What should I do when I get spam email?
When you receive spam, you have several options for dealing with it, explained below. Though it won't affect spam that you are already receiving, you should also take steps to protect your email address from spammers. For more, see What can I do to avoid receiving spam email?
Consider the following options for dealing with spam:
- If you are receiving only a negligible amount of spam, you may want to simply delete the messages and forget about it.
- UITS provides email filtering services at Indiana University; see At IU, what is the spam quarantine service?
- You can report it to the correct authorities. Be aware, however, that the authorities may not be able to locate and stop the spammer, or they may be able only to locate and stop the spammer's use of that particular email account. Also, the spammer will likely move on to a new account and start over again. But constant complaints to their Internet service providers (ISPs) are really the only negative consequences to sending unsolicited mass mailings that spammers have to deal with, so if you would like to add your voice to the protest, report spam to different authorities depending on the type:
Spam that appears to come from a valid IU account
If you receive spam that appears to come from a valid IU account, UIPO will investigate. UIPO can take action only if the message originated from within IU; all other spam should be reported to the appropriate authority listed below.
To report an email breach, abuse, phishing attack, or spam, send email to firstname.lastname@example.org.
Be sure to include full headers.
It is unlikely that the spam actually did come from a university account, as most spammers use forged (or spoofed) email addresses. Many times the forged username is obviously not valid because it doesn't follow IU conventions for usernames. However, if it looks like came from an IU account, UIPO will investigate to determine its origin, and coordinate a response when possible.
If you receive a message that is addressed to a long list of IU recipients, it should be a targeted mailing (sent to those who have some business or academic reason for interaction), which is an appropriate use of email for university business. If it is sent to an undifferentiated list of people (for example, all students), it may be a prohibited bulk emailing. Report these mailings as outlined here.
Nigerian bank scams or advance fee fraud schemes
These messages usually state that a reputable foreign company or individual is needed for the deposit of an overpayment on a procurement contract. In variations of this scheme, the son or daughter of a murdered official may plead for your assistance in depositing an inheritance in a US bank. Report these to the Internet Crime Complaint Center, which provides a central referral mechanism for complaints involving Internet-related crimes at the international, federal, state, and local level.
For more, see What is email fraud, and what should I do about it?
Pyramid, Ponzi, or multilevel marketing schemes
These messages inform you that, for example, you can make $30,000
in 30 days. All three schemes are similar in that they are based on
the idea that you can receive money by investing money or getting
other people to join. Report these types of messages directly to the
Federal Trade Commission (FTC). To do so, forward the message with
full headers to
For information on the FTC's law enforcement actions against spammers, see Homeland Security's Spam page.
Email that makes you feel personally threatened
If you receive email that makes you feel personally threatened, contact your local police department immediately.
All other types of spam
If you wish to take action on any other spam you have received, you can send a complaint to the ISP from which the spam originated. It is likely that many others have also complained. If the spammer did not abandon the account immediately after the unsolicited mailing, the flurry of complaints will probably cause the ISP to cancel the account.
Be sure you're sending your complaint to the proper ISP; often, the message headers will be forged so the message appears to come from somewhere other than its true origin. Reading and understanding full headers to determine the original ISP can be quite complicated.
Below you will find a simplified version that works in many cases, but not all. If you use these simplified directions, be aware that you may occasionally send your message to the wrong ISP. (This is another reason to be very polite when you send your message!) To work with full headers:
- Enable your email client to show the full headers for the message you are investigating.
- In the full header, start at the last "Received" line (just before
the "To:", "From:", "Subject:", and "Date:" lines) and move from the
bottom up to find the first IP number in square brackets.
The IP number will look something like this:
- Find the sending ISP name closest to this bracketed IP number. It
will look something like:
- Forward the offending pieces of email, with full
headers, to the username
abuseat the ISP you have identified:
Add a polite message, such as "Here's a copy of an unsolicited email message I received. Can you please investigate?" Do not use hostile or rude language, as the person at the other end almost always had nothing to do with sending the spam; he or she is your ally in trying to stop further mailings from that spammer.
- If the service does not maintain an
abuseaccount (i.e., your message bounces back to you), forward your spam complaint, with full headers, to the webmaster:
Include a polite message as described above.
This is document aknx in the Knowledge Base.
Last modified on 2015-06-22.
- Fill out this form to submit your issue to the UITS Support Center.
- Please note that you must be affiliated with Indiana University to receive support.
- All fields are required.