If you receive spam

On this page:


Overview

When you receive spam, you have several options for dealing with it. Though it won't affect spam that you are already receiving, you should also take steps to protect your email address from spammers. For more, see Avoid receiving spam.

Consider the following options for dealing with spam:

  • If you are receiving only a negligible amount of spam, you may want to simply delete the messages and forget about it.
  • You can report it to the correct authorities. Be aware, however, that the authorities may not be able to locate and stop the spammer, or they may be able only to locate and stop the spammer's use of that particular email account. Also, the spammer will likely move on to a new account and start over again. But constant complaints to their internet service providers (ISPs) are the only negative consequences to sending unsolicited mass mailings that spammers have to deal with, so if you would like to add your voice to the protest, report spam to different authorities depending on the type.

Spam that appears to come from a valid IU account

If you receive spam that appears to come from a valid IU account, UISO will investigate. To report spam you received from a valid IU account, forward it with full headers to it-incident@iu.edu.

Note:
UISO can take action only if the spam message originated from within IU; all other spam should be reported to the appropriate authority listed below.

It is unlikely that the spam actually did come from a university account, as most spammers use forged (or spoofed) email addresses. Many times the forged username is obviously not valid because it doesn't follow IU conventions for usernames. However, if it looks like it came from an IU account, UISO will investigate to determine its origin, and coordinate a response when possible.

If you receive a message that is addressed to a long list of IU recipients, it should be a targeted mailing (sent to those who have some business or academic reason for interaction), which is an appropriate use of email for university business. If it is sent to an undifferentiated list of people (for example, all students), it may be a prohibited bulk emailing. Report these mailings as outlined here.

Note:
At Indiana University, if you are considering mass mailing, be aware that the University Information Policy Office (UIPO) distinguishes between administrative mailings and mail that is for interpersonal communication, and treats the two differently. For details, see About IU's policy on mass email.

Phishing scams

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (for example, your university, your internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (for example, passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

Important:

Indiana University and other reputable organizations will never use email to request that you reply with your password, full Social Security number, or confidential personal information.

If the phishing attempt targets IU in any way (for example, it asks to verify your IU accounts, includes a malicious PDF directed to university human resources, or impersonates IU or UITS), forward it with full headers to phishing@iu.edu.

For more, see Avoid phishing scams.

Nigerian bank scams or advance fee fraud schemes

These messages usually state that a reputable foreign company or individual is needed for the deposit of an overpayment on a procurement contract. In variations of this scheme, the son or daughter of a murdered official may plead for your assistance in depositing an inheritance in a US bank. Report these to the Internet Crime Complaint Center, which provides a central referral mechanism for complaints involving internet-related crimes at the international, federal, state, and local level.

For more, see About email fraud.

Pyramid, Ponzi, or multilevel marketing schemes

These messages inform you that, for example, you can make $30,000 in 30 days. All three schemes are similar in that they are based on the idea that you can receive money by investing money or getting other people to join. Report these types of messages directly to the Federal Trade Commission (FTC). To do so, forward the message with full headers to uce@ftc.gov.

Email that makes you feel personally threatened

If you receive email that makes you feel personally threatened, contact your local police department immediately.

All other types of spam

If you wish to take action on any other spam you have received, you can send a complaint to the ISP from which the spam originated. It is likely that many others have also complained. If the spammer did not abandon the account immediately after the unsolicited mailing, the flurry of complaints will probably cause the ISP to cancel the account.

Be sure you're sending your complaint to the proper ISP; often, the message headers will be forged so the message appears to come from somewhere other than its true origin. Reading and understanding full headers to determine the original ISP can be quite complicated.

Below you will find a simplified version that works in many cases, but not all. If you use these simplified directions, be aware that you may occasionally send your message to the wrong ISP. (This is a good reason to be very polite when you send your message!) To work with full headers:

  1. Enable your email client to show the full headers for the message you are investigating.
  2. In the full header, start at the last "Received" line (just before the "To:", "From:", "Subject:", and "Date:" lines) and move from the bottom up to find the first IP number in square brackets. The IP number will look something like this:
    [207.68.171.233]
  3. Find the sending ISP name closest to this bracketed IP number. It will look something like:
    servicename.com
  4. Forward the offending pieces of email, with full headers, to the username abuse at the ISP you have identified:
    abuse@servicename.com

    Add a polite message, such as "Here's a copy of an unsolicited email message I received. Can you please investigate?" Do not use hostile or rude language, as the person at the other end almost always had nothing to do with sending the spam; he or she is your ally in trying to stop further mailings from that spammer.

  5. If the service does not maintain an abuse account (that is, your message bounces back to you), forward your spam complaint, with full headers, to the webmaster:
    webmaster@servicename.com

    Include a polite message as described above.

Note:
Though you can configure filters in some email clients to automatically delete messages from a spam source, this usually is not an effective solution. Client-side filters can be useful when one particular spammer is annoying you, but most spammers use free accounts from ISPs such as AOL, Yahoo!, and Hotmail, which they use to send spam and then abandon, moving on to another account. Since most spammers' email addresses change so often, filtering on an address is difficult, unless you are able to filter out the whole ISP. You may not be able to do this if you receive email from others who use that ISP legitimately.

This is document aknx in the Knowledge Base.
Last modified on 2023-09-28 14:50:44.