Probably
Yes.
I don’t believe reporting spam to these sites and services is worth the time and effort. I don’t see any harm in doing it; I just don’t think it helps.
I do want to be very clear, however, that a different type of “reporting spam” is very important, and we should all be doing that.
Become a Patron of Ask Leo! and go ad-free!
Reporting spam
Mark spam using your email program’s “spam” button. This crowdsourced reporting helps improve spam filters. Forwarding spam to agencies or anti-spam services, however, is ineffective because of modern spam tactics like botnets. While it won’t hurt, it has little impact. Focus on marking spam locally.
The war against spam
Spam is more than an annoyance: it’s a battle. For every step you and I and our email providers take to stop or block spam, spammers come up with new tricks and techniques to bypass those steps. As the recipient of a fair amount of spam — perhaps more than most, since I have several “public” email addresses — I see the magnitude of the problem firsthand.
Related
Reporting spam versus reporting spam
You should definitely report spam using the “spam”, “junk”, or equivalent mechanism in your email program or web interface.
Particularly for web-based email services, our collective feedback is how the system learns what is and is not spam. Think of it as crowdsourcing. This information is collected and used to tune what the email service looks for when deciding something is spam and whether to automatically place it in your spam folder for you.
The more you report spam in this manner, the better the spam filter gets.1
This does nothing to reduce the amount of spam targeting your email address, but the result is that less of it ends up in your inbox, being deflected into your spam folder instead.
Keep doing that. (Just don’t use the “spam” button to unsubscribe from things you asked for; doing so actually hurts other recipients.)
Reporting by submitting or forwarding
The type of spam reporting I feel is useless is that in which you either forward the email to a specific email address or copy/paste the email body or other information into an online submission form.
There’s nothing wrong doing so — it will not harm you or cause you to get more spam — it’s just not going to help you get less.
I’m fairly convinced the addresses you listed2 already get so many reports that whatever you’re reporting is just a drop in the ocean. It would be incredibly rare for you to pass along something that hasn’t already been submitted.
Besides, the nature of spam has changed such that these services simply can’t really work reliably.
Spam sources of the past
In the past, most spam came from specific servers that were owned by or had been compromised by spammers. These servers sent out millions of spam email messages.
That the email came from consistent servers meant it was possible to track them down, and depending on where they were located, shut them down or block them.
That’s when most of these reporting services come into being. By forwarding spam to them, you were helping identify specific sources of large amounts of spam. The services then tracked down the owner, or the owner’s ISP, and had the spammer shut down. If they couldn’t shut them down, they added the IP address of the server to a “black list” which other ISPs then used to block that server.
Unfortunately, this approach is no longer effective.
Why?
Botnets.
Related
Why Doesn’t Blocking Email Senders Work?
Most email programs can block email from a specific address. Unfortunately, that's completely ineffective when it comes to spam.Spam comes from everywhere
Botnets, created by installing malware on millions of computers worldwide, have replaced individual mail servers for sending spam. Rather than sending 10,000,000 emails from one server, a spammer might now send 100 mails from each of 100,000 infected machines.
Your machine could be one of them, and you might not even realize it. (Make sure your security software is up-to-date and scanning!)
One hundred thousand machines is an impractical number of machines to track down. Even if it could be done, tracking them down wouldn’t help; spammers would just use other infected machines to continue to send out spam.
As a result, the reporting services you’re asking about can’t really help.
We do hear of botnets occasionally being brought down, but identifying the spam emails doesn’t play a role. Instead, the malware that infected machines in the first place must be tracked down and defended against.
Speaking of bots…
A relatively new entry in the “report spam” arena is the ability to forward a copy of spam to a service of some sort that promises to waste the spammers’ time by using a different “bot” to engage them in a fake conversation for as long as possible.
This is another waste. It’s akin to fighting spam with spam — you’re causing the internet to be flooded with even more fake email. You’ve contributed to the problem.
I’m also convinced that the spammers will catch on pretty quickly and recognize the bot for what it is: ineffective and easily ignored.
When reporting spam might help
Before I write off reporting completely, though, I do have to add that some agencies — in particular, the FTC (the U.S. Federal Trade Commission) — may do more than just track down servers and IP addresses. The FTC may also look at the content of the message and see if what’s being hawked violates federal law. With enough instances of an issue, I would hope they’d go after the merchant.
Unfortunately, they may not do much even then. Many — perhaps even most — of these scams originate overseas, where the FTC has no jurisdiction.
The bottom line: depending on the spam and the service, forwarding spam to these services has only a tiny chance of helping.
Do this
“Lovely spam! Wonderful spam!”3
To sum up: I don’t bother reporting spam, other than by using the “spam” or “junk” buttons in my email program.
- Reporting individual spam emails just isn’t effective.
- These agencies get plenty of spam on their own, perhaps even using “honeypot” email addresses.
- I know there are others forwarding their spam.
- I have better things to do with my time.
I simply choose not to.
If reporting it makes you feel better about spam and scams, and if you’ve got the time, carry on, I suppose. I just don’t believe it makes any difference in stopping spam and scam emails from arriving in our inboxes.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I know this is an older story but something needs to be added or those who still read it.
When using Outlook and I block spam it slows down the amount of spam I get.
If I report any of them as phishing my inbox gets flooded with more phishing and general spam. Even from email addresses that I have previously blocked.
Someone who works for Hotmail and investigates phishing doesn’t like doing their job. This person/these people are punishing us for making them do their jobs.
I believe it’s either a coincidence that you re receiving more phishing email after reporting phishing. Are you sure you are reporting the phishing to a legigimate reporting site?
I get loads of the spam, the issue I have is some legitimate mail get puts in as well, so I have to manually filter it all and add addresses in as safe senders. Outlook has or had a maximum limit of 5,000 usernames or 500 domains but doesn’t give the option to block a domain or use wildcards when base usernames or base domains with extraneous characters keep sending. Making manual adjustments every time is very time consuming. We and MS know how it works so give us the tools to simplify the blocking process and also auto flag as phishing rather than me reporting and the blocking in 2 steps.
These users, some are smart and use a VPN but most are not, have a DHCP address and that identifies an ISP, I am not confident that action is being taken by or against ISP’s that allow this type of activity, as soon as they get their traffic rejected they lose money and that really concentrates their minds on taking action, money talks. Let us see it start talking.
SPAMCOP does not do shit. 99% of the emails don’t get any action from anyone especially the ISPs they report them to. The only site the original ISP and don’t go after the email accounts of the users who send the spam out.
Who knows maybe they they are even feeding the spammers new mail email accounts to spam
Generally “after the email accounts of the users who send the spam out” have been forged and they are NOT the people actually sending the spam. It’s just not that simple. Anyway, reporting those people would a) punish the totally innocent and b) accomplish nothing.
It’s a waste of time reported 400 in 2 weeks to Outlook still get they don’t help
SPAMCOP is useless and may actually be feeding email address to spammers. They will not forward spam to Gmail, Google, Amazon.com, Amazonaws.com and many others, (the previous are 80% of the spam generators. They just “file for reference” which is useless to everyone. Years ago I created a fake email address and ONLY used it on SPAMCOP. Within a month I started to receive spam at that address and the only explanation was that SPAMCOP sent them the address to add to their list of emails to spam.
I use Outlook email. I get one or two emails everyday from a place claiming to be Microsoft. And everyday I report the emails as phishing. This has been going on for a year+++. Surely if Microsoft were serious, they could stop phishing claiming to be them…but they either can’t or don’t.
Microsoft spam filter is … less than ideal.
I realize this is an aging thread, but it should be pointed out that the effectiveness of hitting the “report junk” or “this is spam” button varies from provider to provider. Sometimes those buttons do as you have said and maybe even send a feedback loop which makes sending reports to other places redundant. On the other hand I find that it does diddly squat on Rackspace. Most of what I get these days is phishing, and I’ve seen countless compromised accounts, some on the same exact service I use (Reagan.com), some on other Rackspace services, and some on other webmail services (Gmail, Hotmail/Outlook, Yahoo, ISP email, educational email, even government email servers), and the same compromised account will continue sending phishing emails that go to my inbox after hitting that “report junk” button, but at least in the case of other Rackspace users it usually stops after I send something to abuse@rackspace.com. Sometimes I get XFF information that I believe to be accurate, but in recent years it’s usually been either VPN providers (or their server companies), some of whom have been no-log VPNs, or wireless carriers in Nigeria who don’t appear to act on abuse reports. I suspect the reason I get flooded with phishing scams is my email log in credentials are supposedly on the dark web according to Norton, but I’ve seen the password they supposedly have and it’s not something I have ever used as a password.