What should I do when I get spam email?
When you receive spam, you have several options for dealing with it, explained below. Though it won't affect spam that you are already receiving, you should also take steps to protect your email address from spammers. For more, see What can I do to avoid receiving spam email?
Consider the following options for dealing with spam:
- If you are receiving only a negligible amount of spam, you may
want to simply delete the messages and forget about it.
- UITS provides email filtering services at Indiana
University. The spam quarantine service analyzes all mail delivered to
IU Cyrus/Webmail and Exchange
accounts. Any spam messages you receive are quarantined for five days
Junk E-mail(Exchange) folder in your account. After five days, the spam service deletes these messages automatically. For more information, see At IU, what is the spam quarantine service?
- You can report it to the correct authorities. Be aware, however, that the authorities may not be able to locate and stop the spammer, or they may be able only to locate and stop the spammer's use of that particular email account. Also, the spammer will likely move on to a new account and start over again. But constant complaints to their Internet service providers (ISPs) are really the only negative consequences to sending unsolicited mass mailings that spammers have to deal with, so if you would like to add your voice to the protest, follow the appropriate directions below.
Note: Though you can configure filters in some email clients to automatically delete messages from a spam source, this usually is not an effective solution. Client-side filters can be useful when one particular spammer is annoying you, but most spammers use free accounts from ISPs such as AOL, Yahoo!, and Hotmail, which they use to send spam and then abandon, moving on to another account. Since most spammers' email addresses change so often, filtering on an address is difficult, unless you are able to filter out the whole ISP. You may not be able to do this if you receive email from others who use that ISP legitimately.
When reporting spam, you must include the full headers of the spam you received, because all the regular header fields can be forged. For an explanation of full headers and instructions on how to include them, see In email, what are full headers?
You should report spam to different authorities depending on the type:
Spam that appears to come from a valid IU account
Note: At Indiana University, if you are considering mass mailing, be aware that the University Information Policy Office (UIPO) distinguishes between administrative mailings and mail that is for interpersonal communication, and treats the two differently. For details, see What is IU's policy concerning mass mailing via email?
If you receive spam that appears to come from a valid IU account,
report it to the University Information Policy Office
(UIPO). If the spam is from someone at IU, UIPO staff will
investigate. To report a spam message to UIPO, forward it with
full headers to
Note: UIPO can take action only if the message originated from within IU. All other spam should be reported to the appropriate authority listed below.
It is unlikely that the spam actually did come from a university account, as most spammers use forged (or spoofed) email addresses. Many times the forged username is obviously not valid because it doesn't follow IU conventions for usernames. However, if it looks like came from an IU account, UIPO will investigate to determine its origin, and coordinate a response when possible.
If you receive a message that is addressed to a long list of IU recipients, it should be a targeted mailing (sent to those who have some business or academic reason for interaction), which is an appropriate use of email for university business. If it is sent to an undifferentiated list of people (for example, all students), it may be a prohibited bulk emailing. Report these mailings as outlined here.
Nigerian bank scams or advance fee fraud schemes
These messages usually state that a reputable foreign company or individual is needed for the deposit of an overpayment on a procurement contract. In variations of this scheme, the son or daughter of a murdered official may plead for your assistance in depositing an inheritance in a US bank. Report these to the Internet Crime Complaint Center, which provides a central referral mechanism for complaints involving Internet-related crimes at the federal, state, local, and international level.
For further information about email fraud, see What is email fraud, and what should I do about it?
Pyramid, Ponzi, or multilevel marketing schemes
These are the messages that often tell you that you can make $30,000
in 30 days. All three schemes are similar in that they are based on
the idea that you can receive money by investing money or getting
other people to join. Report these types of messages directly to the
Federal Trade Commission (FTC). To do so, forward the message with
full headers to
For more information about email fraud, see What is email fraud, and what should I do about it?
For information on the FTC's law enforcement actions against spammers, see the FTC Spam page.
Email that makes you feel personally threatened
Sometimes you may have difficulty determining if a message is spam or if it's targeted directly at you. If you receive email that makes you feel personally threatened, contact your local police department immediately. See How do I contact the university police at each IU campus?
All other types of spam
If you wish to pursue action on any other spam you have received, you can send a complaint to the ISP from which the spam originated. More than likely, many others have also complained. If the spammer did not abandon the account immediately after the unsolicited mailing, the flurry of complaints will probably cause the ISP to cancel the account.
Be sure you're sending it to the proper ISP; often, the message headers will be forged so the message appears to come from somewhere other than its true origin. Reading and understanding full headers to determine the original ISP can be quite complicated.
Below you will find a simplified version that works in many cases, but not all. If you use these simplified directions, be aware that you may occasionally send your message to the wrong ISP. (This is another reason to be very polite when you send your message!) To work with full headers:
- Enable your email client to show the full headers for the
message you are investigating; see In email, what are full headers?
- In the full header, start at the last "Received" line (just before the "To:", "From:", "Subject:", and "Date:" lines) and move from the bottom up to find the first IP number in square brackets. The IP number will look something like this: [220.127.116.11]
- Find the sending ISP name closest to this bracketed IP number. It will look something like: servicename.com
- Forward the offending pieces of email, with full
headers, to the username
abuseat the ISP you have identified: email@example.com
Add a polite message, such as "Here's a copy of an unsolicited email message I received. Can you please investigate?" Do not use hostile or rude language, as the person at the other end almost always had nothing to do with sending the spam; he or she is your ally in trying to stop further mailings from that spammer.
- If the service does not maintain an
abuseaccount (i.e., your message bounces back to you), forward your spam complaint, with full headers, to the webmaster: firstname.lastname@example.org
Include a polite message as described above.
Last modified on September 05, 2013.