Last Modified:

What can you do about SPAM?

This is a public service provided by the Spacecoast Hidden Mickeys List, Sporting Adventures and OITC.

Introduction

Unfortunately to combat SPAM you need to know some technical information about SMTP EMail headers and protocol.

Headers

Let's learn about headers. The headers of an EMail message or news post are there to describe information about the message and where it came from. Your EMail program or news reader does not show all the headers to cut down on visual clutter. It is important to checkout these headers in your search for the SPAMmer.

No matter what EMail or News reader you use, it has an option to view the headers. So select the option that makes the hidden headers visible. In Netscape select Options/Show all headers, in Eudora click on BLAH BLAH on the message window, in MSWIN Pegasus press ^H, in Pine press H, in VM press t and in NewsExpress select File/ Options/ Compose/ Include Headers. Other news/EMail readers have similar options.

Important headers are:

From a SPAMming perspective, the placement of the headers is also extremely important. Let's look at some real world headers and learn what to do.

Investigating Headers

These are actual emails received from the net. I have hilighted varous areas for discussion and have remove some of my own domains.

Case 1

This one came from a university.

Received: from Valid Relay Address Withheld (Valid Relay IP Withheld) by Your POP/SMTP Server's Address
 with ESMTP (Eudora Internet Mail Server 1.2); Fri, 13 Feb 1998 12:10:59 -0500
Received: from CSDAlpha2.sbu.ac.uk ([136.148.1.111])
          by Valid Relay Address Withheld (2.0 Build 2119 (Berkeley 8.8.4)/8.8.4) with ESMTP
	  id MAA20191 for <Valid EMail Address Withheld>; Fri, 13 Feb 1998 12:10:45 -0500

From: major@bulk.com
Received: from fire.sbu.ac.uk (fire.sbu.ac.uk [136.148.1.4])
	by CSDAlpha2.sbu.ac.uk (8.8.8/8.8.8) with SMTP id QAA22569;
	Fri, 13 Feb 1998 16:45:18 GMT
Received: from fire.sbu.ac.uk (157.atlanta-05.ga.dial-access.att.net) by
          fire.sbu.ac.uk (MX V4.2 AXP) with SMTP; Fri, 13 Feb 1998 16:37:36 GMT
Received: from major@emailserver.com by Joe Schmoe@schmo.com (8.8.5/8.6.5) with
          SMTP id GAA08857 for <mo@inky.com>; Fri, 13 Feb 1998 11:31:24 -0600
          (EST)
Date: Fri, 13 Feb 98 11:31:24 EST
To: mo@inky.com
Subject: Electricity Deregulation MLM, Reputable Company.
          Pre-launch!!
Message-ID: <ASFAS85858993..@>
Reply-To: major@emailserver.com
Comments: Authenticated sender is
          <major@emailserver.com>

Notice that the Received text before the "standard headers". This is very important because SPAMmers try to confuse you by generating bogus headers. You need to work back from the first one.

Notice, also, that the SPAMmer tried to make you believe that the SPAM came from att.net. It did not

Also, notice that in the bogus headers, there are no IP addresses. You need to spend no time looking at these.

Although the last (first displayed) header is usually correct, do not expect it. Always do a Trace Route.

Copy the IP, in this case 136.148.1.111, to your Trace Route program and verify. In this case it really is CSDAlpha2.sbu.ac.uk. Many times this last IP is a mail server from some unsuspecting ISP that the SPAMmer invaded to send the SPAM. Usually, they have nothing to do with it and even sending courtesy mail to a small ISP could bring them to their knees so treat this domain special. It also could be a relay if you have a lot or addresses .forwarded to single EMail address. This looks like it may be a SPAM ISP. So lets look at the Web. www.sbu.ac.uk is actually South Bank University London. Doesn't sound like a SPAMmer. Looking over all the headers, we can find no trace of a dial-in IP nor another relay. What this means is either the SPAMmer was a student with and account inside the university or he was very good at hiding his identity.

Either way it is time to turn over the hunt to South Bank University London. We find a contact EMail address for the university at the bottom of the page. It is sally@vax.sbu.ac.uk. Now that we have decoded the SPAM, we can take action.

  1. We forward the original SPAM with all the headers displayed to abuse@sbu.ac.uk, sally@vax.sbu.ac.uk

Case 2

This one came from a SPAM ISP but contained information to allow us to report the SPAMmer to his real ISP and to the FTC.

Received: from mailnowmail.com (206.222.113.147) by Your POP/SMTP Server's Address
 with ESMTP (Eudora Internet Mail Server 1.2); Sat, 14 Feb 1998 03:43:48 -0500
Received: by mailnowmail.com (8.8.8/8.8.5) with SMTP id VAA19554;
	Fri, 13 Feb 1998 21:00:16 -0500 (EST)
Date: Fri, 13 Feb 1998 21:00:16 -0500 (EST)
Message-Id: <199802140200.VAA19554@mailnowmail.com>
From: checkmate@mailnowmail.com
To: checkmate@mailnowmail.com
Subject: Is your checkbook safe?

This one was a little more difficult as it came from a smart bulk EMailer and used a SPAM ISP as a relay.

Lets us look at the header. mailnowmail.com is a SPAM IP. It matches 206.222.113.147 according to Trace Route and is handled by a router from e-sales.net. Doesn't sound good. Also, both www.mailnowmail.com and www.e-sales.net do not exist on the web.

This is a case of a SPAMmer using a dedicated mail server. Usually, the only thing you can do here is add mailnowmail.com and e-sales.net to your filter list so future SPAM from them will be routed directly to your mail program's trash. But, in this case, we can fight back.

Looking over the SPAM we look for contact information. In this case we find: 

http://www.wimall.com/skyshop/checks.html

or e-mail me at:

Mikef@sbbsonline.com
Unfortunately www.wimall.com is a cybermall and probably wouldn't do anything to stop the SPAMmer. I could find no acceptable use policy.

However, www.sbbsonline.com is a legitemate ISP with an acceptable use policy. They list their contact person as sgordon@sbbs.net, so I have this address to complain to as well as abuse@sbbsonline.com.

Another thing about this SPAM is that the individual may be trying to commit fraud. The FTC has a special SPAM fraud squad and their EMail is uce@ftc.gov.

Now that we have decoded the SPAM, we can take action.

  1. We enter mailnowmail.com and e-sales.net into our EMailer's filter-to-trash list.
  2. We forward the original SPAM with all the headers displayed to abuse@sbbsonline.com, sgordon@sbbs.net, uce@ftc.gov

Case 3

This one came from a SPAM ISP but contained information to allow us to report the SPAMmer to the ISP who is providing the SPAMmer with communications. This honest ISP will probably take action.

Received: from apollo.redcomet.net (208.10.252.105) by Your POP/SMTP Server's Address
 with ESMTP (Eudora Internet Mail Server 1.2); Fri, 13 Feb 1998 17:36:08 -0500
Received: by apollo.redcomet.net (8.8.7/8.8.4) with SMTP
	  id RAA26620; Fri, 13 Feb 1998 17:31:18 -0500
From: rnr@dollarmagic.com
Received: from dollarmagic.com by dollarmagic.com (8.8.5/8.6.5) with SMTP id GAA04433 for ; Fri, 13 Feb 1998 15:43:18 -0600 (EST)
Date: Fri, 13 Feb 98 15:43:18 EST
To: ZipTest@aol.com
Subject: I earned $200 my very first day -- FREE information tells how I did it.
Message-ID: <97081701345@dollarmagic.com>
Reply-To: rnr@fireyourboss.nu
X-UIDL: 98020731135799753246804268573475
Comments: Authenticated sender is

Note that in this case the critical Received headers occur before the "From" header. The rest of the "Received" headers are bogus.

Here 208.10.252.105 is really apollo.redcomet.net and www.redcomet.net doesn't exist so its probably a SPAM ISP.

Doesn't look too good. However, looking at the output of Trace Route we see that apollo.redcomet.net is being routed through compu.net. Upon invesitgation of www.compu.net we find it is an ISP in Paris, TN. It has a contact address of blarson@compu.net.

Now that we have decoded the SPAM, we can take action.

  1. We forward the original SPAM with all the headers displayed to abuse@compu.net, blarson@compu.net

Case 4

This one came from a SPAM ISP but contained information to allow us to determine the major communications carrier, guess at the possible dialup address of the SPAMmer and identified tha SPAM as being something to send to the FTC.

Received: from Valid Relay Address Withheld (Valid Relay IP Withheld) by Your POP/SMTP Server's Address
 with ESMTP (Eudora Internet Mail Server 1.2); Fri, 13 Feb 1998 22:07:55 -0500
Received: from ns3.adult-host.net (mail.net-ops.net [208.235.97.12])
          by Valid Relay Address Withheld (2.0 Build 2119 (Berkeley 8.8.4)/8.8.4) with ESMTP
	  id WAA20836 for <Valid EMail Address Withheld>; Fri, 13 Feb 1998 22:08:04 -0500
From: carguys@mailcity.com
Received: from mail.net-ops.net (1Cust130.tnt13.atl2.da.uu.net [153.36.90.130])
	by ns3.adult-host.net (8.8.7/8.8.7) with SMTP id WAA05324;
	Fri, 13 Feb 1998 22:00:40 -0500
Date: Thu, 12 Feb 98 18:51:11 EST
To: carlovers@usa.com
Subject: UNIQUE AUTO OPPORTUNITY
Message-ID: <>
net-ops.net is obviously a SPAM ISP. Therefore, carguys@mailcity.com is probably bogus. Looking further with Trace Route, we find net-ops.net is connected to axxsys.net. Looking at http://www.axxsys.net/ it has the feel of a SPAM ISP since the page is worthless. Further following the trail, we find that axxsys.net/ is connected to MCI. We might get some help from them.

Checking more of the headers, it looks like the bulk EMailer has wrapped bogus routing, "ns3.adult-host.net (mail.net-ops.net [208.235.97.12])" information around the real routing, "mail.net-ops.net [208.235.97.12]". In this case there is a possibility that the SPAM originated from 153.36.90.130. This IP is 1Cust130.tnt13.atl2.da.uu.net which is an uu.net dialup line.

Additionally the SPAM looked like fraud, we should inform the FTC

Now that we have decoded the SPAM, we can take action.

  1. We forward the original SPAM with all the headers displayed to abuse@uu.net,abuse@mci.net,uce@ftc.gov

Case 5

This one looked really difficult but the SPAM actually came a Compuserve dialup account.

Received: from 199.174.200.173 by Your POP/SMTP Server's Address
 with SMTP (Eudora Internet Mail Server 1.2); Sat, 14 Feb 1998 18:20:31 -0500
From:     
To:       
Subject:  Breakthrough-Latest Bulk Email Software
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Sat, 14 Feb 1998 18:20:31 -0500
This one looks really tough because you might think that there is not enough information in the header. However, its actually easy. Remember Trace Route? Use it on 199.174.200.173. Lo and behold, this SPAM came from a dialup account from compuserve.net - got 'em!

What was really funny was that this SPAM was selling bulk EMailers for $495 with the comment: "We have not heard of any person losing a dial up account with this software." Guess again SPAMmer!

Now that we have decoded the SPAM, we can take action but since it is not fraud we do not forward it to the FTC.

  1. We forward the original SPAM with all the headers displayed to abuse@compuserve.net

Case 6

This one looks similar to Case 4 but is actuakky more definitive of SPAM coming from a ATT dialup account.

Received: from internet.roadrunner.com (198.59.109.7) by Your POP/SMTP Server's Address
 with ESMTP (Eudora Internet Mail Server 1.2); Sun, 15 Feb 1998 09:00:14 -0500
Received: from mail.roadrunner.com (201.san-francisco-15.ca.dial-access.att.net [12.64.162.201])
	by internet.roadrunner.com (8.8.5/8.8.5) with SMTP id HAA17927;
	Sun, 15 Feb 1998 07:00:18 -0700 (MST)
From: 88266348@msn.com
Received: from manny.joe.and.larry[(4448.5.33.21)] by 334444@msn.com (8.8.5/8.6.5) with SMTP id GAA05998 for <6663hl73@msn.com>; Sun, 15 Feb 1998 04:01:36 -0600 (EST)
Date: Sun, 15 Feb 98 04:01:36 EST
To: 6663hl73@msn.com
Subject: ALERT - Internet Fraud and Spying
Message-ID: 
Reply-To: 5725fg90@msn.com
X-UIDL: 55555544443856788833487619489034
Comments: Authenticated sender is
This one looks alot like case 4 but is a little different. As you can tell by now, the SPAM did not come from msn.com. roadrunner.com looks, via a Web browser, like a ligitemate ISP. If they were not by using Trace Route we would have found their communications provider acsi.net and learned that they have an anti SPAM policy. Furthermore by checking the header, we see what looks like to originating dialup IP: 201.san-francisco-15.ca.dial-access.att.net [12.64.162.201] Here, the bulk EMailer has wrapped bogus routing, "mail.roadrunner.com" information around the real routing, 201.san-francisco-15.ca.dial-access.att.net [12.64.162.201]. Since the "Received" lines occur in sequence and without intervening headers, there is a high probability that the SPAM originated from 12.64.162.201. This IP is 201.san-francisco-15.ca.dial-access.att.net which is an att.net dialup line.

Now that we have decoded the SPAM, we can take action but since it does not seem to be fraud we do not forward it to the FTC.

  1. We forward the original SPAM with all the headers displayed to abuse@att.net

Case 7

This one looks similar to Case 3 but is actually more definitive of SPAM coming from a ATT dialup account.

This one came from a SPAM ISP but contained information to allow us to report the SPAMmer to the ISP who is providing the SPAMmer with communications. This honest ISP will probably take action.

Received: from neztek.com (206.222.113.173) by Your POP/SMTP Server's Address
 with ESMTP (Eudora Internet Mail Server 1.2); Sun, 15 Feb 1998 08:28:41 -0500
Received: by neztek.com (8.8.8/8.8.5) with SMTP id AAA01744;
	Sun, 15 Feb 1998 00:21:40 -0500 (EST)
Date: Sun, 15 Feb 1998 00:21:40 -0500 (EST)
Message-Id: <199802150521.AAA01744@neztek.com>
From: Mak@neztek.com
To: Mak@neztek.com
Subject: PATENT YOUR INVENTIONS!!!
This one looks alot like case 3 but is a little different. Note that in this case the critical Received headers occur before the "From" header. The rest of the "Received" headers are bogus.

Here 206.222.113.173 is really neztek.com and it is the source of the SPAM. www.neztek.com looks like a typical SPAM ISP.

Doesn't look too good. However, looking at the output of Trace Route we see that neztek.com is being routed through emaildirect.net (another SPAM ISP), e-sales.net (another SPAM ISP) and finally acsi.net a communications provider. This is a case of a SPAMmer using a dedicated mail server. Usually, the only thing you can do here is add neztek.com, emaildirect.net and e-sales.net to your filter list so future SPAM from them will be routed directly to your mail program's trash. Upon invesitgation of acsi.net we find it has a "no SPAM" policy.

Now that we have decoded the SPAM, we can take action.

  1. We enter neztek.com, emaildirect.net and e-sales.net into our EMailer's filter-to-trash list.
  2. We forward the original SPAM with all the headers displayed to abuse@acsi.net,uce@ftc.gov

Case 8

This one came from an ISP but does not contain enough information to allow us to report the SPAMmer. But there are thing that we can do. 

Received: from md2.vsnl.net.in (202.54.6.20) by Your POP/SMTP Server's Address
 with SMTP (Eudora Internet Mail Server 1.2); Sat, 21 Feb 1998 03:44:04 -0500
Received: by md2.vsnl.net.in; id AA19962; Sat, 21 Feb 1998 14:18:37 +0530
Date: Sat, 21 Feb 1998 14:18:37 +0530
Message-Id: <9802210848.AA19962@md2.vsnl.net.in>
From: nitelifer@yahoo.com
To: nitelifer@yahoo.com
Subject: Cash In!
This one looks hard and it is. Using Trace Route we find that md2.vsnl.net.in (202.54.6.20) is valid (ie IP matches domain address. Note that in this case the critical Received headers occur before the "From" header. The rest of the "Received" headers are bogus.

Here 206.222.113.173 is really neztek.com and it is the source of the SPAM. www.neztek.com looks like a typical SPAM ISP.

This is not the SPAMmer, just an ISP in India. We look further and can finde no other headers to investigate. Doesn't look too good. The SPAMmer broke into the ISP and took over his mail server to send his SPAM. Therefore we need to notify the ISP so he can either protect his site for the future or go through his logs to identify the SPAMmer. Look at the ISP's web site for contact info: elpdesk@giasbm01.vsnl.net.in,abuse@vsnl.net.in

Now what do we do? nitelifer@yahoo.com is probably bogus and since I reported it previously to Yahoo, I will not both this time. Looking down in the text we find a "removal" address of http://142.176.13.105. Performing a Trace Route we find this address' communications provider as canet.ca. Looking further we find http://www.webriches.com/ is the site that is being promoted and is probably the one paying for the SPAM. Again we us Trace Route and find that the communications provider is mci.net.

If we can't find the SPAMmer the we can go after the infrastructure. Most communications providers now have acceptable use policies (see MCI's Anti-SPAM Policy and their other Internet Policies) and will pull the communications pipe away from any site that is involved in SPAM.

Now that we have decoded the SPAM, we can take action and we also forward to the FTC as the SPAM looks like fraud.

  1. We forward the original SPAM with all the headers displayed to helpdesk@giasbm01.vsnl.net.in,abuse@vsnl.net.in,abuse@canet.ca,abuse@mci.net,uce@ftc.gov
http://www.security.mci.net/laws/ Unix Compressed http://www.cnet.com/Content/Features/Howto/Spam/index.html http://www.security.mci.net/web-security.html http://hoohoo.ncsa.uiuc.edu/cgi/security.html http://www.w3.org/Security/Faq/www-security-faq.html http://www.security.mci.net/rfc2196.txt http://www.security.mci.net/networkandcomputer.html http://www.security.mci.net/advisory.htm http://www.security.mci.net/check.html All contain a network host name that may give you a clue as to who the spammer is. However, any or all of them may be faked. It is common for spammers to send EMail from a throwaway account at one site and solicit replies at other sites, so you may need to track down two or more network locations. Make a list of all host names mentioned in the headers and in the body of the message. These are the parts to the right of the @ sign in EMail addresses, between // and / in web links, in the last Received: header and at the right end of the Path: between !'s.

Path: gives the list of hosts a news item passed through, from the poster's site at the right end to get to your site at the left end. One or more entries on the right end may be faked so you may need to cooperate with others to track down which host in the Path: list the message was injected at.

Like the Path: header Received: headers are a list of sites the message passed through in reverse order but with only one host name per header. Again, the bottom entries (earlier timewise) in the Received: list may be faked. It is also possible for spammers to relay EMail via a third party so that the Received: header before your site's Received: headers may be a victim too. They're slack though as they should've configured their mail servers not to relay third party EMail. Some spammers also pretend to be innocent relay sites by forging additional Received: headers and lying in response to complaints; complain to the so-called `relay' site's ISP if you suspect this is the case.

Since intermediate sites always prepend headers then those higher in the list are much less likely to be forged than those further down. See how to interpret Received: headers for more information.

Even with normal, non-faked operation not all hosts or network routers a message passes through are recorded in the Path: or Received: headers. Use TRACEROUTE (described below) to get a more complete list.

Host names usually have machine name and domain name parts. For example kryten.eng.monash.edu.au has a machine name of kryten and domain name of eng.monash.edu.au (engineering faculty, monash university, education sector, australia) with larger domains monash.edu.au, edu.au and au. Look at your list of host names and see if you can add some local domain names to the list by stripping machine names from host names. This is a trial and error procedure and may not always give a valid result.

Some of the host/domain names you've discovered may actually be a numerical network IP address eg. kryten's is 130.194.140.2. Use DIG ipaddress->hostname to find a host name given an IP address and use DIG hostname->ipaddress to find an IP address given a host name. Add any new host/domain names discovered to your list. IP addresses can have zero, one or several host names. Host names can have zero, one or several IP addresses.

Some hosts and domains designate one or more hosts to handle any EMail directed to them. Use DIG hostname->mailexchanger to find out if there are any such hosts.

I have, from time-to-time, received really nasty EMails for no reason and, like all of us, have received, unfortunately, too much junk mail. A good cyberfriend of mine received an EMail of a graphic sexual nature. She did not know what to do. Upset, she emailed me with the offensive EMail and asked for help.

Although I cannot help everyone individually, I can communicate to as many people as possible procedures to help make the net a better place to be for themselves and others.

Before you continue, please realize that this is not a normal problem. This only happens in rare occurrences. But, for those who experience it, it can be very upsetting, especially when you don't know who to turn or what to do.

Junk mail is a more pervasive problem and very real, but is nowhere nearly as offensive as a harassing EMail of any sort.

In the "real world" you can throw the junk mail away, write the junk mail sender and ask to be taken off the mailing list, or if nothing else works, you can file a complaint with your local police or the government. For sexual harassment, you can file a complaint with your company, local police or the government.

But, what can you do in cyberspace? What can you do about the unwanted EMail you receive?

Actually lots! Here is what you can do:

  • Do not respond. It will only encourage more EMail.
  • If it's just junk and you don't want to waste your time, delete it. To learn more about other actions you can do see Fight Spam on the Internet!.
  • If the EMail is offensive or if you're tired of junk, forward the offensive mail to the senders ISP's contact:
    1. Take the host domain name from the EMail return address: someone@somewherelse.com. This can be found in either the Reply-To or From fields shown in the example EMail below.
    2. Forward the offensive mail with your complaint to postmaster@somewherelse.com,webmaster@somewherelse.com.
  • If the sender attempted to give you an invalid address, the offensive mail can still be forwarded to the ISP:
    1. Take a look at the mail headers, if you can, in your mail program or save and read it in a text/word processing program. You will see something like the example EMail below.
    2. Take the host domain name from the "Received: from": mail.somewherelse.com. If you can't, for some reason, read the headers, use the host domain name you find in either the Reply-To or From fields.
    3. Forward the offensive mail with your complaint to postmaster@somewherelse.com,webmaster@somewherelse.com.
  • If the host domain name is a "vanity" or sub-domain and is controlling its own EMail addresses, the offensive mail can still be forwarded to the real ISP for resolution:
    1. Take a look at the mail headers, if you can, in your mail program, or save and read it in a text/word processing program. You will see something like the example EMail below.
    2. Take the host domain name from the "Received: from": mail.somewherelse.com. If you can't, for some reason, read the headers, use the host domain name you find in either the Reply-To or From fields.
    3. Use the WhoIs function or just enter the host domain name (i. e., "somewherelse.com"): followed by a return.
    4. When you type either "return" or "enter", you will see a report from the Internic.
    5. From this form, copy the EMail address of the Technical Contact. You can also get his phone number here.
    6. Forward the offensive mail with your complaint to the Technical Contact's EMail address.
  • If you work for a corporation and receive unwanted and possibly offensive EMail, contact your network administrator immediately.
  • If you have a technical problem with any of these instructions or need further help, please contact your ISP.

Why does this work?

All corporations will act immediately to protect their businesses. All ISPs will act immediately on this to protect their businesses and their IP numbers. There is no "freedom of speech" problem here. ISPs will immediately cancel the offensive account(s) and maybe even legally followup. You can be almost guarrenteed that individual will be off the net the next business day if what was done was egregious enough!

Most ISPs do not appreciate customers using their services for "no good" and do not wish to be known as being tolerant of this sort of behavior, especially since sexual harrasment and junk EMail are federal offenses and put the ISP at risk of being prosecuted, as well.

Considerations

Text of a unwelcomed letter

Received: from [1.1.1.1] by mail.somewherelse.com
 with ESMTP (ABC Mail Server 1.1.1); Mon, 13 Jan 1997 18:29:43 -0500
Message-Id: <v03010d11af0075aea550@[1.1.1.1]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 13 Jan 1997 18:29:34 -0500
To: you@yourplace.com
From: someone <someone@somewherelse.com>
Reply-To: someone@somewherelse.com
Subject: unwelcomed letter

unwelcomed letter.

someone

Internic Response

SOMEWHERELSE (SOMEWHERELSE-DOM)
   Some Street
   Some Town, Some State, Some Zip

   Domain Name: somewherelse.com

   Administrative Contact:
      One, Some  (SOXXXX) someone@somewherelse.com
      555-555-5555
   Billing Contact:
      One, Some  (SOXXXX) someone@somewherelse2.com
      555-555-5555
   Technical Contact, Zone Contact:
      One, Some  (SOXXXX) someone@somewherelse3.com
      555-555-5555

Example Complaint

Please make sure that your complaint is to the point and civil. This will insure that your complaint will be handled promptly. An example complaint is shown below:

Dear Sir,

The following was received by [me/husband/parent/friend] and [I/we] didn't know what to do! [I/we] consider this [unsolicited junk/harassment/whatever].

[I am/we are] forwarding it to your attention as I am sure that you will want to take the appropriate actions against your client and keep your good name as much as [I/we] do.

Using unsolicited EMail advertisements is unprofessional and violates the intent of US Code, Title 47, Chapter 5, Subchapter II, which prohibits unsolicited fax advertisements.

By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b) (1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the afore- mentioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation.
Broadcast Fax and Junk Email is also illegal under United States Public Law 103-414 Section 303(a)(11), it is unlawful "to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement."

Sexual harassment is a violation of Title VII of the 1964 Civil Rights Act, and Title I of the Civil Rights Act of 1991.

Thank you for your prompt attention to this matter.

[Signature]

Consider adding a PS if the problem is very extreme:

PS [I/we] feel VERY strongly about this and will follow-up if appropriate action is not taken, and a formal police report is filed under [sexual misconduct or whatever the problem is].

For web problems contact the webmaster
Web page ©1997 by T.R. Shaw. All rights reserved, USA and Worldwide