• Contact Us
  • Select a Location
    Close Location Selection

    Current Location:

    Let us know the location you'd like to browse.

    Select a Location
    OR

Reporting Spam, Phishing, and Virus Abuse

Solution

About Reporting Abuse

  • Due to the high volume of email received, a personal response is not provided to each report. Do not interpret a lack of response as a lack of action.
  • Our strict compliance with our privacy policies and applicable legal requirements prevent us from revealing any personally identifiable information about a customer without proper legal documentation.
  • Similarly, we cannot disclose any specific action taken against a customer as a result of an abuse complaint.

The following table identifies the email addresses for Cox customers to use to report spam, phishing, and viruses.

Abuse Type Email Submissions Related Policy
Spam that did not originate from a Cox ISP or IP spamreport@cox.net

Important: Send the original email as an attachment to spamreport@cox.net
Reporting Spam Originating From Another ISP or IP

Cox Abuse can only take action against abuse that originates from its network.

  • Spam complaints that do not originate from a Cox customer can be sent as an attachment to spamreport@cox.net. The receiver may also forward the complaint with full headers to the ISP where the spam originated.
  • Abuse contact for the ISP can be found by doing a Whois lookup with the originating IP at https://www.arin.net/.

See Forwarding Spam, Phishing, or Virus as an Attachment.

Spam that originated from Cox ISP or IP abuse@cox.com

Important: Refer to the Abuse Submission Guidelines prior to submitting an email to abuse@cox.com.
N/A
Phishing email originated from Cox IP abuse@cox.com and as an attachment to phishingreport@cox.net

Important: Refer to the Abuse Submission Guidelines prior to submitting an email to abuse@cox.com.

Phishing scams are basically spam. The headers must be checked to see if it originated from a Cox customer or from another ISP.

If the phish originated from a Cox customer (a Cox IP), it should be sent to abuse@cox.com following the Abuse Submission Guidelines below.

It should also be sent to phishingreport@cox.net as an attachment.

See Forward Spam, Phishing, or Virus as an Attachment and About Fake Cox Emails.

Phishing site hosted by a Cox customer

abuse@cox.com

Important: Refer to the Abuse Submission Guidelines prior to submitting an email to abuse@cox.com.

If a customer is running a Phishing site (website), then a report must be sent to abuse@cox.com with the link, the IP address, and any other pertinent information possible.
Virus VirusReport@cox.net

Anti-Virus Resource Center

Additional Abuse Types Originating from a Cox IP

In addition to spam, phishing and viruses, the following are specific types of abuse that may require additional information. Submit the following types of abuse to abuse@cox.com.
 

Refer to the Cox Acceptable Use Policy (AUP).

Abuse Type Action
Usenet postings that violate the AUP

Usenet abuse reports should contain the following information:

  • Section of charter or FAQ showing how this post is in violation (when available)
  • Full Usenet header showing the offending Cox IP as NNTP posting host
  • Full body of post showing commercial advertisement or other abusive content

Refer to Abuse Submission Guidelines.

Malicious system probes to services not being offered

Firewall logs of malicious system probes (port scans) should contain the following information in plain text - no screen shots, spreadsheets, or other binary attachments:

  • Cox-owned source IP address
  • Destination IP address
  • Source port of attempted connection (when applicable)
  • Destination port of attempted connection (when applicable)
  • Protocol of intended connection
Unauthorized accesses from a Cox-owned IP (hacking/cracking)

Logs of unauthorized access should contain the following information in plain text:

  • Evidence of intrusion by a Cox-owned IP
  • Methods used to gain access to secure systems (if available)
  • Accurate time stamped logs (firewalls, various servers, IDS, honeypots)
  • Systems that were compromised by user at this address
Web-server or Web-forum abuse

Web-server logs should contain the following information in plain text:

  • Explanation of how your web-server is being affected by a Cox-owned IP
  • URL being requested by the IP
  • Program being reported as requesting data (browser)
Mail Server (SMTP) Abuse

Mail-server logs should contain the following information in plain text:

  • Cox-owned IP address attempting to relay through mail server
  • All email addresses involved
  • Subject and body of emails when available
  • Attempted (successful or unsuccessful) authentication
File-sharing / Copyright infringements
  • All copyright infringement notifications should be reported following the protocols and procedures set forth in the Digital Millennium Copyright Act. Other reports of copyright infringement may result in action being taken only if/when the material is still accessible using standard protocols at the time the report is processed. Copyright holders who wish to submit reports regarding intellectual property infringements should research and conform to the DMCA practices.
  • To be effective under the DMCA, the notification must (i) be in writing, and (ii) provided to Cox's registered DMCA agent at dmca@cox.com.
  • For such a report to be effective under the DMCA, the notification must include the following:
    1. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
    2. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single Notification, a representative list of such works at that site.
    3. Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the Service Provider to locate the material.
    4. Information reasonably sufficient to permit the Service Provider to contact the complaining party, such as an address, telephone number, and if available, an electronic mail address at which the complaining party may be contacted.
    5. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
    6. A statement that the information in the Notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Residential Users offering services (FTP, SMTP, HTTP) in violation of the AUP

If you believe a Cox residential user has placed a server of any kind on the network through their cable modem, we would like to hear about it.

Logs should contain the following information in plain text:

  • Type of servers and services (including gaming servers)
  • Services / materials being offered (with logs when applicable)
  • Any available visitor/anonymous passwords necessary to access the servers
Internet Relay Chat (IRC) and other chat-room abuse

Logs should contain the following information in plain text:

  • Full description of incident
  • Output of the “/whois” command on the nickname of the offender (if available)
  • All known handles/nicks of this user
  • Full transcripts of any chat sessions including threats/harassment
  • Other relevant information supported with evidence

Abuse Submission Guidelines

The following are the basic submission guidelines to send issues to abuse@cox.com.

  • When forwarding the email, do not attach additional files. Forward the email exactly how you received it.
  • Do not attach additional files to the email. For security reasons, attachments will not be opened. Provide evidence by copying and pasting from your log files or email headers.
  • Do not send emails larger than 64 KB (kilobytes) in size (approximately 800 lines).
  • Send emails in plain text format. HTML and Rich Text are difficult to process.
  • Remove extraneous information (such as non-Cox IP addresses) from the report.
  • Do not include trace routes, ping results, or WHOIS information.

Send DMCA complaints to Cox's registered DMCA agent at dmca@cox.com.

Search for More Articles