• Don't mailbomb or threaten. Anyone. Especially ISPs. It's too easy to forge spams in other people's or ISP's names, or just simply not be able to read the header right. If you mailbomb, chances are you'll mailbomb the wrong person.
• So don't. Besides, mailbombing can be considered to be a denial of service attack. In some cases, you could end up with criminal charges against you.
• If the spam article is more than 4 or 5 days old, _don't_ bother - it's past history. On Usenet, it's probably too late to despam it. Their ISP probably knows all about it also. So, only report "fresh" spam.
• Never, and I mean, never, repost or remail the spam where you found it. Especially with chainletters - your group already got hit with it - why make it worse?
• On Usenet, the only places where you should post copies of spams are in "abuse" groups designed for it. Such as news.admin.net-abuse.misc (nanam).
• When you do copy spams to abuse groups, ensure that the posting is a proper "followup" format. With ">" or "|" indentation.

   

Failure to follow these suggestions may end up with your posting to be considered part of the spam, and cancelled too.

• If you get email spam with a long CC list, do not under any circumstances issue a "reply all". Doing "reply all" in this situation can actually result in a virtually unstoppable mail loop. This applies even more if the From: addresses appears to be a mailing list exploder (such as a "listserv" or "majordomo" address). If you reply to one of these, hundreds or perhaps thousands of people will see your complaint. And complain to you. Etc.
• When you report a spam, either to the originator, ISP or abuse groups, always include the full headers. If your reader doesn't let you include full headers, please don't bother reporting.
• Without headers, it's extremely difficult to do anything about it. [I for example have decided to ignore all spam reports that don't have full headers.]

• Be sure that you understand what chain letters are - see the URL below.
• There are only a few different varieties: "Charles Kust", "Dave Rhodes", Recipes, another that goes like "I found it!", and a new one that tells you to "Post the article to at least n newsgroups", where "n" is most often 200.
• First time you see a chainletter, report it only to the originator and their postmaster. Not Usenet.
• Write your message reasonably politely. One possible message could be:

  Hi,

  Please be aware that your message (included below) is both spam (one of many thousands of copies posted), and an illegal chain letter fraud. Please stop posting them immediately, and cancel them if you can.

  Please read the following URL for a full explanation of the legality of these messages:

  http://www.usps.gov/websites/depart/inspect/chainlet.htm

  (include a full copy of original MMF)

• Do not report first-time MMFers to nanam. Most administrators will reeducate their users when they're notified. The URL above will reform 99.9% of the remainder.
• If you see more MMFs from the same person more than a day or two later, _then_ report it to nanam. And, when reporting it to nanam, include no more than the headers, the first paragraph, and the list of suckers.

• Check nanam first to see if it's already reported. If it is, consider not reporting, unless you have additional information to add. Such as different From lines, paths, etc. Bare "me toos" are useless. Better analysis of the origin of a spam is useful.
• Don't report any potential spams to nanam unless you see at least two separately posted copies in at least 4 groups total. You'd be surprised how many people will post one, just one, wildly off-topic article into one group.
• If you see a single massively cross-posted article (typical multi-group trollbait), do not report unless you can find a second copy (with a different messageid). It's essentially not possible for even the most-cross-posted article to be spam unless there are at least 5 separate copies.
• Be sure to include all headers.
• If it doesn't appear to be "it's everywhere it's everywhere!", consider reporting only to the user and their ISP.

• Check nanas first to see if it's already reported. If it is, consider not reporting, unless you have additional information to add. Such as different From lines, paths, being hit multiple times, knowing that your organization has been broadly splattered, knowing more details about the spammer.
• "Me toos" are useless.
• Do not report unless you can provide full headers. Especially Received: lines.