Note: WebTV has added a new e-mail address for reporting spam that's not from a WebTV user (for reporting WebTV user spam, use firstname.lastname@example.org). You can now forward commercial e-mail from other domains to email@example.com.
To see what domain it really came from, you need to read the full headers of the spam (the headers show the original source of any e-mail, unless they're forged, including all intermediate routing along the way).
WebTV's mail system doesn't display full headers for us, but there is a trick to expand the headers using only your own mailbox (and thanks to whoever figured out the latest twist making this work again). Here are the steps:
Received: from mailsorter-102.bryant.webtv.net (184.108.40.206) by postoffice-272.iap.bryant.webtv.net; Sun, 28 Mar 1999 23:24:08 <firstname.lastname@example.org> -0800 (PST) Return-Path: Received: from isp02.cysource.com ([220.127.116.11]) by mailsorter-102.bryant.webtv.net (8.8.8/ms.graham.14Aug97) with ESMTP id XAA21095; Sun, 28 Mar 1999 23:24:07 -0800 (PST) Message-Id: <199903290724.XAA21095@mailsorter-102.bryant.webtv.net> Received: from 4oVH2diB4 (sfr-qbu-pqq-vty118.as.wcom.net [18.104.22.168]) by isp02.cysource.com (Post.Office MTA v3.5.3 release 223 ID# 0-57592U2500L250S0V35) with SMTP id com; Mon, 29 Mar 1999 01:23:39 -0600 DATE: 28 Mar 99 11:30:20 PM FROM: email@example.com Reply-to: firstname.lastname@example.org TO: email@example.comIn this example, notice that the To:, From:, and Reply-to: addresses (at the bottom of the headers) all show webtv.net as the source domain–as does the Message-Id line...but that's not where this came from.
Looking through the Return-Path information above that, you'll see that mailsorter-102.bryant.webtv.net received the message from isp02.cysource.com (the beginning of the Return-Path info says the message came from cysource.com...but it didn't, read on).
Further down, you'll find that isp02.cysource.com actually received it from 4oVH2diB4 (sfr-qbu-pqq-vty118.as.wcom.net [22.214.171.124])–and this is legitimate. The one piece of information here that you can absolutely count on is the four-part IP number in square brackets at the end. Even if the name portion of this section is inaccurate, the IP is real.
Copy the headers, from the first Received line through the Subject line, and go directly to SpamCop.net. Paste the headers into the large box, and click the button. After about 5-10 seconds, you'll get a report which may trace the source, and give you one or more abuse addresses to forward the spam to.
If the report says the header couldn't be parsed (understood and used to track the source), go to the four-part IP number described above, copy that, go back to the first page of SpamCop.net and click Host Tracker–paste the IP number into the small box, and click the button. This always gives you an abuse address to report to.
Running the example above through SpamCop.net gave a report that indicated wcom.net was the source of the spam (although it may have been "borrowed" by the spammer; sometimes spammers find an open mailserver port that they can hijack temporarily to use as a relay for their messages)–in any case, that's who you complain to.
In this example, you would then forward the original message (not the bounced copy) to firstname.lastname@example.org (the result from SpamCop.net) as well as to email@example.com (I put the WebTV spamfighting addy in the To: line, and the other addy[s] in the Cc: line).
I've been doing this for a while, and I've gotten messages back from many domains' abuse departments assuring me that they take spamming seriously, and that they will pursue the matter and attempt to shut down the source.
Some more addys you can forward spam to, when appropriate:
For other online resources about spam and how to help defeat it, visit my Privacy Links' spam section.
...is brought to you by...
get your free homepage today