Search billions of records on Ancestry.com

Subject: e-Spam Complaint Addresses
From: Steven J. Coker
Date: April 04, 1998
 
http://ddi.digital.net/~gandalf/spamfaq.html

A list of complaint addresses
==============================

O.K... So you have a common site that you can complain to. Good. If you cannot
figure out where the message came from, you can post the FULL HEADERS (this is
*very* important for tracing) to news.admin.net-abuse.misc,
news.admin.net-abuse.email or news.admin.net-abuse.usenet (see the section
entitled Reporting Spam and tracing a posted message). Usually you can get
someone to help with the message.

If you complain to the spammer directly, you may just be confirming a "real"
live e-mail address, which may lead to even more junk e-mail. I would suggest
complaining to the owner of the site only. You can send e-mail to
foo.bar.com@abuse.net (where foo.bar.com is the provider you are complaining to)
and it will get forwarded to the "best" e-mail address.. See
http://www.abuse.net

There is a list of admins to contact (besides the list contained here):

http://NCTUCCCA.Edu.Tw/ftp/documents/Internet/MaasInfo/Other/ComplainToWhom.html

http://www-fofa.concordia.ca/spam/complaints.shtml

Greg reminds us that if you are complaining to a postmaster about a week-old
post, don't bother. It's not on their server, they can't verify it. Make sure
you use terms correctly. A recent trend is to call any off-topic post "spam".
It's not. I deal with spammers and off-topic or advertising posters differently.
Other providers do also. Also, try to keep the clutter in your complaints down.
I don't need a copy of the referenced RFC or statute. It doesn't help either of
us if I can't find your complaint in between all the mumbo jumbo.

Send complaint with FULL HEADERS in e-mail to any or all of the below :

postmaster@spammer.site.net
admin@spammer.site.net
abuse@spammer.site.net

Note : abuse@site.net and admin@site.net are not "standard" complaint e-mail
addresses, but I have seen those listed more and more frequently.

A nice Perl script put together to complain about spam (by Nate) is at :

http://www.metareality.com/~nathan/visit.cgi/spam/html.Perl

Chris tells us :

If you see MMFs or other gross abuses from AOL, MSN, MCI (_not_internetmci),
Primenet, Panix, please do not report them to news.admin.net-abuse.misc. Just
wastes bandwidth. Email your report directly to the provider:

abuse@aol.com
postmaster@mci.com
postmaster@primenet.com
postmaster@panix.com
abuse@msn.com

By "gross abuses", please try to ensure that it really is likely to be spam. Not
one article cross-posted lots, but lots of articles that you see yourself. In
AOL or MCI's case, the definition of abuse is somewhat stricter (AOL bans
commercial use. MCI's tolerance thresholds is lower)

For the following providers the correct e-mail address is:

4websites.com / www.4cruises.com - Connectivity by netcom.net. Send complaints
to noc@noc.netcom.net or abuse@netcom.com

ABSnet - support@abs.net or abs-admin@abs.net

AGIS.NET - You can complain to postmaster@AGIS.NET or abuse@agis.net , but it is
probably a waste of your time. AGIS.NET should be UDP'ed (Usenet Death Penalty,
i.e. no Usenet (news) connectivity to or from AGIS.NET), and cut off from all
SMTP mail exchanges. They do not put any restrictions on SPAM sent out by their
customers. I complained enough to sprintlink.net (they provide connectivity to
AGIS.NET for me, found thru a traceroute) and eventually I stopped getting all
SPAM from CyberPromo. AGIS.NET is partially owned by
http://www.alltel.com/overview/news/n411m19a.html

For the full story on AGIS.NET see :
http://members.aol.com/macabrus/agisfaq.html

Aloha.Net - abuse@aloha.net 

AOL - abuse@aol.com. Emergency - send complete copies to atropos@aol.net

www.angelfire.com or angelfire.com - mail@angelfire.com

answerme.com - See CyberPromo.com

AT&T WorldNet Services - abuse@worldnet.att.net

Bellatlantic.net - abuse@bellatlantic.net

Bellsouth - abuse@bellsouth.net

Best.com - abuse@best.com

Cais.net - noc@cais.com - http://www.cais.net/caisweb/cais-aup.html - CAIS
acceptable use

Com.BR - Policy - demi@agestado.com.br security violations write the list
cert-br@listas.ansp.br

Compuserve - compumail USEMAIL@CSI.compuserve.com or 70006.101@compuserve.com or
POSTMASTER@COMPUSERVE.COM, compunews NEWSMASTER@COMPUSERVE.COM

CyberPromo.com - You can try postmaster@AGIS.NET since they provide connectivity
but see above. You can try contacting abuse@sprintlink.net,
postmaster@sprintlink.net or Postmaster@mci.net or any of the other backbone
providers. Maybe they can do something.

For the full story on CyberPromo.com see :
http://members.aol.com/macabrus/cpfaq.html

Demon.net - abuse@demon.net, postmaster@demon.net or newsmaster@demon.net

DejaNews - abuse@dejanews.com - See http://postnews.dejanews.com/post.xp

Digex.net - abuse@digex.net (along with your name & postal address (including
city & state) http://www.access.digex.net/~policy/digex-aup.html

Digital-market.com - www.digital-market.com - See CyberPromo

Direct.CA - complaints@direct.ca

earthlink.net - abuse@earthlink.net or spam@earthlink.net
http://www.earthlink.net/company/aupolicy.html - Acceptable use

Erols.com - abuse@erols.com

Exec-PC Inc. - abuse@execpc.com

Freenet.carleton.ca - abuse@freenet.carleton.ca

Geocities.com - abuse@geocities.com

gergs_bane.org (does not exist, it is faked) - See UUNET - help@uunet.uu.net

GNN.Com - For help regarding a problem with a GNN member - GNNadvisor@gnn.com.

GTE.net - abuse@gte.net

hitsrus.com - Another AGIS.NET spamming domain. See AGIS.NET

Hongkong's ISPs - send an email to hkinet@glink.net.hk with anything in the
subject/body. You'll get a most recent version of the list contacts by email
within minutes.

IBM Net - Postmaster@ibm.net - Also see http://www.ibm.net/helpdesk.html

IDT.Net - abuse@idt.net, but parthiv@admin.idt.net is an emergency contact

interramp.com - abuse@interramp.com or psinet-domain-admin@PSI.COM

interserve.com.hk - Mr. K H Lee - khlee@interserve.com.hk.

INS Info Services (netins.net) - abuse@netins.net 

iSTAR Canada (istar.ca, inforamp.net, hotstar.net, magi.com, or nstn.ca) -
abuse@iSTAR.ca

Juno.com - postmaster@juno.com

LAKER.NET admin@laker.net or VOICE 1-954-359-3670 FAX 1-954-359-2741

LLV.COM - Yet another Spam domain that uses AGIS.net as a provider.

Loop.Com or Loop.net - greg@loop.com

MALIBU - postmaster@pbi.net

MCI Net - spamcomplaints@MCI.NET For security problems see
http://www.security.MCI.NET

Campus.MCI.Net - postmaster@campus.mci.net

MCSNet - support@mcs.net

mkt-america.com - See AGIS.net

Mindspring.com - abuse@mindspring.com Note : Mindspring is no longer affiliated
with INTERRAMP.COM

money.com or money.now - postmaster@cam.org

MS.UU.Net - Example CustXX.MaxXX.city.ST.MS.UU.NET and explicitly contains an
MSN e-mail address (@msn.com) -
abuse@msn.com

MS.UU.Net - Example CustXX.MaxXX.city.ST.MS.UU.NET and does not have @msn.com -
fraud@uu.net

Netcom or any account with an @ix.netcom.com address - abuse@netcom.com for
standard SPAM junk. security@netcom.com is for instances of forgery, cracking
etc. NetCruiser Technical Support - support@ix.netcom.com. For a Netcom network
customer (like shippingplanet.com) send e-mail to noc@noc.netcom.net.

Netins.net - abuse@netins.net

NEVWEST.COM - Yet another AGIS Spam domain in conjunction with LLV.COM.

pacbell.net - david@pbi.net, policy@pbi.net

Pipeline.com - postmaster@pipeline.com, abuse@pipeline.com bounced back to me.

PIPEX- postmaster@dial.pipex.com, International - int-sup@pipex.net, Unipalm
PIPEX - postmaster@unipalm.pipex.com

portal.com - support@portal.com

Prodigy - mailadm@prodigy.com or abuse@prodigy.net (but many times this mailbox
is full). I don't think postmaster@prodigy.com is read by a person. Security
issues can be sent to security@prodigy.com .

pwrnet - abuse@pwrnet.com

PSI Net - abuse@psi.com, net-abuse@psi.com PSI Net policies -
http://www.psi.net/csg/netabuse.html ... Note : Earthlink uses PSINet's pops

QUANTCOM.COM - See AGIS.net. A long time reputation of spamming on the Internet.

Rain.net - abuse@rain.net

savetrees.com - See CyberPromo.com

Slip Net - hellman@slip.net - Tech Support

Southwindent.com - postmaster@vcity.net - See
http://www.southwindent.com/policies.htm

Sprint - abuse@sprint.net

Sprintlink - 800-669-8303 abuse@sprint.net, noc@sprintlink.net. For
dialsprint.net abuse reports send to abuse@dialsprint.net . For sprintmail.com
abuse reports send to abuse@sprintmail.com . You can view Sprint's Policy at
http://www.sprintbiz.com/data1/ip/policy.html

sprynet - postmaster@spry.com

Teleport System Administration - teleport.com - admin@teleport.com

tip.net - postmaster@tip.net hh@tip.net

University of Pennsylvania - millar@pobox.upenn.edu - For security matters :
security@isc.upenn.edu

Other matters: millar@pobox.upenn.edu

USA.Net - http://netaddress.usa.net/nospam.html

UUNET Customer Liaison - MASSMAIL (E-Mail SPAMS) - fraud@uu.net, Newsgroup Spams
- spam-complaint@uu.net. help@uunet.uu.net See Also MS.UU.Net - For abuse of the
open UUNET NNTP port, UUNET will block the site if you complain. See
Gergsbane.org

From : David Jackson (djackson@aol.net) (and this applies to *any* abuse) :

To report an instance of USENET abuse send mail to postmaster@aol.com - please
remember to include a complete copy of the USENET article, including all
headers, to help us quickly quash the abuse.

Scott reminds us :

It might also be a good idea to remind people that sometimes the postmaster _is_
the spammer. Joe Spam might have his own domain (since they _used_ to be free)
inside of which they are the postmaster. This is terrifyingly common with
net.twits (kooks, etc.) but seems rare for spam. A quick note that if the
spammer is the admin contact in whois, notifying the postmaster will surely
generate laughs on their end.

In the letter to the postmaster, you might wish to mention Joel's very good FAQ
about advertising on the Internet :

http://www.cs.ruu.nl/wais/html/na-dir/usenet/advertising/how-to/part1.html

http://www.cis.ohio-state.edu/hypertext/faq/usenet/usenet/advertising/how-to/part1/faq.html

And where they *should* advertise :

http://www.cs.ruu.nl/wais/html/na-dir/finding-groups/general.html

Or for why posting business or e-mailing business ads are bad :

http://www.phoenix.net/~lildan/FAQ/commercial-ads-faq.html

If you don't get a proper response from the postmaster, remember, Whois -
rs.internic.net is your friend. You can get information on / about a site by:

telnet rs.internic.net

whois spammer.site.net

The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's). Please use the whois server at
nic.ddn.mil for MILNET Information.

This *should* get you a person to talk to & their personal e-mail address. If
you don't get any response from that postmaster, then you should try the
provider to that site. This gets a little trickier, but a multinet traceroute
should show you the upstream provider, and from there you can try contacting the
postmasters of *that* site.

Any non-profit organization (like a University) should be very happy to help get
rid of a spammer if the non-profit organizations resources are being used to
spam a for-profit business. The IRS can take their non-profit status away for
such things. Talk to the legal council at the non-profit organization if you
don't get a positive response from the postmaster.

Worst case, a site can be UDP (Usenet Death Penalty) out so that other sites
stop accepting news or even e-mail from that site. They are cut off from the
net. Decisions like this are discussed in the news group
news.admin.net-abuse.misc .

Thanx to Leslie, whom to contact about domains that have invalid contact
information :

Internic Registration Services should be contacted by phone:

703/742-4777

or email:

hostmaster@rs.internic.net

If the spammer site has problems trying to figure out where the spam came from,
they can *always* get help from the denizens of news.admin.net-abuse.misc, but
have them take a look at their logs first and see if they see something like
(Thanks to help from Michael):

My news logs (for INND) are:

$ cd /usr/log/news
$ ls

OLD expire.log news.err unwanted.log

errlog news news.notice
expire.list news.crit nntpsend.log
and here is my syslog.conf:
## news stuff
news.crit /usr/log/news/news.crit
news.err /usr/log/news/news.err
news.notice /usr/log/news/news.notice
news.info /usr/log/news/news
news.debug /usr/log/news/news.debug

but, what they need to remember, is they HAVE TO LOOK QUICK!. INND expire puts
all these logs in OLD, and recycles them, and expires them at the 7th day (and
gzips them), i.e., OLD/:

ls -l news.?.*

-r--r----- 1 news news 181098 May 23 06:26 news.1.gz

...

-r--r----- 1 news news 319343 May 17 06:29 news.7.gz

so... to grep an old log looking for sfa.ufl.edu:

(the {nn} is how many days ago, 1 is yesterday, 2 is 2 days ago, etc)

cd {log/OLD}

gunzip -c news.1.gz | grep sfa.ufl.edu | more

Trying to catch the suspect still logged on
===========================================

If you think you know a machine close to the spammer, you can change your
default DNS lookup server (and get *lots* more info ;-)) by :

$ nslookup
server wb3ffv.abs.net
Default Server: wb3ffv.abs.net
Address: 206.42.80.130
ls -d kjl.com
[wb3ffv.abs.net]
kjl.com. SOA kjl.com dns-admin.abs.net. (10 21600 3600604800 86400)
kjl.com. NS ns1.abs.net
kjl.com. NS ns2.abs.net
kjl.com. MX 10 abs.net
kjl.com. SOA kjl.com dns-admin.abs.net. (10 21600 3600604800 86400)

If you are quick enough, you can see if the spammer is still on by :

multinet RUSERS rust.nmt.edu

And you might get :

kuller ray timbers jweinman timbers john timbers rayzer

Assuming that the spammer is from ingress.com you can expand the Spammers UserID
(some sites have expn / vrfy turned off) by:

telnet ingress.com smtp

Trying 199.171.57.2 ...

Connected to ingress.com.

Escape character is '^]'.

220 ingress.com Sendmail 4.1/SMI-4.1 ready at Sun, 22 Oct 95 15:13:39 EDT

expn krazykev

250 Lipsitz Kevin krazykev@kjl.com

We connect to port 25 (smtp) and issues an expn command. Looks like
krazykev@kjl.com is being used as a maildrop for this user. I'll would send my
complaint to postmaster@kjl.com as well (not that it would do any good in Krazy
Kevin's case... but the reply to your e-mail might be amusing).

To find out the Mail Exchange records, do a nslookup for the MX records only.
You can then look up the expansion of the postmaster or root to see who they
really are. For example :

% nslookup
set type=mx
gnn.com
gnn.com preference = 20, mail exchanger = mail-e1a.gnn.com
gnn.com preference = 10, mail exchanger = mail-e1b.gnn.com
% telnet mail-e1a.gnn.com smtp
220 mail-e1a.gnn.com ESMTP Sendmail 8.7.1/8.6.9 ready at Thu, 11 Jan 1996
12:54:26 -0500 (EST)
expn postmaster
250-wross@ans.net
250 gnnadvisor@mail-e1a.gnn.com
expn root
250-mitch@ans.net
250 gnn-monitor@ans.net

You can use the 'host' command. It's really simple:

% host -t any domain.name

This will give you anything your name server can find out.

% host -t ns domain.name

This tells you the name servers. Not all systems have host, but it's a small
program which should be easy to compile (like whois).

The command "last" will tell where the spammer logged on from last, but it has
to be done by a user from that site. For example :

last imrket4u

Would produce :
imrket4u ttypf ip30.abq-dialin.hollyberry.com Fri Sep 15 00:27 - 00:34 (00:06)
imrket4u ttyq8 ip30.abq-dialin.hollyberry.com Fri Sep 15 00:19 - 00:20 (00:01)
imrket4u ttyqc abq-ts1 Thu Sep 14 20:42 - 22:21 (01:39)
imrket4u ttyqc rust.nmt.edu Thu Sep 14 18:39 - 18:41 (00:01)
imrket4u ttypb abq-ts1 Thu Sep 14 17:55 - 17:57 (00:02)

Filtering E-Mail using procmail or News with Gnus
==================================================

Get the procmail FAQ :
http://www.ii.com/internet/faqs/launchers/mail/filtering-faq
http://www.best.com/~ii/internet/faqs/launchers/mail/filtering-faq
http://www.ii.com/internet/robots
http://www.best.com/~ii/internet/robots
http://www.cis.ohio-state.edu/hypertext/faq/usenet/mail/filtering-faq/faq.html

Or read about it when it is posted to :

Newsgroups: comp.mail.misc , comp.mail.elm , comp.mail.pine , comp.answers ,
news.answers
   Subject: Filtering Mail FAQ

Bob tells me that Eudora Pro has a good filtering capability. You can filer
based on who you send e-mail to, known spammers, etc. Enough filters and you may
see hardly any Spam. Claris E-Mailer, likewise, has a filter option.

Brian has a Gnus scorefile from the Internet blacklist : 
http://www.cs.ubc.ca/spider/edmonds/usenet/gnus/BLACKLIST

Or his example global scorefile :
http://www.cs.ubc.ca/spider/edmonds/usenet/gnus/SCORE

Many news readers have a "kill" file that will filter out the posts from either
a certain user-id, or posts with certain titles. Each news reader is unique. You
might wish to read the help file on the subject of kill files.

Rejecting E-Mail from domains that continue to Spam
====================================================

Spamfilters can be found at:
http://www.io.com/~johnbob/jm/index.html
http://www.samiam.org/spam/index.html
http://www.best.com/~ariel/nospam

List of spammers: 
http://www.samiam.org/spam/spammers.txt
http://www.idot.aol.com/preferredmail

Or look at a page on how to block e-mail : 
http://www.nepean.uws.edu.au/users/david/pe/blockmail.html

Ask your admin to add the following to their sendmail.cf. This will reject all
mail that continues to come in from domains that only send out spam. This is a
group effort from many admins :

Modify your sendmail.cf in the following way.

1. Setup a hash table with the domains you wish to block:

# Bad domains (spam kings)
FK/etc/mailspamdomains

2. Add the following rules to S98 (be sure that there are three lines (i.e. the
lines are not split up) and be sure to put a TAB character between the $* and
the $#error, not a space) :

### Spam blockage

R$* @$*$=K . $* $#error $@ 5.1.3 $: "Your domain has been blocked due to spam
problems. Contact your administrator."

R$* @$*$=K $* $#error $@ 5.1.3 $: "Your domain has been blocked due to spam
problems. Contact your administrator."

3. Make your hash table. Here are some suggestions :

moneyworld.com
interramp.com
dm1.com
zygon.com
zygn.com
stockpick.com
netamerica1.com
selfhelpnet.com
helpnet.net
buytime.com
jackpots.com
cyberpromo.com
californiakid.com
lsat.com
megd.com
pwrnet.com
bulk-e-mail.com
bigprofits.com
bbbiiizzz.com
owlsnest.com
natureplus.com
globalfn.com

Mail that comes in from any of these domains will be returned to sender with the
error. If the sender is bogus, it will bother the postmaster at the bad domain
in an appropriate manner.

Keep in mind that *ALL* email from these domains will be blocked. This is really
only a good solution for domains that are setup by spammers for spamming.
Blocking something like aol.com, although it may seem initially attractive ;-),
would cause problems for legitimate users of email in that domain. Compile your
list after careful verification that these domains fit the above description.

http://ddi.digital.net/~gandalf/spamfaq.html

==== SCROOTS Mailing List ====

Go To:  #,  A,  B,  C,  D,  E,  F,  G,  H,  I,  J,  K,  L,  M,  N,  O,  P,  Q,  R,  S,  T,  U,  V,  W,  X,  Y,  Z,  Main