They are not quite spam, and not quite spoofing, but they are the emails which I get many times a week which I would be crazy to open the attachments on. I assume you get them too.
Is it just whack-a-mole to try and damage these guys since many hackers have proxies and automated software or is there any repository where I could forward that email to to get it flagged/reported/banned?
IC3 seems like it is the FBI investigating a victim of a cyber crime instead of mass emails.
I do not even know if the email addresses are real considering hackers/spammers/spoofers could masquerade as anyone, and the IP addresses on the header are not even theirs.
I know for my Microsoft Live account, I flag spam and could even report spoofing on another account, but my Thunderbird program does not have much. Do we just ignore these emails as I have been doing for years?
The most you could possibly do is report it to your ISP in hopes they improve their filtering.
The senders obviously want you to report it to them, because they’ll know they have a live address they can spam more assiduously, the senders’ ISPs don’t care because the spammers are paying them and you’re not, and nobody else is really in a position to do anything.
There is no central authority for emails, which is to say that you can report it to your heart’s content but unless it is stopped at its source, it will continue. As suggested, individual ISPs do their own spam filtering but it’s not foolproof and AFAIK there is no coordinated effort among them to ensure consistency.
I don’t think any law enforcement agency has the resources to track down spammers unless they actually con someone and commit a crime. The volume is just huge.
The overwhelming amount of spam and viruses and hacking and ransomware has caused me to lose my faith in humanity over the years.
No, the most you could possibly to is to report it to the ISP where the mail originated so that they can block the sender from sending further e-mails. Finding out exactly where an e-mail comes from can be quite tricky, though there are online services which can do most of the investigation and reporting work for you.
I use SpamCop (which works not just for commercial spam but also for virus/malware e-mail). You just sign up for a free SpamCop account and tell it a bit about the mail server you use (so that it doesn’t end up sending complaints to your own ISP). Then you can forward offending e-mail to SpamCop, or paste it (including all headers) into a web form, and SpamCop will find out where the e-mail came from and send reports to the operator of the originating mail servers. If those operators have a clue (and a lot of them do—most spam and virus e-mail these days is sent by hijacked customer machines, which are a collective drain on their resources) they will cut off access from the offending machine, and may even send you an e-mail thanking you for your help.
Of course, this isn’t a long-term solution to the problem of unsolicited or malicious e-mail. When spammers and phishers get banned from one machine or ISP, they’ll move on to another one. But reporting them consistently at least makes their job difficult and expensive, and so probably does a lot to stem the flow. With a little work, you can even set up your mail client to automatically report junk mail. This makes the cost of reporting infinitesimal compared to the effort required by the junk mailers to constantly move to new machines.
You assume that a good amount of spam is sent from hijacked computers getting bandwidth from ISPs that aren’t being paid to send spam. I happen to know that large amounts of Chinese IP addresses are in permanent block lists due to chronic, high-volume spam, the type ISPs can’t ignore and, even if they could ignore the sheer volume, they can’t ignore their presence on all of those block lists. Spamhaus has the details.
I’d need more data to know how much spam is being sent via innocent ISPs, frankly; my point is, my knowledge of how bad Chinese ISPs tend to be, and how much spam they send to the rest of the world, inclines me to believe that most spam is being sent via ISPs who are being paid to send it, and who aren’t going to be swayed even if a million people report that they’re doing what they’re being paid to do.
Yes, but it’s this sort of spam that is the easiest to filter, thanks in large part to the efforts of blacklist maintainers, or to the geolocation features of modern probabilistic spam filters. For people who use blacklist-based or geolocation-based filters (either directly or by using their ISP’s prepackaged server-side filtering), the spam/malware e-mails that make it through to the inbox are very likely to come from low-volume senders, such as botnet machines on otherwise responsible networks, or small-time dedicated spam operations at risk of being TOS’ed by their upstream providers.
The point is that unless your ISP provides some automatic way of directly reporting spam/virus mails to them, they probably don’t want such reports. It’s not worth their time to manually add these mails to their filter training set. Reporting spam to the operators of the machines involved in sending may also be useless, but probably much less often so. At least the reports will get sent to the people who can actually stop the spam, and in some cases they will actually do so. Besides that, automated reporting services will also use the report to improve centralized blacklists, which your ISP is probably already using to filter spam.