Reporting spam or other e-mail abuse

Download as PDFDownload as PDF

Contents

Network and technology service docs

Abuse from Janet addresses or domains

See the general guidance Reporting abuse originating from Janet for notes on which domains and IP addresses are part of Janet.

Please remember that almost everything in an instance of e-mail abuse is untrue and deliberately misleading. The appearance of a Janet domain or IP address in a message does not on its own make it certain that Janet or any Janet organisation is responsible.
Working out where responsibility lies is a detailed and difficult task. Tools are available, but even these are not entirely reliable.

What to include in your report

The most valuable information is one or more message headers. The header is the set of lines sent at the top of a message, but not always shown on the screen unless you ask to see them.
It contains some information that you will easily see (lines beginning “From:“, “To:“. “Subject:“. “Date:“);
but also many other lines normally less interesting (those beginning “Received:“, “Message-ID:” or “X-Originating-IP:” are particularly important).
“Date:” is not the same as “Sent:“; it will include timezone information possibly indicating where in the world the message came from.

To see the message header you may have to take some particular action depending on your e-mail program or service, such as:

  • Right-click on a message summary line and select “Options“;
  • Right-clickon a message summary line and select “Properties“;
  • Press the “BLAH BLAH” button;
  • Choose “Display full header information“;
  • Choose “Message Headers“, “Advanced“;
  • Choose “View message source“.

Copy and paste the message header into your report to Janet CSIRT.

Including the rest of the message should be easier; “Forward” or copy and paste are usually good enough.

You may wish to add some information that is not in the message itself, such as:

  • How many messages you had like this one;
  • When the abuse began and ended;
  • Details of any damage the message has done to you or your network (it may have carried a worm or virus, for example).

To get your report to Janet CSIRT see the general guidance Reporting abuse originating from Janet, which also explains how we will respond.

Abuse of Janet from outside

If you belong to a Janet organisation and you have suffered e-mail abuse such as UBE, viruses or harrassing messages, please note the advice in Reporting abuse if you are a Janet user. Normally users should refer first to their local IT support or network staff.

The information required is the same as that described above where the abuse may have originated within Janet, but it not always easy to decide where to send the report. You should normally decide on the basis of the IP addresses involved, rather than the apparent source e-mail addresses or domains; but even IP addresses can be misrepresented (abuse message headers commonly include additional false “Received:” lines intended to make correct reporting harder).

CSIRT
abuse
incident response
reporting
security
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo