I don’t believe reporting spam to these sites and services is worth the time and effort. I don’t see any harm in doing it; I just don’t think it helps.
I do want to be very clear, however, that a different type of “reporting spam” is very important, and we should all be doing that.
The war against spam
Spam is more than an annoyance: it’s a battle. For every step you and I and our email providers take to stop or block spam, spammers come up with new tricks and techniques to bypass those steps. As the recipient of a fair amount of spam — perhaps more than most, since I have several “public” email addresses — I see the magnitude of the problem firsthand.
Reporting spam versus reporting spam
You should definitely report spam using the “spam”, “junk”, or equivalent mechanism in your email program or web interface.
Particularly for web-based email services, our collective feedback is how the system learns what is and is not spam. Think of it as a form of crowdsourcing. This information is collected and used to tune what the email service looks for when deciding something is spam and whether or not to automatically place it in your spam folder for you.
The more you report spam in this manner, the better the spam filter gets.
This does nothing to reduce the amount of spam targeting your email address, but the result is that less of it ends up in your inbox, being deflected into your spam folder instead.
Keep doing that. (Just don’t use the “spam” button to unsubscribe from things you asked for; doing so actually hurts other recipients.)
Reporting by submitting or forwarding
The type of spam reporting I feel is useless is that in which you either forward the email to a specific email address or copy/paste the email body or other information into an online submission form.
There’s nothing wrong with doing so — it’s not going to harm you or cause you to get more spam — it’s just not going to help you get less.
I’m fairly convinced the addresses you listed already get so many reports that whatever you’re reporting is just a drop in the ocean. It would be incredibly rare for you to pass along something that hasn’t already been submitted.
Besides, the nature of spam has changed such that these services simply can’t really work reliably.
Spam sources of the past
In the past, the majority of spam came from specific servers that were either owned by or had been compromised by spammers. These servers sent out millions of spam email messages.
The fact that the email came from consistent servers meant it was possible to track them down, and depending on where they were located, shut them down or block them.
That’s when most of these reporting services come into being. By forwarding spam to them, you were helping identify specific sources of large amounts of spam. The services then tracked down the owner, or the owner’s ISP, and had the spammer shut down. If they couldn’t shut them down, they added the IP address of the server to a “black list” which other ISPs then used to block that server.
Unfortunately, this approach is no longer effective.
Spam now comes from everywhere
Botnets, created by installing malware on millions of computers worldwide, have replaced individual mail servers for sending spam. Rather than sending 10,000,000 emails from one server, a spammer might now send 100 mails from each of 100,000 infected machines.
Your machine could be one of them, and you might not even realize it. (Make sure your anti-malware tools are up-to-date and scanning!)
One hundred thousand machines is an impractical number of machines to track down. Even if it could be done, tracking them down wouldn’t help; spammers would just use other infected machines to continue to send out spam.
As a result, the reporting services you’re asking about can’t really help.
We do hear of botnets occasionally being brought down, but identifying the spam emails doesn’t play a role. Instead, the malware that infected machines in the first place must be tracked down and defended against.
Speaking of bots…
A relatively new entry in the “report spam” arena is the ability to forward a copy of spam to a service of some sort that promises to waste the spammers’ time by using a different kind of “bot” to engage them in a fake conversation for as long as possible.
In my opinion, this is another waste. In fact, it’s akin to fighting spam with spam — you’re causing the internet to be flooded with even more fake email.
I’m also convinced that the spammers will catch on pretty quickly and recognize the bot for what it is: ineffective and easily ignored.
When reporting spam might help
Before I write off reporting completely, though, I do have to add that some agencies — in particular, the FTC (the U.S. Federal Trade Commission) — may do more than just track down servers and IP addresses. The FTC may also look at the content of the message and see if what’s being hawked violates federal law. With enough instances of an issue, I would hope they’d go after the merchant.
Unfortunately, they may not be able to do much even then. Many — perhaps even most — of these scams originate overseas, where the FTC has no jurisdiction.
The bottom line, in my opinion: depending on the spam and the service, forwarding spam to these services has a very small chance of helping.
To sum up: I don’t bother reporting spam, other than by using the “spam” or “junk” buttons in my email program.
- Reporting individual spam emails just isn’t effective.
- These agencies get plenty of spam on their own, perhaps even using “honeypot” email addresses.
- I know there are others forwarding their spam.
- I have better things to do with my time.
I simply choose not to.
If reporting it makes you feel better about spam and scams, and if you’ve got the time, carry on, I suppose. I just don’t believe it makes any difference in stopping spam and scam emails from arriving in our inboxes.
Originally published as Am I Wasting My Time Reporting Scam and Spam Emails? on Ask Leo!
Leo Notenboom has been programming computers since 1976, and answering questions about them online since 2003. For more, see askleo.com.