Spam and what I do against it

→ in deutsch lesen

I, like many others, occasionally receive email spam. In this post I want to briefly describe what I do to combat it. Additionally, I want to demonstrate that taking action can make a difference.

Spam is coming

Beforehand: all linked legal foundations are based on my own layman research and are therefore not legally binding statements!

I consider spam to be any messages that I never actively subscribed to but still receive. Many of you are probably familiar with emails of this kind. There's the prince who doesn't know where to store his money. But there's also the rogue who claims to have nude pictures of all of you and tries to blackmail you with them. By the way, this is considered extortion according to Section 253 of the German Criminal Code (StGB). Then there's bank spam. This is supposedly from a bank where I don't even have an account, asking me to log in again using a strangely unofficial link. Never enter any data there, and it's even better not to click on that link at all! Because that's phishing, an attempt to obtain sensitive information such as PINs, etc. This, in turn, is considered fraud according to Section 263 of the German Criminal Code (StGB). And, if I've researched correctly, the use of the bank's name and logo is also an unlawful use of name according to Section 12 of the German Civil Code (BGB), or possibly even forgery of documents according to Section 269 of the German Criminal Code (StGB). Or it could have something to do with the violation of trademarks and/or company names. There are often emails with bags or lights from China. Occasionally there's a supposed business inquiry - and at this point, I apologize to all those who might have meant it seriously! (No, kidding, I know how to distinguish those! d-:) I suspect that the primary goal of spam is often to verify the email address. Once it's confirmed that the email address is active, more spam can be sent to it.

Maybe the spam looks a bit different for you as well. After all, at some point on the internet, your email address must be accessible and may be associated with you and your interests. That's just my assumption, as I recently received spam containing the content of my research after doing an internet search. In this case, my interests are not chinese bags or lights, I don't switch banks often, and I'm not interested in inheritance money. Therefore I assume that even the smallest web searches could potentially be wrongly associated by the presumed algorithm.

I wouldn't automatically classify newsletters as spam. Often, they are (sometimes unconsciously!) actively subscribed to. For example, in connection with a free tool that one wanted to download, etc. You quickly find yourself in the newsletter loop. What bothers me is when the unsubscribe button doesn't work properly - I find that extremely audacious!

What can be done about it

If the unsubscribe link in newsletters is not working, I would recommend contacting the company directly. In Germany (at least), it is not allowed to advertise to someone who does not want it (see UWG § 7 and also GDPR Art. 21). However, for the purpose of this post, let's focus on spam. In addition to the actual sender, there is also the operator of the mail server, who should be responsible for ensuring that nothing illegal is being done with their service. Typically, a web provider should have appropriate terms and conditions that prohibit the use of their web service for illegal purposes. If such activity does occur, you can notify this service provider about it.

Identifying the Server

First, I examine the source code of the email to display the so-called header. The technical sender's address, which is essentially the server from which the email was sent, is located here. You can check how to display this header in your email program or online mail provider. For example, in the mail client Thunderbird, you can press Ctrl+U to view the source code of the email. In the online mail client RoundCube (which I use through my provider), you can click on "More" and then "Show source." This will give you something like this:

Mail Header

The lines that start with Received: are important here. In the example above, those are Received: from MAILADDRESS (unknown [IP ADDRESS]) and below it Received: from NAME (IP ADDRESS) by SERVER .... Both IP addresses could be important here. In the image Manitu is the server that received the mail, not the sender! Please do not misunderstand this - everything at Manitu is legitimate.

There is a service that allows you to obtain an email address associated with an IPv4 or IPv6 address, which is provided by the mail server operator to report abuse. I enter the IPs into the following form:

I always forward the spam email as an attachment to the address I obtain through this method. This generates a file that should include the respective header, allowing the mail server operator to take appropriate action.

For a while, I received an incredible amount of spam from DigitalOcean - apparently a very common provider. Unfortunately, the people behind the abuse email address seemed to ignore it and provided me with a separate abuse form (which is also available with other providers):

So, if I obtain a DigitalOcean address through the IP Abuse Contact API, I directly use the linked contact form.

What this can imply about DigitalOcean is for everyone to decide for themselves. I find it somewhat questionable that one can create an account there to send illegal spam. Perhaps this can happen to even the best provider - yet that often, regularly and repeatedly?

What Measures Achieve

Does all this (supposed) effort actually achieve anything? Well, from my own experience, I can say that I receive less spam since I started reporting every spam email! Especially DigitalOcean deserves credit for truly seeming to take action. As dubious as it still seems to me that an occasional spam email still originates from their servers, they even wrote to me personally back then and thanked me for reporting. So, when you report such spam to a provider, it doesn't always go unnoticed. However, I haven't seen any reactions whatsoever from Chinese providers. As a result, I regularly receive spam from CNNIC. However, I'm not even sure if it's a provider or something else.

I have also contacted banks and informed them about the misuse of their name. After all, it should be in a bank's interest that their name is not misused. However, it seems that all german banks have absolutely no interest in doing anything about it. Mostly they don't even respond to my emails. ¯\_(ツ)_/¯


I would really like to know if the spam behavior would change if everyone reported spam the way I do. It's possible that ultimately it wouldn't make a difference or that spammers would find other ways. However, it doesn't take much time to contact the server. There might even be addons available, for example, for Thunderbird, that could make this process easier. Without further research, I found Report Spam as one such addon. But as I mentioned, you can simply write an email yourself and send it to the abuse email address. My email text is always just "Spam attached" - if someone doesn't make an effort to keep spammers away from their offerings, I won't make an effort with the text either. Maybe someone will eventually develop an online tool that can automate all the processes I mentioned here. Happy reporting of abuse, folks!


28.03.2023: I found the following website where you might be able to report spam as well:

18.06.2023: I haven't received any spam from DigitalOcean for a very long time. I just want to mention this again so that the image of DigitalOcean isn't unfairly distorted by this post. Clearly, they do respond to abuse reports - even if only through the form, but still!