Help | Site Map
| Text size: - +
(Category) SpamCop FAQ : (Category) SpamCop Parsing and Reporting Service :
How do I get started reporting spam?

First of all, SpamCop users should know what is and is not appropriate to report as spam to SpamCop.

There are some categories of email that do not fit clearly into the opt-in or opt-out category.

Viruses

The spread of viruses through email is reaching epidemic proportions. The owner of the infected machine sending virus-generated emails rarely knows about or consents to sending these emails. The virus itself generates and sends email to addresses obtained from various sources, often the victim's address book.

A recipient should use the contact address to forward the email, along with a polite explanation of the message's problems to the originating ISP. In the accompanying email, the recipient should explain the ISP's customer is using a computer that appears to be infected with a virus and request the ISP assist their customer. If the recipient happens to be personally acquainted with the sender, direct personal contact such as a phone call to politely let them know that their computer appears to be infected with a virus may speed the clean-up process and prevent further spread of the virus.

"Legitimate" bulk email

Many reputable companies use opt-in email for marketing purposes. When receiving email purporting to be from a company normally considered reputable, the recipient should consider carefully the possibility that he or she did agree to receive it sometime in the past.

If after reviewing the sender's privacy and acceptable use policies, the recipient is certain he did not agree to receive the email in question, then it may be someone attempting to appear as the company in question, without the company's consent. If a recipient is certain he did not request the email, then the recipient may report it as spam using the SpamCop reporting tool.

To better identify legitimate email, some email users provide unique tagged addresses or disposable email addresses to vendors or companies on the Internet. For example, Joe has the domain example.com. When conducting business with Spaceley Sprockets, Joe provides the specific email address spaceleysprockets_mar2004@example.com. As a result, if Joe receives email to spaceleysprockets_mar2004@example.com, Joe is confident he gave Spaceley that email address and it is legitimate commercial email. SpamCop accounts offer wildcard addresses (i.e. account_name+spaceleysprockets@spamcop.net, account_name+travelagency@spamcop.net, account_name+onlineretailer@spamcop.net) which are all delivered to account_name@spamcop.net. There are also disposable email addresses available from online services, some of which are free for limited use.

Hoaxes and form letters

Often, individuals receive email warning them of a new virus, a pending law, or some other threat. A chain letter may offer individuals amazing rewards for forwarding the letter. Emails such as these can and do circulate for years. Recipients should view skeptically any email which asks the recipient to send copies to more individuals. In addition, it is recommended the recipient research the issue or threat using online resources such as Google or snopes.com before forwarding the mail. This kind of email is a nuisance, but is not spam, and should not be reported via the SpamCop service.

If a recipient knows the sender of a hoax or form letter, the recipient should consider personal contact with the sender prior to reporting the email as spam. Reporting email as spam results in real consequences for many email users. The sender's ISP may fine the sender or terminate his account due to a single spam report. A company may discipline or fire one of its employees for sending email that generates complaints. Forwarding a form letter, joke, or chain letter rarely, if ever, justifies such severe consequences. Rather than reporting the mail as spam, the recipient should send a personal reply to the sender, explain that it is not appropriate to send such email, and ask them to not send it in the future.

Confirmation requests

Confirmed opt-in mailing lists (sometimes called double opt-in) mailing lists are considered best practice. Confirmed mailing lists require the would-be subscriber to provide a positive response to an initial email. For example, the recipient must respond to an email or click on a link in an email. Occasionally, confirmation requests are misdirected, usually due to innocent typing errors. If one receives a single misdirected confirmation message, do not report it as spam. Sometimes spammers attempt to disguise spam as confirmation messages. The recipient must use good judgment in this instance. Confirmation messages should not include any explicit marketing information.

Confirmation messages should include information about how they were generated. For example, they might reference a specific website URL. Ideally, they will also provide specific information about the numeric Internet (IP) address responsible for creating the confirmation. However, not all confirmation messages include this sort of detail, so again, use good judgment in determining if this is spam.

Challenge/Response systems

A challenge/response system attempts to protect its users from receiving spam by sending a "challenge" in response to email from an unfamiliar address. The original sender must click on a link, visit a website, or solve a puzzle, for example. This proves the sender is a human and that the mail the sender wishes to send is not spam. If one sends email to a challenge/response user and receives a challenge, the challenge is not spam. Recipients should not report it using SpamCop. However, forged from: and reply to: fields are often found in emails which propagate a virus or are sent as a result of a virus, as well as in spam. If one receives a challenge as a result of mail one did not send (i.e., the email address was forged into a from: or reply to: field) then the recipient may report that challenge as spam.

Unsubscribing

On January 1, 2004, the CAN-SPAM Act became law in the US. (CAN-SPAM is an acronym for Controlling the Assault of Non-Solicited Pornography And Marketing). CAN-SPAM requires all unsolicited commercial email contain a label of unsolicited commercial email (although it doesn't require a particular method or label), a working unsubscribe mechanism and a physical address for the sender. It also prohibits the use of forged or falsified headers and misleading or deceptive subject lines. Many legitimate senders are complying with some or all of the provisions of the CAN-SPAM act, but so are many spammers. CAN-SPAM compliance is not necessarily a reliable way to distinguish solicited from unsolicited email. Be aware that CAN-SPAM requires that an individual be removed from a list upon request.

Unsubscribing from Existing Relationships

If one signed up for a newsletter or product updates, or otherwise agreed to receive email from a reputable company, one should use the unsubscribe method or other removal process provided in the email before deciding the email is spam. It is very difficult for a legitimate sender to remove an address from their mailing list based on a SpamCop report. Usually, it is faster and more reliable to use the sender's noted unsubscribe procedure.

After trying without success to unsubscribe when a company normally removes subscribers, then one may file a spam report. In these cases, SpamCop recommends including a note in the comments section of the spam report describing the removal attempts. A SpamCop member may add comments to any report he or she submits via SpamCop. This lends credence to the report and provides the sender information to help solve the general problem with the unsubscribe system.

Subscribers should be aware that it is sometimes difficult for large emailers to remove an address from a mailing list instantly. It may take hours or days to stop receiving email following an unsubscribe request, depending on how an email system works. Many sites state how long it takes to stop receiving mail after an unsubscribe request. An unsubscriber often receives an email confirming the unsubscribe request. This confirmation email is not spam, and should not be reported using the SpamCop service. If one continues to receive email from that sender after the appropriate period of time has passed, then one may report the spam using the SpamCop service. The CAN-SPAM Act requires that a mailer process an unsubscribe request within 10 business days.

Some services require a user to receive email from them in order to use their services. Examples of these services include free services such webmail accounts and website hosts, as well as downloaded software. A valid email address is the cost of using the service and the resulting email is not spam. These companies supplied the user with a product or service in exchange for the user's attention; not all payment is monetary. Do not use the SpamCop reporting service to complain about such email. These services should provide their users a method to unsubscribe (which may prevent access to the original product or service). If these unsubscribe methods fail, the user may submit a report to SpamCop. Again, SpamCop recommends including information in the notes section regarding the methods tried to unsubscribe.

Unsubscribing from Unknown Companies

A recipient should be cautious if he receives email from an unknown organization or a known organization without any prior communication, as following the removal instructions in the spam may result in more spam. By using the removal instructions, the recipient verifies that he received the spam and read it. That makes the email address more valuable to the spammer, and the recipient may get more spam. Normally, SpamCop recommends that one never reply to spam email or trust any of the information in the spam unless one really trusts the company and included information. SpamCop recommends erring on the side of caution.

As mentioned earlier, spammers frequently forge From: and Reply To: email addresses. As a result, if one receives a spam from a common email address just as john@aol.com, one should not reply to john@aol.com nor report the spam to AOL's abuse department (abuse@aol.com). As spammers easily forge this information, do not trust the information seen in the headers of the email received. In addition, replies to forged email often result in harassment of an innocent person.

Reporting Spam

Revealing Full Headers

Once a recipient determines that an email really is spam, the recipient needs to reveal the full email headers to report it accurately to SpamCop. Without full headers, SpamCop will report an error. Getting full headers from an email software is often a hurdle to reporting spam. Most email software is not clear about how to get full headers. However, practically all email software provides a way to get full headers. Consult the email software's FAQ to learn how to get the headers from the software.

Changing Your Spam

Before submitting or parsing spam, SpamCop members should not make any material changes to the spam which might cause SpamCop to find a link, address, or URL it normally would not find.

SpamCop does not generate reports for From: or Reply To: addresses, because these are often forged and not reliable. SpamCop members should not add these within the body of the spam to cause a report for these to be generated.

SpamCop does not decode javascript because it does not have its own javascript interpreter. Unless one can properly decode the javascript, what one sees may not be correct. SpamCop members should not make any changes to the spam to cause SpamCop to report addresses, links, or URLs that are contained within the javascript, whether they are decoded or not.

If SpamCop does not find and hide a personal email address contained within the body of a spam, it is okay to munge (e.g., hide) such an address. There is one exception: if a report is going to an abuse desk that does not accept munged reports, a SpamCop member should not make even these minor changes to the spam.

Many spammers are sending messages with Base64 encoded bodies. While SpamCop normally decodes and parses Base64, it is possible for spammers to hide an address or other identifiable information within the encoded body.

Misreporting Spam.

Calling something spam when it is not spam is harmful. Erroneous reports cause abuse desks to take SpamCop reports less seriously; they also lead to the unjust and unfair suspension or termination of the reported account. SpamCop's maintainers and deputies must handle erroneously filed reports, which is not an effective use of SpamCop staff resources. Additionally, spam reports feed the SpamCop Blocking List (SCBL). Erroneous reports make the SCBL less accurate and potentially cause thousands of sites to mistakenly block wanted, solicited email. For these reasons, there are penalties for violating the rules that have been set forth here and in the Acceptable Use Policy.

Free Reporting Service Users:
SpamCop will ban users of the free reporting service who violate these rules.

Paying Reporting Service Members:
SpamCop may fine, suspend or terminate the accounts of paid members who violate these rules.

(Flat rate) Mail Service Subscribers:
SpamCop will revoke access to the (free) reporting service for subscribers to the flat rate mail system who break reporting rules. Subscribers may continue to use the mail service (with CESMail) but are not be able to use the reporting system.

Users should consult the FAQ or the forum if they have any question about SpamCop policy. If in doubt, users should ask before acting. We do not want to take discliplinary action against our users.