeys verification since those are, in theory, legitimate and not forged. And a few days after I send the abuse report (include the full headers), I get a note saying that the TOS issue has been resolved.

I would guess that in the meantime that if the account has pumped out a few million spams, then the traffic would have put up flags, but if that hasn't shut them down, perhaps my email did. Hopefully. Otherwise that DomainKeys thingie will be meaningless. If it already isn't.

DT