8

We just got a call from a US telephone number (001-, didn't get the rest of it) with an automated voice, stating that someone had sent spam mails from a server located in Berlin.

I didn't take the call, my colleague just got the first part of the number and a firm name (Something with ~computer network~ in it) It didn't seem like scam or spam, the voice just was informative with no chance to interact.

We did in fact sent our last newsletter (1,5 months ago) through a firm, located in Berlin. But all recipients opted-in for it and would not regard it as spam. We do this ~4 times/year. But it's the first time we didn't send them through our mail server.

So I would like to know who contacted us about it from the US and is this a common method to inform ? I would definitely prefer an sample e-mail sample to check some things for myself.

Yama
  • 117
  • 8

2 Answers2

23

That is not a normal way to report spam. In fact, it's utterly bizarre.

The generally accepted way to report spam is through the abuse@ email contact of the owner of the IP address which sent the email to you. In the case of email you sent through a firm in Berlin, such email would be directed either to them, or to their Internet service provider or datacenter from which they sent the mail. You would not see it until the firm forwarded it to you for appropriate action (e.g. unsubscribing the user).

The other common way spam gets reported is through email feedback loops from large email service providers (e.g. Gmail, Yahoo, Hotmail, Yandex, etc.). When a user clicks the Spam/Junk button in these services, a report is generated. You would have had to opt in to receive these, and you would generally also get them delivered by email.

In the old days, before abuse@ was a standardized thing, and before spam was a serious problem, we might pick up the phone and call the phone number listed in the whois record, but (1) it would be a human being calling, not an automated recording, and (2) that hasn't really been done since the late 1990s except for extremely unusual situations. And we'd end up having to forward a copy of the email anyway.

I have no idea why you received an automated call, but if they weren't willing to send an email in the usual way, and weren't willing to have a human being talk to you, then I don't see why you should be expected to waste any time on it.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • I thought it was earlier than that, but turns out [RFC 2142](https://tools.ietf.org/html/rfc2142#section-4) codified the abuse@ mailbox as late as May 1997... – user Jul 22 '16 at 12:45
  • @MichaelHampton You have not hit bizarre/unprofessional++ abuse@ reactions :-) e.g. 1) misaddressed email from portal without email verification -> "fix it via our portal" 2) abuse selected based on sending host RDNS - >"You should guess another reporting address" – AnFi Jul 22 '16 at 14:14
  • @AndrzejA.Filip I did not mention these, but the question didn't ask about them either. – Michael Hampton Jul 22 '16 at 18:16
  • 1
    IVR programming is so cheap and easy these days, it's entirely possible that some anti-spam crusader set up an automated spam reporter that calls the number in the whois record of the sending domain (and/or the number listed in the email or website mentioned in the email) to report unwanted spam. So I'd treat it as you would any online spam report. – Johnny Jul 22 '16 at 19:01
  • "*Utterly bizarre*": this feels like someone offering you something strange that's simply too good to be true. Not that shady types would expect this to come across as true good, but it "feels" like someone offering you a six figure salary for a ten hour work week and no expectations, stated or implied. The OP and respondents seem to be reacting the same way, if not in prescribing implementation details. – Christos Hayward Jul 22 '16 at 21:05
6

Definitely not a common way to respond. I'd likely just ignore it, if it weren't easy to validate.

RVT
  • 397
  • 1
  • 8