• Español
  • Ashburn, VA

    Let us know the location you'd like to browse.


    Already a Cox Residential customer?

    Looking for Business services? Go to Cox Business home


The Internet should add convenience, not headaches. From step-by-step instructions to helpful tips, we'll help you install your equipment, troubleshoot problems, and get the most out of your online experience – minus the migraine.

Back Print Article

Reporting Abuse: Spam, Phishing, Viruses and More

Last Updated: Fri, 06 Dec 2013 > Related Articles

50 rated this


This article provides the details for reporting abuse such as spam, phishing, and viruses.


Notes About Reporting Abuse

  • Due to the high volume of email received, a personal response is not provided to each report. Do not interpret a lack of response as a lack of action.
  • Our strict compliance with our privacy policies and applicable legal requirements prevent us from revealing any personally identifiable information about a customer without proper legal documentation.
  • Similarly, we cannot disclose any specific action taken against a customer as a result of an abuse complaint.

Reporting Spam, Phishing and Viruses

The following table identifies the email addresses for Cox customers to use to report spam, phishing and viruses.

Abuse TypeSend email to...Related Policy
Spam that did not originate from a Cox ISP or IPspamreport@cox.net

Important: Send the original email as an attachment to spamreport@cox.net

Reporting Spam Originating From Another ISP or IP

Cox Abuse can only take action against abuse that originates from its network.

  • Spam complaints that do not originate from a Cox customer can be sent as an attachment to spamreport@cox.net. The receiver may also forward the complaint with full headers to the ISP where the spam originated.
  • Abuse contact for the ISP can be found by doing a Whois lookup with the originating IP at https://www.arin.net/.

Refer to:

Spam that originated from Cox ISP or IPabuse@cox.net

Important: Refer to the Abuse Submission Guidelines prior to submitting an email to abuse@cox.net.
Phishing email originated from Cox IPabuse@cox.net
and as an attachment to

Important: Refer to the Abuse Submission Guidelines prior to submitting an email to abuse@cox.net.

Phishing scams are basically spam. The headers must be checked to see if it originated from a Cox customer or from another ISP.

If the phish originated from a Cox customer (a Cox IP), it should be sent to abuse@cox.net following the Abuse Submission Guidelines below.

It should also be sent to phishingreport@cox.net as an attachment.
Refer to:

Phishing site hosted by a Cox customer


Important: Refer to the Abuse Submission Guidelines prior to submitting an email to abuse@cox.net

If a customer is running a Phishing site (website), then a report must be sent to abuse@cox.net with the link, the IP address, and any other pertinent information possible.

Additional Abuse Types Originating from a Cox IP

In addition to spam, phishing and viruses, the following are specific types of abuse that may require additional information. Submit the following types of abuse to abuse@cox.net.

Refer to the Cox Acceptable Use Policy.

Abuse TypeAction
Usenet postings that violate the Cox Acceptable Use Policy (AUP)

Usenet abuse reports should contain the following information:

  • Section of charter or FAQ showing how this post is in violation (when available)
  • Full Usenet header showing the offending Cox IP as NNTP posting host
  • Full body of post showing commercial advertisement or other abusive content

Refer to Abuse Submission Guidelines.

Malicious system probes to services not being offered

Firewall logs of malicious system probes (port scans) should contain the following information in plain text (no screen shots, spreadsheets, or other binary attachments):

  • Cox-owned source IP address
  • Destination IP address
  • Source port of attempted connection (when applicable)
  • Destination port of attempted connection (when applicable)
  • Protocol of intended connection
Unauthorized accesses from a Cox-owned IP (hacking/cracking)

Logs of unauthorized access should contain the following information in plain text:

  • Evidence of intrusion by a Cox-owned IP
  • Methods used to gain access to secure systems (if available)
  • Accurate time stamped logs (firewalls, various servers, IDS, honeypots)
  • Systems that were compromised by user at this address
Web-server or Web-forum abuse

Web-server logs should contain the following information in plain text:

  • Explanation of how your web-server is being affected by a Cox-owned IP
  • URL being requested by the IP
  • Program being reported as requesting data (browser)
Mail Server (SMTP) Abuse

Mail-server logs should contain the following information in plain text:

  • Cox-owned IP address attempting to relay through mail server
  • All email addresses involved
  • Subject and body of emails when available
  • Attempted (successful or unsuccessful) authentications
File-sharing/Copyright infringements
  • All copyright infringement notifications should be reported following the protocols and procedures set forth in the Digital Millennium Copyright Act. Other reports of copyright infringement may result in action being taken only if/when the material is still accessible using standard protocols at the time the report is processed. Copyright holders who wish to submit reports regarding intellectual property infringements should research and conform to the DMCA practices.
  • To be effective under the DMCA, the notification must (i) be in writing, and (ii) provided to the Designated Agent of a Service Provider.
  • For such a report to be effective under the DMCA, the notification must include the following:
    1. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
    2. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single Notification, a representative list of such works at that site.
    3. Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the Service Provider to locate the material.
    4. Information reasonably sufficient to permit the Service Provider to contact the complaining party, such as an address, telephone number, and if available, an electronic mail address at which the complaining party may be contacted.
    5. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
    6. A statement that the information in the Notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Residential Users offering services (FTP, SMTP, HTTP) in violation of the AUP

If you believe a Cox residential user has placed a server of any kind on the network through their cable modem, we would like to hear about it.

Logs should contain the following information in plain text:

  • Type of servers and services (including gaming servers)
  • Services/materials being offered (with logs when applicable)
  • Any available visitor/anonymous passwords necessary to access the servers
Internet Relay Chat (IRC) and other chat-room abuse

Logs should contain the following information in plain text:

  • Full description of incident
  • Output of the “/whois” command on the nickname of the offender (if available)
  • All known handles/nicks of this user
  • Full transcripts of any chat sessions including threats/harassment
  • Other relevant information supported with evidence

Abuse Submission Guidelines

The following are the basic submission guidelines to send issues to abuse@cox.net.

  • Do not attach files to the email. For security reasons, attachments will not be opened. Provide evidence by copying and pasting from your log files or email headers.
  • Do not send emails larger than 64 KB (kilobytes) in size (approximately 800 lines).
  • Send emails in plain text format. HTML and Rich Text are difficult to process.
  • Remove extraneous information (such as non-Cox IP addresses) from the report.
  • Do not include trace routes, ping results, or WHOIS information.

Rate this Article:

Related Topics:

Give us your feedback:


Maximum 500 characters

Back Print Article

Need More Help?