Suped

How can I report fraudulent emails and domains to Spamhaus and other relevant organizations?

8Marketer opinions3Expert opinions5Technical articles0Resources

Summary

Reporting fraudulent emails and domains involves a multi-faceted approach. Direct reporting to Spamhaus requires evidence, while reporting to the FTC, APWG (via ReportPhish), and IC3 are also recommended. Utilizing reporting mechanisms within email providers like Gmail and Microsoft helps train spam filters. Contacting domain registrars and hosting providers facilitates the takedown of malicious sites. Additionally, Google Safe Browsing and the NCSC (in the UK) offer avenues for reporting phishing sites. Sharing with mailop and leveraging reputation blocklists (RBLs) are valuable strategies. Remember that direct reporting of spammers is often difficult, making reporting to Spamhaus and SURBL more effective for blocking. Internal reporting within your organization is also crucial.

Key findings

  • Spamhaus Requirements: Spamhaus requires evidence (email headers, etc.) before listing domains/IPs.
  • FTC, APWG, IC3 Importance: Reporting to the FTC, APWG (via ReportPhish), and IC3 helps track and prosecute scammers and combat phishing campaigns.
  • Email Provider Reporting: Reporting within Gmail, Microsoft, and other providers trains spam filters.
  • Registrar/Host Action: Domain registrars and hosting providers can take down malicious sites.
  • Safe Browsing Benefits: Reporting to Google Safe Browsing protects other users from phishing sites.
  • RBL Effectiveness: Reputation blocklists (RBLs) are effective for identifying potential problems.
  • Reporting limitations: Directly reporting spammers is difficult, it is best to share with Spamhaus and SURBL

Key considerations

  • Gather Evidence: Collect comprehensive evidence when reporting (email headers, examples).
  • Multi-Channel Reporting: Report incidents through multiple channels (Spamhaus, FTC, APWG, registrar, etc.)
  • Platform-Specific Reporting: Use built-in reporting features in email platforms like Gmail and Microsoft.
  • Internal Communication: Report incidents internally within your organization.
  • Use BlockLists: Leverage reputation blocklists to get potentially harmful domains blocked.

What email marketers say
8Marketer opinions

Several avenues exist for reporting fraudulent emails and domains. Sharing information with mailop, reporting to the FTC, and utilizing reporting mechanisms within email providers like Gmail and Microsoft help train spam filters and facilitate investigations. Contacting domain registrars and hosting providers can lead to the takedown of malicious sites. Additionally, reporting to Google Safe Browsing, the NCSC (UK), the Internet Crime Complaint Center (IC3), the APWG, and security vendors broadens the scope of the report and helps to make the internet a safer place.

Key opinions

  • FTC Reporting: Reporting to the FTC aids in tracking and prosecuting scammers.
  • Email Provider Reports: Reporting within email platforms trains spam filters.
  • Registrar/Host Reporting: Domain registrars and hosting providers can take down malicious sites.
  • Safe Browsing: Report phishing URLs to Google Safe Browsing to protect other users.
  • IC3 Reporting: The Internet Crime Complaint Center (IC3) is a resource for reporting internet crimes.
  • Mailop Reporting: Mailop is also another resource for reporting issues related to phishing.

Key considerations

  • Scope of Reporting: Consider reporting to multiple entities (FTC, email provider, registrar, APWG, security vendors) for comprehensive action.
  • Internal Reporting: Report internally within your organization to raise awareness and prevent further incidents.
  • Timeliness: Report incidents promptly to minimize potential damage.
  • Jurisdiction: Consider reporting to agencies relevant to your geographic location (e.g., NCSC in the UK).
Marketer view

Email marketer from SiteLock suggests reporting the fraudulent domain to its registrar and hosting provider, as they are responsible for taking down malicious sites.

December 2023 - SiteLock
Marketer view

Email marketer from Reddit shares that reporting phishing emails to the FTC (Federal Trade Commission) can help them track and prosecute scammers.

April 2022 - Reddit
Marketer view

Email marketer from Digital Shadows recommends reporting phishing sites to Google Safe Browsing. They also suggest reporting it to the National Cyber Security Centre (NCSC) if in the UK.

May 2023 - Digital Shadows
Marketer view

Marketer from Email Geeks suggests sharing to mailop.

April 2023 - Email Geeks
Marketer view

Email marketer from Norton recommends reporting the phishing attempt to the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center.

June 2024 - Norton
Marketer view

Email marketer from Proofpoint recommends reporting to the domain registrar and hosting provider, the APWG, and security vendors. Also report the incident internally.

August 2024 - Proofpoint
Marketer view

Email marketer from StackExchange explains that many large email providers (like Gmail, Yahoo, etc.) use user reports to help train their spam filters. Reporting helps the filters learn.

August 2024 - StackExchange
Marketer view

Email marketer from Microsoft shares information on how to report phishing from within their products to their own security team.

December 2022 - Microsoft

What the experts say
3Expert opinions

Experts provide insights into reporting fraudulent emails and domains. One offers to assist with forwarding examples to Spamhaus, highlighting the need for evidence. Another suggests that direct reporting of spammers is often ineffective but recommends Spamhaus and SURBL for blocking. A third expert emphasizes the importance and effectiveness of reputation blocklists (RBLs) for identifying potential issues.

Key opinions

  • Evidence Requirement: Spamhaus typically requires its own evidence before listing domains or IPs.
  • Direct Reporting Ineffectiveness: Direct reporting of spammers is often difficult due to tracking challenges.
  • RBL Importance: Reputation blocklists (RBLs) are effective tools for identifying potential problems, using varied metrics.
  • Alternate reporting: SURBL may be a useful alternate for getting spammers blocked.

Key considerations

  • Gather Evidence: Compile evidence (email headers, examples) when reporting to Spamhaus.
  • Leverage Blocklists: Understand and utilize reputation blocklists as a tool for identifying potentially harmful domains.
  • Focus on Blocking: Prioritize reporting to entities that can effectively block spammers and fraudulent domains.
Expert view

Expert from Word to the Wise explains that reputation blocklists (RBLs) are effective and important. Being listed is a sign of a potential problem, but most importantly they use a variety of metrics to make their decisions to list IPs and Domains.

March 2025 - Word to the Wise
Expert view

Expert from Email Geeks offers to forward examples of fraudulent emails to Spamhaus, emphasizing that Spamhaus typically requires their own evidence before listing domains/IPs. She later suggests contacting the anti-phishing working group, then notes that some of the domains provided are already blocked, indicating the issue is being handled.

July 2021 - Email Geeks
Expert view

Expert from Spam Resource explains that reporting spammers does not work because spammers are usually very hard to track down. He also suggests that reporting to Spamhaus and SURBL is effective for getting spammers blocked.

March 2022 - Spam Resource

What the documentation says
5Technical articles

Various organizations provide specific channels for reporting fraudulent emails. Spamhaus accepts reports via email with full headers. M3AAWG recommends reporting phishing to the APWG and the FTC for fraud-related cases. Gmail users can report directly within the platform. The APWG's ReportPhish aggregates data to combat phishing. The FTC also accepts reports of scams and phishing on their website.

Key findings

  • Spamhaus Reporting: Report missed spam to Spamhaus via email with full headers.
  • M3AAWG Recommendations: Report phishing to APWG and fraud-related phishing to the FTC.
  • Gmail Reporting: Gmail offers a built-in reporting mechanism for phishing emails.
  • APWG ReportPhish: ReportPhish aggregates data to combat phishing campaigns.
  • FTC Reporting: The FTC accepts reports of scams and phishing.

Key considerations

  • Headers Needed: Ensure full email headers are included when reporting to Spamhaus.
  • Platform-Specific Reporting: Utilize built-in reporting features provided by email platforms like Gmail.
  • Fraudulent intent: The FTC is best suited for cases of phishing and scams with fraudulent intent.
  • Consider Multiple Channels: Consider reporting incidents to multiple organizations to maximize impact.
Technical article

Documentation from Spamhaus.org explains that you can report spam they missed by forwarding the email as an attachment to report.spam@spamhaus.org. They require the full email with headers to investigate.

February 2023 - Spamhaus.org
Technical article

Documentation from support.google.com explains that for Gmail users, report phishing emails directly through Gmail by clicking the 'Report phishing' option within the email.

November 2024 - support.google.com
Technical article

Documentation from FTC explains that you can report scams and phishing attempts to the FTC via their website.

October 2024 - FTC.gov
Technical article

Documentation from APWG explains that reporting phishing emails to ReportPhish helps aggregate data and take action against phishing campaigns.

April 2022 - APWG.org
Technical article

Documentation from M3AAWG.org recommends reporting phishing attempts to the Anti-Phishing Working Group (APWG). They also suggest reporting to the FTC if the phishing attempts are related to fraud.

June 2022 - M3AAWG.org

Related resources
0Resources

No related resources found.

Related questions