Internet users have many options to reduce the amount of unwanted commercial e-mail filling up their mailboxes. Following these recommendations should reduce the amount of unwanted spam you receive:
- Avoid displaying your e-mail address in public – If it is not required, do not provide your e-mail address when filling out Web registration forms, surveys, etc. If you must provide your e-mail address, look for a box that asks if it is okay to send you offers or information. Make sure you say "no."
- Contact net directories such as WhoWhere.com, 411.com and Switchboard.com and request that they remove your name, e-mail address, and other personal information from their databases. Simply go to the Web site, click on the "contact us" link and then request that your information be removed.
- Contact your Internet Service Provider. Authorize it to disclose that you have a Washington e-mail address. Encourage your ISP to provide this disclosure service if they don't have it
- Protect your address from list members. If you subscribe to a list, ask the list administrator to shield you from outside e-mail commands that allow a third party to view names on the list.
- Delete your member profile from online services such as America Online.
- Avoid posting your e-mail address in chatrooms, newsgroups, or on auction and sales sites. Spammers often send scavenger bots (programs that "harvest" e-mail addresses) to these sites.
- Don’t list your e-mail address directly on a Web page, even your own. Use an alias or a secondary account that you can delete later if necessary.
- Avoid responding to spam, even if you are asking to be "removed" from a mailing list. Responding can increase the amount of spam e-mail you receive because spammers know your address is active.
- Switch to an Internet Service Provider (ISP) that offers spam filtering.
- Read and understand the entire form before you transmit personal information through a web site. Some web sites allow you to opt out of receiving e-mail from their "partners" – but you may have to uncheck a pre-selected box if you want to opt out.
- Decide if you want to use two e-mail addresses, one for personal messages and one for newsgroups and chat rooms. You also might consider using a disposable e-mail address service that creates a separate e-mail address that forwards to your permanent account. If one of the disposable addresses begins to receive spam, you can shut it off without affecting your permanent address.
- Use a unique e-mail address. Your choice of addresses may affect the amount of spam you receive. Spammers use "dictionary attacks" to sort through possible name combinations at large ISPs or email services, hoping to find a valid address. Thus, a common name such as jdoe may get more spam than a more unique name like jd51x02oe. Of course, there is a downside: it's harder to remember an unusual email address.
- Use an e-mail filter. Check your e-mail account to see if it provides a tool to filter out potential spam or a way to channel spam into a bulk email folder. You might want to consider these options when you're choosing which ISP to use. In addition, you and your family may wish to consider purchasing commercial software that filters out many spam messages or offensive materials.
[Back to Top]
Who Is Sending This Stuff?
One way to fight spam is to use the very information that spam brings with it. Internet Service Providers (ISPs) don’t like spam any more than you do. So, if you can file a complaint or provide helpful information to ISPs about specific spammers, it helps everyone. A major hurdle for most of us, however, is learning how to find the information we need to properly identify spammers so they can be reported. The following tips will help track spammers on your own.
Often, junk e-mail messages include a link to a website. After all, the purpose of most junk e-mail is to direct people to websites where they will be hit up for a variety of products and services. If you’re provided a link to a website, you can probably find out who owns that website and complain to them directly or report them to ISPs.
Visit the Site – Although we may not wish to visit the sites provided in junk e-mail messages, this is one way to track down the source of an unwanted e-mail solicitation. This approach, however, has its pros and cons.
- Cons – Some websites pitched through spam messages contain pornographic, distasteful or unwanted content. Others may ask for personal information including credit card information or e-mail addresses. Be careful with this information if you are asked for it.
"Whois" Searches – If you are leery about visiting the websites included in spam e-mail, there is another way to find contact information. This method is called a "Whois" search. To provide some order in cyberspace and to avoid duplication, web addresses or domain names must be registered. When users/firms register a domain name, they provide contact information to the company that registers the domain name on their behalf.
There are a number of companies that provide registration information on domain names, including www.godaddy.com; www.tucows.com; www.netsol.com; www.samspade.org. The one most widely used is VeriSign, which can be found at www.netsol.com. At these sites, you’ll find a link titled "whois." This link is used to find information about a domain name owner. If you type in the domain name listed in the spam, the "whois" search will provide the contact information provided at the time the domain name was registered. Sometimes this information is accurate, however keep in mind that some may not provide legitimate registration information. The information provided by the registrant at the time they register their domain name is all that the "whois" search confirms.
Find the Sender’s ISP – Another important tool consumers can use to combat unwanted e-mail is to complain to the spammer’s ISP. ISPs are usually more than happy to help since most have rules against using their networks to send spam. Since spammers routinely send out millions of e-mails, an ISP’s network can become overwhelmed and can slow down or fail as a result. Also, when the angry e-mails start coming in from those who were spammed, ISPs are alerted to the fact that their network was used inappropriately and often cut the spammer off immediately.
What Is a Full Header and How Do I Find It?
An e-mail message is divided into two parts, the "header" and the "body." Headers contain all the technical information, such as who the sender and recipient are, and what intermediate computer systems the message passed through on its way to the recipient’s mailbox. The body contains the actual message. A blank line typically separates the header and body. In some mail programs, the headers are shown separately. Most people are only familiar with "friendly" e-mail headers – these are what you see in your mail program – typically the "To:" and "From:" lines. However, there is a lot of useful information beyond the "friendly header" contained in the "full header."
Most e-mail programs provide a way to reveal the full header, which contains all the information needed to track a spammer. If you are filling out our junk e-mail complaint form, you’ll need to cut and paste this information into the form.
Here’s an example of what a "full header" looks like:
Received: from slave2 for slipry
with Cubic Zirconium's Puppipop (v1.18a 1996/12/26 VIRTUAL) Tue Feb 1 06:58:50 2000
X-From_: owner-nolist-bounces*SLIPRY**AJ*-NET Mon Jan 31 05:50:14 2000
Received: from saturn.grcc.com ([255.255.255.1])
by slaveZ.AJ.net (8.9#.8/8.9#.5) with ESMTPJ id FAC18108
for ; Mon, 31 Jan 2000 05:50:14 -0800
Received: from heroes (heroes.grcc.com) by saturn.grcc.com (LSMTP for Windows NT v1.1b) with SMTP id <1.00134977.saturn.grcc.com>; Mon, 31 Jan 2000 8:41:30 -0500
Date: Mon, 31 Jan 2000 08:28:43 -0500
Subject: Smith Online Poll Activity Survey
Here’s what this same message’s "friendly header" looks like:
Subject: Smith Online Poll Activity Survey
In order to retrieve the full header you need to determine what e-mail program you use and how to extract a message’s full header. Below is a list of commonly used e-mail programs and the methods built into each one to obtain full header information from e-mail messages. If your e-mail program is not listed, you may need to contact your e-mail program’s technical support for help.
Elm, Pine, and Mutt – Press "h" from the message selection menu to view the full headers of the currently selected message.
Eudora – Open the message. Under the title bar are four options. The second from the left is a dialog box - click on that to display the full headers.
Hotmail – Go into "Options," "Preferences," and choose "Message headers." You'll want to choose the "Full" option to display Received: headers. "Advanced" will display that as well as MIME headers. Note: sometimes Hotmail uses older mail servers Messages sent through those mail servers won't show any headers.
Lotus Notes 4.6.x – Open the offending mail. Click on "Actions," then "Delivery information." Cut and paste the text from the bottom box, marked "Delivery information."
Netscape Mail – Choose "OPTIONS" from the options menu bar. Listed as an option is "Show Headers." Choose full headers.
Outlook Express – While viewing the e-mail message, select the menu item "File" then "Properties." When the dialog box pops up, select the "Details" tab, which will show header information only. Select the "Message Source" button, which will display the entire e-mail message, including headers and body. Microsoft Outlook 97 – While viewing the e-mail message, select the "Options" folder tab at the top of the message frame. This will show you the routing information of the message. For e-mail complaint purposes, first begin composing your message, then copy and paste this routing information, then switch back to the message window and copy the message and paste it in below the routing information
Microsoft Outlook 2000 – Double click on the message to open it up, click on "View", then "Options", and you will see the message headers in a box at the bottom of the window. You can copy/paste them from that window.
Forte' Agent – While in Agent, Click the "select Message option, "header, and "all." This displays all header information within the e-mail itself. You can then cut and paste as necessary.
Forte'Free Agent – While in Agent, Click the "select Message option, "header," and "all." This displays all header information within the e-mail itself. You can then cut and paste as necessary.
Pegasus – Choose "Reader" from the options menu bar. Listed as an option is "Show all Headers." This does not work for HTML messages, however. To view header information in HTML messages, select the message properties, and uncheck "Contains HTML data."
Now That I Have the Header, How Do I Track the Spammer?
Now that you can find the information you need, you can go to the next step and trace the spammer. In the header, e-mail leaves evidence of each intermediate step it took in its journey from the sender to your e-mail box. Much like a passport, the header contains a stamp of every network the e-mail message passed through on its journey.
In the example below, look at the "Received lines" in the header and read from top to bottom:
Received: from relay.somebodyelse.com (upandup5.somebodyelse.com [188.8.131.52]) by anyone.com with SMTP id WAA12684 for < waconsumer.anyone.com >; Sun, 01 Oct 2000 23:03:08 -0800
Received: from forged.example.com (ima.spammer.com [184.108.40.206]) by relay.somebodyelse.com (8.8.3/8.8.3) with SMTP id GAA02044 for
< waconsumer.anyone.com >; Sun, 01 Oct 2000 01:23:46 -0500
What it Means – Your e-mail address (in the "To" field) got this message from upandup5.somebodyelse.com (The entry in the first "received" field). It received the message from ima.spammer.com (The entry in the second "received" field). Intermediate sites, such as somebodyelse.com in this example, may simply be sites that allow anyone to forward mail using their mailer. Don't assume they are connected with the spammer or the spammer's provider. Nevertheless, you might want to let them know their system is being used for this purpose.
With experience, you will learn more about Received lines, and the ways that they can vary. But the basic principle is still to read them from top to bottom, and to understand that each computer that handled the message – the sender, the receiver and all in between --added a Received line to the header.
Once you’ve tracked down a spammer’s ISP, you can get contact information by using the methods described earlier and forward the spam to them directly. Or, you can find out if the ISP has an e-mail address specifically to report spammers.
With this information, you should now be better equipped to do your own cyber-sleuthing. You might also search the web for anti-spam websites, spam newsgroups, and other related resources to report violators or to simply gain other helpful information.
[Back to Top]
Individual E-Mail Address Holders:
A violation of Washington's unsolicited commercial e-mail law constitutes a violation of the Consumer Protection Act. Washington's e-mail law provides that the recipient of an e-mail sent in violation of the law is entitled to receive $500 or actual damages. Accordingly, you may file a lawsuit in Washington State Superior Court to recover damages. You may also file a case in any Washington State Small Claims Court if the spammer resides in Washington, or in Washington State District Court if the spammer resides outside the state.
Also, under Washington's Consumer Protection Act, you may file a consumer protection lawsuit in Superior Court and may be entitled to attorney's fees and an order prohibiting the sender from engaging in future unlawful activities. Claims for an amount up to $4,000 can also be brought in Small Claims Court if the spammer resides in Washington.
However, if you decide to take private action under the Consumer Protection Act, we strongly advise you to first consult with a private attorney.
Internet Service Providers:
Internet service providers are also entitled to take private action under Washington's law. The relief they may obtain is slightly different from that available to individual recipients of unlawful e-mail. You may want to consider encouraging your Internet Service Provider to take private action against a sender by whom you have been victimized.
[Back to Top]
The Federal Trade Commission is the appropriate government agency for filing complaints concerning junk email. Click here, to be directed to the Commission's various resources on spam. You can automatically be routed to the FTC's online complaint form by following the link below.
File A Complaint with the FTC
[Back to Top]