Help, I've received spam from $company! What to do now?
Seems this week is spam week after yesterday’s GMail/Yahoo’s spam filter post, but it doesn’t matter: spam is (sadly) part of everyday life, so you as an end user should do everything you can to calm the flood, even if it’s only 1%. First a statistic from Cisco: 200 billion emails are sent every single day. Trouble is: 90% of that is spam. So what can you, humble email user, do to make life just a bit less miserable? Here’s how.
Find out who’s spamming you
Besides the general Viagra, mortgage, 100% 500 billion dollar Nigerian diploma from someone’s deceased uncle and such you will receive (some) spam that is closer to home. This will be from companies that have somehow gotten hold of your address (or if you have a quite generic address like email@example.com and the spammers are using dictionary email generators) who have put your email address on a list and are now spamming you. Find out who they really are and get a hold of their basic information: company name, location and contact data. This is important, below you will read why.
Know where and how to report spam
After you found out who the punks erhm not so nice people are who sent you the unwanted email(s), it’s time to report. But to whom, how and where? There are several options, depending on where your email address is located. Some examples:
Hotmail, GMail, Yahoo or other web mail service
These services most of the time include a ‘mark as spam’ or ‘mark as phishing scam’ option: they will gather all information on spam reports and take affirmative action.
ISP mail service
Next to web mail service there’s ISP mail services: your internet provider will probably have provided you with an email address when you became a customer. They also most of the time have pretty good spam systems set up, including an abuse address to report to, or a spam button in their web email interface similar to that of Hotmail.
Company mail service
If you receive spam at your corporate email address the best thing you can do is to report it to the person responsible for handling the email server(s): either in person or via email depending on the size of your organization. It could be that an firstname.lastname@example.org is set up just like the ISP mail service one, so you could use that just fine.
Own (hosted) web/mail domain service
If you own your own domain(s), it should be apparent that you have a spam filter system (like Spamassassin) set up on your domain to take care of the most obvious spam: for all ‘special’ spam that trickle through you could either get in touch with your hosting company or ISP to help you out.
National or local anti spam services
Separately from all the types of mail services you could be using, reporting to a national or local spam service can give them some cannon fodder to hunt down companies: without complaints, hard evidence and such they cannot fine or sue companies in a court case. If the spam fighters receive 1 complaint or 5000 about a certain organization, that will make all the difference in them getting into action or not.
In The Netherlands, we have the OPTA who (among many other things) enforces the Telecom law: this if some company misbehaves through certain communication channels, they will get slapped for that. For email the site called spamklacht.nl has been made available: on this site end receivers of spam can file a complaint including the original email with headers and extra information about the way it was received and how it was perceived. If the OPTA receives enough complaints about a certain organization or company they will take action against them with fines and such.
Hopefully your country or local authority has similar websites or services set up to register spam in a central and orderly manner: this way they have the aforementioned evidence available to fight back.
Drop in a bucket
Of course, this will only help to stem the tide a little bit: most of the spam will still be sent from zombie computers part of an everchanging botnet worldwide and this flood is very hard to stop, but like I said in the beginning: every single percent less spam counts, so don’t let this discourage you. Simply because 1% of 195 billion emails per day is a lot.
To illustrate how botnets and spam work, see the image below (from Wikipedia):