Report network abuse and hold internet service providers responsible for malicious traffic originating from their network.

Internet service providers (ISPs) take abuse complaints seriously and can be held legally liable for malicious traffic originating from their network. Most network abuse is not reported because until now there was no simple way for an internet user to submit a complaint.

Reporting network abuse on Spam.org will result in alerts being sent to the organization responsible for managing the specific network resource (ex: IP or datacenter). Network operators that do not resolve complaints are added to our block list and traffic originating from their network is throttled or rejected.

We automatically determine the proper authority to contact when you submit a complaint. Your report must contain enough information for us to establish the scope of the attack as well as the attacker. The following reports can be filed:

• High Volume Attack Report - A sustained high volume attack on a server or network resource. High volume is defined as at least 5 queries per second for at least 30 seconds. This includes DDOS attacks, SYN Flood attacks, Teardrop attacks / Ping of Death attacks as well as web server attacks. Please ensure that your report includes an actual log of the activity including attack IPs and timestamps. We generally require either Apache access logs or firewall logs.
• Password / Probe / SQL Injection / Brute Force / Scraping and Other Attack Report - These types of attacks are generally lower volume queries from infected machines that attempt to probe a server or web site for weaknesses. These may include password attacks, Wordpress plugin attacks, SQL injection attempts, excessive data scraping and all other attacks which do not attempt to overload the site or server with extremely high volume queries. These reports are taken seriously by network operators and help in deactivating infected machines. Please ensure that your report includes an actual log of the activity including attack IPs and timestamps. We generally require either Apache access logs or firewall logs.
• Spam / Scam / Phishing / Ransomware Report - These types of reports are generally related to spam or scam messages being submitted on "Contact Us" pages, in support tickets, comments or forums. These may be attempts at either selling a product or social engineering access to a protected service.