Summary
Reporting fraudulent emails and domains involves a multi-faceted approach. Direct reporting to Spamhaus requires evidence, while reporting to the FTC, APWG (via ReportPhish), and IC3 are also recommended. Utilizing reporting mechanisms within email providers like Gmail and Microsoft helps train spam filters. Contacting domain registrars and hosting providers facilitates the takedown of malicious sites. Additionally, Google Safe Browsing and the NCSC (in the UK) offer avenues for reporting phishing sites. Sharing with mailop and leveraging reputation blocklists (RBLs) are valuable strategies. Remember that direct reporting of spammers is often difficult, making reporting to Spamhaus and SURBL more effective for blocking. Internal reporting within your organization is also crucial.
Key findings
- Spamhaus Requirements: Spamhaus requires evidence (email headers, etc.) before listing domains/IPs.
- FTC, APWG, IC3 Importance: Reporting to the FTC, APWG (via ReportPhish), and IC3 helps track and prosecute scammers and combat phishing campaigns.
- Email Provider Reporting: Reporting within Gmail, Microsoft, and other providers trains spam filters.
- Registrar/Host Action: Domain registrars and hosting providers can take down malicious sites.
- Safe Browsing Benefits: Reporting to Google Safe Browsing protects other users from phishing sites.
- RBL Effectiveness: Reputation blocklists (RBLs) are effective for identifying potential problems.
- Reporting limitations: Directly reporting spammers is difficult, it is best to share with Spamhaus and SURBL
Key considerations
- Gather Evidence: Collect comprehensive evidence when reporting (email headers, examples).
- Multi-Channel Reporting: Report incidents through multiple channels (Spamhaus, FTC, APWG, registrar, etc.)
- Platform-Specific Reporting: Use built-in reporting features in email platforms like Gmail and Microsoft.
- Internal Communication: Report incidents internally within your organization.
- Use BlockLists: Leverage reputation blocklists to get potentially harmful domains blocked.
What email marketers say
8 marketer opinions
Several avenues exist for reporting fraudulent emails and domains. Sharing information with mailop, reporting to the FTC, and utilizing reporting mechanisms within email providers like Gmail and Microsoft help train spam filters and facilitate investigations. Contacting domain registrars and hosting providers can lead to the takedown of malicious sites. Additionally, reporting to Google Safe Browsing, the NCSC (UK), the Internet Crime Complaint Center (IC3), the APWG, and security vendors broadens the scope of the report and helps to make the internet a safer place.
Key opinions
- FTC Reporting: Reporting to the FTC aids in tracking and prosecuting scammers.
- Email Provider Reports: Reporting within email platforms trains spam filters.
- Registrar/Host Reporting: Domain registrars and hosting providers can take down malicious sites.
- Safe Browsing: Report phishing URLs to Google Safe Browsing to protect other users.
- IC3 Reporting: The Internet Crime Complaint Center (IC3) is a resource for reporting internet crimes.
- Mailop Reporting: Mailop is also another resource for reporting issues related to phishing.
Key considerations
- Scope of Reporting: Consider reporting to multiple entities (FTC, email provider, registrar, APWG, security vendors) for comprehensive action.
- Internal Reporting: Report internally within your organization to raise awareness and prevent further incidents.
- Timeliness: Report incidents promptly to minimize potential damage.
- Jurisdiction: Consider reporting to agencies relevant to your geographic location (e.g., NCSC in the UK).
Marketer view
Email marketer from SiteLock suggests reporting the fraudulent domain to its registrar and hosting provider, as they are responsible for taking down malicious sites.
1 Jan 2022 - SiteLock
Marketer view
Email marketer from Reddit shares that reporting phishing emails to the FTC (Federal Trade Commission) can help them track and prosecute scammers.
25 Jul 2022 - Reddit
What the experts say
3 expert opinions
Experts provide insights into reporting fraudulent emails and domains. One offers to assist with forwarding examples to Spamhaus, highlighting the need for evidence. Another suggests that direct reporting of spammers is often ineffective but recommends Spamhaus and SURBL for blocking. A third expert emphasizes the importance and effectiveness of reputation blocklists (RBLs) for identifying potential issues.
Key opinions
- Evidence Requirement: Spamhaus typically requires its own evidence before listing domains or IPs.
- Direct Reporting Ineffectiveness: Direct reporting of spammers is often difficult due to tracking challenges.
- RBL Importance: Reputation blocklists (RBLs) are effective tools for identifying potential problems, using varied metrics.
- Alternate reporting: SURBL may be a useful alternate for getting spammers blocked.
Key considerations
- Gather Evidence: Compile evidence (email headers, examples) when reporting to Spamhaus.
- Leverage Blocklists: Understand and utilize reputation blocklists as a tool for identifying potentially harmful domains.
- Focus on Blocking: Prioritize reporting to entities that can effectively block spammers and fraudulent domains.
Expert view
Expert from Word to the Wise explains that reputation blocklists (RBLs) are effective and important. Being listed is a sign of a potential problem, but most importantly they use a variety of metrics to make their decisions to list IPs and Domains.
13 Jul 2023 - Word to the Wise
Expert view
Expert from Email Geeks offers to forward examples of fraudulent emails to Spamhaus, emphasizing that Spamhaus typically requires their own evidence before listing domains/IPs. She later suggests contacting the anti-phishing working group, then notes that some of the domains provided are already blocked, indicating the issue is being handled.
31 Aug 2023 - Email Geeks
What the documentation says
5 technical articles
Various organizations provide specific channels for reporting fraudulent emails. Spamhaus accepts reports via email with full headers. M3AAWG recommends reporting phishing to the APWG and the FTC for fraud-related cases. Gmail users can report directly within the platform. The APWG's ReportPhish aggregates data to combat phishing. The FTC also accepts reports of scams and phishing on their website.
Key findings
- Spamhaus Reporting: Report missed spam to Spamhaus via email with full headers.
- M3AAWG Recommendations: Report phishing to APWG and fraud-related phishing to the FTC.
- Gmail Reporting: Gmail offers a built-in reporting mechanism for phishing emails.
- APWG ReportPhish: ReportPhish aggregates data to combat phishing campaigns.
- FTC Reporting: The FTC accepts reports of scams and phishing.
Key considerations
- Headers Needed: Ensure full email headers are included when reporting to Spamhaus.
- Platform-Specific Reporting: Utilize built-in reporting features provided by email platforms like Gmail.
- Fraudulent intent: The FTC is best suited for cases of phishing and scams with fraudulent intent.
- Consider Multiple Channels: Consider reporting incidents to multiple organizations to maximize impact.
Technical article
Documentation from Spamhaus.org explains that you can report spam they missed by forwarding the email as an attachment to report.spam@spamhaus.org. They require the full email with headers to investigate.
10 Jun 2022 - Spamhaus.org
Technical article
Documentation from support.google.com explains that for Gmail users, report phishing emails directly through Gmail by clicking the 'Report phishing' option within the email.
13 Nov 2023 - support.google.com
Can a competitor damage my domain reputation by sending spam with links to my site?
How do I get help with a Spamhaus CSS delist?
How can I get delisted from Spamhaus?
Besides Spamhaus, what blocklists are important for email marketers to monitor?
How do I check Spamhaus for my IP address and understand the listings?
How can I report cold outreach spam to Google and what actions do they take?
How can I get help with a Spamhaus listing delisting?
How are delist requests processed and spam detected, and why might legitimate inquiries be overlooked?
