Home of the World Famous VIRUS BUSTERS
Download Antivirus Software
What to Do If You Have a Virus
Virus Filtering
Viruses Seen at U-M
Hoaxes, Hooey, and Hogwash
Urban Legends
U-M Resources
Other Resources
Contact Us
We Ain't 'Fraid O' No Virus!

Fighting spam (Junk Email)

Bruce P. Burrell (bpb@umich.edu)
April 16, 2003

This information can be freely reproduced in any medium, as long as the information is unmodified.

We often get queries about how to prevent spam, also known as unsolicted commercial email (UCE), or junk email. Spam is email that comes unsolicited, from a source unknown to you. Often the email header information is forged, so that it is more difficult to trace back to (and punish) the spammer.

While spam is not a computer virus issue—and therefore we claim no particular expertise—it certainly is a major nuisance. Below are some suggestions for how to fight spam.

Note: The information below is provided as-is. We are not responsible for handling spam, and if you forward any of it to us, or ask us for help on how to deal with your spam, we're likely to delete it without so much as a reply (though we might read it). In fact, I shouldn't say "we"; rather, I'm providing this info on my own. That understood, I hope you'll find the information below useful.

First, what NOT to do:

  • Do not reply to the sender: this merely returns your email back to your mailbox, "address unknown" (if the spammer's address is forged), or tells the spammer that your email address is a "live" one (if the sending address is a valid one).

  • Don't be fooled into replying by text within the spam that suggests that you can get your name removed from the list: see Point 1 above.

  • Don't be fooled by a claim that the email is not spam. If you don't want it, and didn't explicitly ask to receive email from the sender, then it is spam. [Except, perhaps, if you've done business withthe sender before. In that case, however, you know that they have your email address, and a polite request to be removed from their list probably will be successful.]

  • Don't be fooled by an official-sounding blurb that says that the spam is in compliance with some legislation: it is a ploy to try to convince you not to complain. Remember: the longer the spammer can keep using a particular ISP, the easier it is for the spammer... and the more spam the spammer can send.

  • Do not send abusive email to anyone about the spam. If you contact the proper authorities, please do so politely.

Ok, now what can you actually DO?

  • You can just delete it, of course.

  • Your emailer may have the ability to filter email. If it does, designing filters wisely may save you a lot of deleting.

  • You can ask your email administrator to block spam. Note that this probably won't be 100% successful, but it can reduce spam by orders of magnitude.

The solutions above do nothing to prevent spam or make life miserable for the spammers; the procedures below actually take action against spammers:

  • If you decide to report spam, definitely consider forwarding a copy of the spam (with full email headers) to the U.S. Federal Trade Commission (FTC)—they have been collecting spam since 1998: "The FTC uses the unsolicited emails stored in this database to pursue law enforcement actions against people who send deceptive spam email."

    As of 11 June, 2002, the FTC says it was receiving 42,000 pieces of forwarded spam per day. Help convince them that the actual amount of spam out there is a LOT more...

    I actually have defined a function key to forward email to the FTC automatically. Perhaps you can do something similar to make it equally easy for you.

  • You can ask your appropriate local support to take action against the spammer—but be forwarned: these support groups are almost always overburdened. If possible, deal with it yourself. Note that recently we've seen a lot of email that has forged addresses—it looks as if the sender comes from the same place you do (e.g., U-M recipients appear to get email from somebody@umich.edu). If spam really does come from U-M, it would be proper to contact the IT User Advocate—but usually it comes from somewhere else entirely. See Can the spam! for how to parse email to determine whether or not it originated at your site.

  • You can report it in a fairly automated fashion. One nice method is to use SpamCop's free spam reporting system. SpamCop works very well for GUI email clients, but not so well for text-based one (like pine).

  • If you use a text-based emailer, or if you want to learn about how spammers do their evil deeds, you'll need to understand more about spam. I suggest that you read the Gandalf's Spam FAQ—in particular, read the part about email headers: how to display them, and how to interpret them. As an alternative, see StopSpam.org's Reading Email Headers.

  • If you want to learn more about how spammers may have found your email address and what to do to make it less likely to be harvested in the future, see the Center for Democracy & Technology's Why Am I Getting All This Spam? page.

  • When I send a spam complaint, I use a standard template. If you can't decide what to write in your complaint, I might loan my template to you. ;-)

I hope these tips will be helpful to you; they are by no means intended to be all-inclusive. The SpamCop site and the Spam FAQ should give you plenty of additional information and links to be able to fight spam and win.

 

U-M Virus Busters

virus.busters@umich.edu

ITS | University of Michigan
Copyright © 1996-2008 The Regents of The University of Michigan

visits since this site was redesigned 5/21/04

This page last updated February 19, 2008