/ gilday / blog

📧 Fight the Spammers

November 11, 2023

I get more than my fair share of spam. Of course, I “mark as spam”, but then I also report the sender to both their email provider and their email tracker (if they have one). My hope, especially with the email trackers, is that I can increase the cost of supporting spammers on these platforms that enable them.

Reporting Abuse to Email Services

I typically get spam from throwaway email addresses on major email services like gmail and hotmail. These email services have policies against spamming, so you can report them.

  1. Gmail https://support.google.com/mail/contact/abuse
  2. Hotmail send a message to abuse@outlook.com with the offending message attached.
  3. Other look-up at https://www.abuse.net/

For reporting by email, I use the template.

Reporting Unsolicited Spam with No Opt-Out

The attached message was sent to me as unsolicited spam with no opt-out.

Reporting Abuse to Email Tracking Services

Like any email campaign, spammers sometimes use an email tracking service to measure the effectiveness of their campaign. I use Proton Mail, and it shows me which trackers it has blocked in a given message.

yamm-tracker-blocked

Yet Another Mail Merge is a favorite for spammers, despite having a no-spam policy in place. I create a new support ticket with them in the “Security / Legal category”.

Here’s the template I use:

Business Impact
Moderate
Summary
Reporting Abuse: YAMM Used in Spam Campaign
Description
One of your users is sending unsolicited spam with no opt-out from address <spammer>@gmail.com. They're tracking their spam campaign using YAMM tracker <URL-to-tracker>. I’ve attached the email.

Reporting Abuse to Google Docs, Forms, Drive

Spammers increasingly use Google applications to phishing emails. The emails come from Google, so they look relatively legitimate compared to campaigns sent from their random email addresses. Google has a separate way to report abuse with these applications.

Unfortunately, you must actually open the malicious document to report it.

See https://support.google.com/docs/answer/2463296?hl=en

Summary

Of course, spammers don’t care if they get their throwaway email address blocked. But, the email services that enable spammers do care when they need to spend resources processing abuse reports. Consider joining me in raising the cost of supporting spammers.

Johnathan Gilday

Written by Johnathan Gilday. Red Bank, NJ, USA based software developer.

© 2024, Johnathan Gilday