Finding out who to complain to can be broken down into several steps. The first one is determining the domain name the spammers are using. One good place is if the body of the message includes an email address to reply to or a web page to look at. This will often be via a different provider than the one used to send the spam, but many providers forbid either use of their services by spammers.
To find out where the spam originates, tell your mail reader to display all the headers and look at the "Received" lines. Look for the last Received line. For example:
To: kingdon@legit.com
Received: from relay.yoyolink.net (ns2.yoyo.com [127.10.58.3])
by legit.com with SMTP id WAA12684
for <kingdon@legit.com>; Thu, 21 Nov 1996 22:28:08 -0800
Received: from slime.spammer.com by relay.yoyolink.net (NTMail 3.02.10)
with ESMTP id oa179284
for <kingdon@legit.com>; Fri, 22 Nov 1996 01:23:46 -0500
This message was sent from slime.spammer.com to relay.yoyolink.net, which then sent it on to legit.com, your own site. Intermediate sites, such as yoyolink.net in this example, are often completely innocent parties, so don't complain to them merely because they are listed in a Received line. You can ignore all the stuff about with and id and so on.
Once you have a suspect domain name, try to find out what kind of organization has that name. If the domain name is listed in either the list of rogue sites or the list of sites with good spam control policies at http://www.vix.com/spam/, then you know. If it is a good site, you complain to them. If it is a rogue site, you complain to their upstream provider (see section on traceroute below).
You can see if an entity has a web page by taking the domain name and add "www." to the start (use of "www." is just a convention, but it is a widely followed one). If you see a page with content similar to the email spam you received, you've probably identified the bad guys (however most, but not all, spammers are too lazy to write a web page). If you see a page telling you about internet access services and other types of legitimate business, you've probably identified the proper party to complain to.
If you have identified the offending site and you want to find who their upstream provider is, use the "traceroute" tool. You need to give it the machine name to trace to, for example slime.spammer.com in the above example. If traceroute is accessible to you on your local system, simply invoke "traceroute slime.spammer.com". If not, there are many web->traceroute gateways; searching for "traceroute" in one of the internet search engines should find one. Either way, the output from traceroute will look something like this:
traceroute to slime.spammer.com (127.126.32.23), 30 hops max, 40 byte packets 1 siamese.legit.com (127.39.1.134) 206 ms 177 ms 198 ms 2 persian.legit.com (127.39.1.129) 203 ms 191 ms 188 ms 4 SR1.gotham-city.major.net (127.39.100.73) 174 ms 190 ms 208 ms 5 core4.gomorrah.major.net (127.39.33.133) 180 ms 182 ms 159 ms 6 retrolink-gw.gomorrah.major.net (127.157.77.25) 169 ms 185 ms 189 ms 7 router1.retrolink.net (127.70.1.122) 469 ms 365 ms 239 ms 8 spammer-gw.retrolink.net (127.70.1.122) 429 ms 242 ms 239 ms 9 slime.spammer.com (127.70.3.98) 519 ms 275 ms 309 msThis means that to get from your site (or the site hosting the web->traceroute gateway) to slime.spammer.com, data first passes through legit.com, then major.net, then retrolink.net, and finally to spammer.com. So if spammer.com is the guilty party then normally you would complain to retrolink.net. If you have reason to believe that retrolink.net is uncooperative (for example, they are listed as a lax ISP on http://www.vix.com/spam/) then you could escalate by complaining to major.net.
If you are unsure about whether you are complaining to the right party, it is good to say this in your complaint, and request that the complainee to forward the message to the appropriate party if need be.
In most cases the address to complain to is postmaster@
Include the full headers of the message you are complaining about, if possible. In most mail readers there is a special command to display all the headers.
After you send your complaint you probably won't get any response. But this doesn't necessarily mean that the provider has taken no action; often when there is a spammer at their site they are overwhelmed with complaints and find it difficult to acknowledge each one.
If you do get a response (such as "this would appear to violate our terms of service and we're looking into it" or "we have terminated the account of the spammer"), either send back a thank you or not, at your option. There is something to be said for letting the providers know that we appreciate their actions, but on the other hand these people get a lot of e-mail about spam complaints and it might be preferable not to increase the volume.