Go straight to page content
JANET CSIRT
ja.net
the UK's education and research network
                  JANET CSIRT front page Reporting abuse E-mail including "spam" Scanning Denial of Service Security advice Very basic measures Security in detail Building safe networks Policies Legislation and regulation The threats to networks Viruses and worms Deliberate attacks Users of the network E-mail abuse About JANET CSIRT External relationships Training and courses Reports and statistics About JANET Contact JANET CSIRT

JANET CSIRT webmaster:
webmaster@csirt.ja.net
JANET(UK) privacy policy
Google Analytics notice
© The JNT Association 2007

How to report spam or other e-mail abuse

Abuse from JANET addresses or domains

See the general guidance Reporting abuse originating from JANET for notes on which domains and IP addresses are part of JANET.

Please remember that almost everything in an instance of e-mail abuse is untrue and deliberately misleading. The appearance of a JANET domain or IP address in a message does not on its own make it certain that JANET or any JANET organisation is responsible.
Working out where responsibility lies is a detailed and difficult task. Tools are available, but even these are not entirely reliable.

What to include in your report

The most valuable information is one or more message headers. The header is the set of lines sent at the top of a message, but not always shown on the screen unless you ask to see them.
It contains some information that you will easily see (lines beginning "From:", "To:". "Subject:". "Date:");
but also many other lines normally less interesting (those beginning "Received:", "Message-ID:" or "X-Originating-IP:" are particularly important).
"Date:" is not the same as "Sent:"; it will include timezone information possibly indicating where in the world the message came from.

To see the message header you may have to take some particular action depending on your e-mail program or service, such as:

Copy and paste the message header into your report to JANET CSIRT.

Including the rest of the message should be easier; "Forward" or copy and paste are usually good enough.

You may wish to add some information that is not in the message itself, such as:

To get your report to JANET CSIRT see the general guidance Reporting abuse originating from JANET, which also explains how we will respond.

Abuse of JANET from outside

If you belong to a JANET organisation and you have suffered e-mail abuse such as UBE, viruses or harrassing messages, please note the advice in Reporting abuse if you are a JANET user. Normally users should refer first to their local IT support or network staff.

The information required is the same as that described above where the abuse may have originated within JANET, but it not always easy to decide where to send the report. You should normally decide on the basis of the IP addresses involved, rather than the apparent source e-mail addresses or domains; but even IP addresses can be misrepresented (abuse message headers commonly include additional false "Received:" lines intended to make correct reporting harder).

Reporting tools

There are a number of tools and services intended to help victims of abuse send effective reports to the right place.
(To be described in a separate page.)