Spammers may be using your computer to send unsolicited — and possibly offensive — email offers for products and services. Spammers are using home computers to send bulk emails by the millions. Indeed, computer security experts estimate that as much as 30 percent of all spam is relayed by compromised computers located in home offices and living rooms, but controlled from afar.

According to the Federal Trade Commission (FTC), the nation's consumer protection agency, spammers can compromise your computer in several ways, depending on what kind of Internet connection you have. All computers connected to the Internet are potential targets, but those with broadband connections are especially attractive to spammers because they are "always on." Spammers scan the Internet, searching for points of entry and then install hidden software that allows remote access to your data and programs. That, in turn, allows the spammer to send messages from your computer. Remote access software also can be installed by a virus: A spammer sends email with a virus in the attachment. If you open the infected attachment, a virus is released that installs the hidden software. The person who sent the virus now can access the data and programs on your computer, or take over many computers and use them to send spam.

It can be very difficult to tell if a spammer has installed hidden software on your computer, but there are some warning signs. For example, you may receive emails accusing you of sending spam; you may find email messages in your "outbox" that you didn't send; or your computer is using more power than it has in the past to run the programs you use.

If your computer has been taken over by a spammer, you could face serious problems. Your Internet Service Provider (ISP) may prevent you from sending any email at all until the virus is treated, and treatment could be a complicated, time-consuming process.

To avoid becoming an unwitting culprit, the FTC encourages you to:

• Use anti-virus software and keep it up to date. You can download anti-virus software from the Web sites of software companies or buy it in retail stores. Look for anti-virus software that recognizes current viruses, as well as older ones; that can effectively reverse the damage; and that updates automatically.
  
  
• Be cautious about opening any attachment or downloading any files from emails you receive. Don't open an email attachment — even if it looks like it's from a friend or coworker — unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.
  
  
• Use a firewall to protect your computer from hacking attacks while it is connected to the Internet. A firewall is software or hardware designed to block hackers from accessing your computer. A properly configured firewall makes it tougher for hackers to locate your computer and get into your programs and files. A firewall is different from anti-virus protection: Anti-virus software scans incoming communications and files for troublesome files; a firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection.

  Some recently released operating system software (including Windows XP) comes with a built-in firewall. Because it may be shipped in the "off" mode, check your online "Help" feature for specifics on turning it on and setting it up properly. If your operating system doesn't include a firewall, you can install separate firewall software that runs in the background while you use your computer and surf the Internet. Several free firewall software programs are available on the Internet. (You can find one by typing "free firewall" into your favorite search engine.) Or you can buy a hardware firewall — an external device that includes firewall software. Like anti-virus software, a firewall needs to be updated regularly to stay effective.
  

• Check your "sent items" file or "outgoing" mailbox to see if there are messages that you did not intend to send. Many spammers have learned to hide their unauthorized access, so even if there are no illegitimate messages in your outbox, you can't be sure that your computer hasn't been used to send spam.
  
  
• If your computer is infected, take action immediately. If your computer has been hacked or infected by a virus, disconnect from the Internet right away. Then scan your entire computer with fully updated anti-virus software. Report unauthorized accesses to your ISP. Also, if you suspect that any of your passwords have been compromised, call that site's company immediately and change your password.
  
  
• Learn more about securing your computer at www.ftc.gov/infosecurity.

The first step is finding out who to complain to. This can be a little bit complicated. There is often little point in complaining to the guilty party themself in most cases; complain to whoever is providing them with internet access. However, if you aren't sure, and think there is a significant chance that the sender is really ignorant, rather than disobedient, of email norms, you might try complaining to the sender.

Finding out who to complain to can be broken down into several steps. The first one is determining the domain name the spammers are using. One good place is if the body of the message includes an email address to reply to or a web page to look at. This will often be via a different provider than the one used to send the spam, but many providers forbid either use of their services by spammers.

To find out where the spam originates, tell your mail reader to display all the headers and look at the "Received" lines. Then read the Received lines from top to bottom. For example:

To: kingdon@legit.com
Received: from relay.yoyolink.net (ns2.yoyo.com [127.10.58.3]) by legit.com with SMTP id WAA12684 for <kingdon@legit.com>; Thu, 21 Nov 1996 22:28:08 -0800
Received: from forged.example.com (slime.spammer.com [10.71.84.44]) by relay.yoyolink.net (8.8.3/8.8.3) with SMTP id GAA02044 for <kingdon@legit.com>; Fri, 22 Nov 1996 01:23:46 -0500

Your own site (legit.com) got this message from ns2.yoyo.com, which in turn got it from slime.spammer.com. Intermediate sites, such as yoyo.com in this example, may simply be sites which allow anyone to forward mail using their mailer. Don't assume they are connected with the spammer or the spammer's provider, but you might want to let them know their system is being used for this purpose. You can ignore all the stuff about with and id and so on.

With experience, and/or by consulting various sources, you will learn more about Received lines, and the ways that they can vary. But the basic principle is still to read them from top to bottom, and to understand that each computer which handled the message added one or more Receieved lines. Thus each Received line may originate from your site, the spammer's site, or somewhere in between.

Once you have a suspect domain name, try to find out what kind of organization has that name. One way is to look on the various anti-spam web sites, newsgroups, and other resources. If the site has a reputation as a site which does a good job of fighting spam, you complain to them. If it is a site which is known to not respond to complaints, despite persistent and repeated attempts, you complain to their upstream provider (see section on traceroute below).

You can see if an entity has a web page by taking the domain name and add "www." to the start (use of "www." is just a convention, but it is a widely followed one). If you see a page with content similar to the email spam you received, you've probably identified the bad guys (however most, but not all, spammers are too lazy to write a web page). If you see a page telling you about internet access services and other types of legitimate business, you've probably identified the proper party to complain to.

If you have identified the offending site and you want to find who their upstream provider is, use the "traceroute" tool. You need to give it the machine name to trace to, for example slime.spammer.com in the above example. If traceroute is accessible to you on your local system, simply invoke "traceroute slime.spammer.com". If not, there are many web->traceroute gateways; searching for "traceroute" in one of the internet search engines should find one. Either way, the output from traceroute will look something like this:

traceroute to slime.spammer.com (127.126.32.23), 30 hops max, 40 byte packets
 1  siamese.legit.com (127.39.1.134)  206 ms  177 ms  198 ms
 2  persian.legit.com (127.39.1.129)  203 ms  191 ms  188 ms
 4  SR1.gotham-city.major.net (127.39.100.73)  174 ms  190 ms  208 ms
 5  core4.gomorrah.major.net (127.39.33.133)  180 ms  182 ms  159 ms
 6  retrolink-gw.gomorrah.major.net (127.157.77.25)  169 ms  185 ms  189 ms
 7  router1.retrolink.net (127.70.1.122)  469 ms  365 ms  239 ms
 8  spammer-gw.retrolink.net (127.70.1.122)  429 ms  242 ms  239 ms
 9  slime.spammer.com (127.70.3.98)  519 ms  275 ms  309 ms

This means that to get from your site (or the site hosting the web->traceroute gateway) to slime.spammer.com, data first passes through legit.com, then major.net, then retrolink.net, and finally to spammer.com. So if spammer.com is the guilty party then normally you would complain to retrolink.net. If you have reason to believe that retrolink.net is uncooperative then you could escalate by complaining to major.net. This should be done only after repeated attempts to persuade retrolink have been unsuccessful. Even sites with good spam control policies will occasionally get a spammer, so the mere fact that you have received one spam, or a handful of unrelated spams, is not by itself sufficient reason to escalate.

If you are unsure about whether you are complaining to the right party, it is good to say this in your complaint, and ask the complainee to forward the message to the appropriate party if need be. In general, especially if you are unsure, you should err on the side of complaining to only one site, and not involving sites with a distant relationship to the spammer. Help give spam-fighting a good name among providers.

You can find the email address to complain to by first seeing if the organization in question has a web page with a contact address. Generally you want the network abuse address if there is one, or if not try to figure out what the closest choice is. An alternative is the complaint forwarding service at abuse.net. If none of these seem feasible, you can always try postmaster@<the provider's site>. According to the internet standard RFC822 (STD 11), all sites are supposed to have such a mailbox.

Be polite. This is very important--you catch more flies with honey than vinegar. A good generic wording is "This is unsolicited, undesired email. Please take appropriate actions to stop it, or see http://spam.abuse.net/ for how/why you should" or take a look at a sample complaint letter. You might want to tailor your message if you have more knowledge of the provider's position on spam. Keep in mind that the people who read the abuse alias are not there to be abused, they're there to stop the abuse.

Include the full headers of the message you are complaining about, if possible. In most mail readers there is a special command to display all the headers. Make especially sure you include the Received headers - the provider can take no action without them.

After you send your complaint you probably won't get any response. But this doesn't necessarily mean that the provider has taken no action; often when there is a spammer at their site they are overwhelmed with complaints and find it difficult to acknowledge each one.

If you do get a response (such as "this would appear to violate our terms of service and we're looking into it" or "we have terminated the account of the spammer"), either send back a thank you or not, at your option. There is something to be said for letting the providers know that we appreciate their actions, but on the other hand these people get a lot of e-mail about spam complaints and it might be preferable not to increase the volume.