It's possible to put a spammer out of business (at least temporarily, by killing their account at the provider they used with a particular spam "attack"). To do this, you have to Forward the original spam to the abuse department of the domain it came from. Important: to be sure that the message you forward is readable by the abuse department you forward it to, disable any HTML in your signature when you send it–HTML can make the forwarded material unreadable when the message is viewed on a computer.

Note: WebTV has added a new e-mail address for reporting spam that's not from a WebTV user (for reporting WebTV user spam, use You can now forward commercial e-mail from other domains to

To see what domain it really came from, you need to read the full headers of the spam (the headers show the original source of any e-mail, unless they're forged, including all intermediate routing along the way).

WebTV's mail system doesn't display full headers for us, but there is a trick to expand the headers using only your own mailbox (and thanks to whoever figured out the latest twist making this work again). Here are the steps:

Go to Mail, open that message, scroll down and look in the original spam's headers for a line beginning with Return-Path. Within the Return-Path are one or two sections of received-by/from routing information–this is the one place in which you can find one accurate piece of information. Read these carefully and you should be able to "walk back" to the identity of the originating mailserver. Here's an example from an actual spam I received:


Received: from 
by; Sun, 28 Mar 1999 
     <> -0800 (PST)
Received: from ([]) by (8.8.8/ms.graham.14Aug97) 
      ESMTP id XAA21095; Sun, 28 Mar 1999 23:24:07 -0800 (PST)
Received: from 4oVH2diB4 ( 
      by (Post.Office MTA v3.5.3 release 223 
      0-57592U2500L250S0V35) with SMTP id com; Mon, 29 Mar 1999 
DATE: 28 Mar 99 11:30:20 PM
In this example, notice that the To:, From:, and Reply-to: addresses (at the bottom of the headers) all show as the source domain–as does the Message-Id line...but that's not where this came from.

Looking through the Return-Path information above that, you'll see that received the message from (the beginning of the Return-Path info says the message came from it didn't, read on).

Further down, you'll find that actually received it from 4oVH2diB4 ( [])–and this is legitimate. The one piece of information here that you can absolutely count on is the four-part IP number in square brackets at the end. Even if the name portion of this section is inaccurate, the IP is real.

Copy the headers, from the first Received line through the Subject line, and go directly to Paste the headers into the large box, and click the button. After about 5-10 seconds, you'll get a report which may trace the source, and give you one or more abuse addresses to forward the spam to.

If the report says the header couldn't be parsed (understood and used to track the source), go to the four-part IP number described above, copy that, go back to the first page of and click Host Tracker–paste the IP number into the small box, and click the button. This always gives you an abuse address to report to.

Running the example above through gave a report that indicated was the source of the spam (although it may have been "borrowed" by the spammer; sometimes spammers find an open mailserver port that they can hijack temporarily to use as a relay for their messages)–in any case, that's who you complain to.

In this example, you would then forward the original message (not the bounced copy) to (the result from as well as to (I put the WebTV spamfighting addy in the To: line, and the other addy[s] in the Cc: line).

I've been doing this for a while, and I've gotten messages back from many domains' abuse departments assuring me that they take spamming seriously, and that they will pursue the matter and attempt to shut down the source.

Some more addys you can forward spam to, when appropriate:

Further useful sites:

For other online resources about spam and how to help defeat it, visit my Privacy Links' spam section. brought to you by...

get your free homepage today