People Spamming With My Domain

Forum Moderators: phranque

Message Too Old, No Replies

People Spamming With My Domain

what can be done?

FourDegreez

9:22 pm on Aug 8, 2007 (gmt 0)

On some of my domains, I have all incoming email forwarded to a single email account. So anyname@mydomain.com will go to one inbox. It seems like some spammers out there are sending massive amounts of spam with the from address being somename@mydomain.com, and all the "failed to deliver" messages show up in my inbox. Hundreds of them!

Now, I believe these spams aren't going through my mail server. The headers seem to say that they're coming from somewhere else. But it's my domain they're putting in the from address.

First, does this hurt me in any way? Can I get put on spam lists even if the spams aren't coming from my mail server?

Second, is there anything I can do about this?

Quadrille

9:54 pm on Aug 8, 2007 (gmt 0)

Change your email set up so that you only use the email addresses that actually matter.

Have all others go to delete without bounce.

Wlauzon

11:20 pm on Aug 8, 2007 (gmt 0)

And run a spyware etc check on your own computer. YOU might be the one sending all that stuff out...

WesleyC

1:19 pm on Aug 9, 2007 (gmt 0)

I used to use the same setup with one of my domains. I can vouch for him; it's definitely not his problem. I ran two antivirus scanners and an anti-spyware scanner full-time on every system that had access to send e-mail, and it didn't help a thing.

The only solutions are to either filter all e-mails that are returned or simply use specific single e-mail addresses forwarded to your account instead of forwarding all e-mail addresses on the domain to your account.

Quadrille

1:49 pm on Aug 9, 2007 (gmt 0)

WesleyC: You cannot vouch for him, unless you've personally checked his computer and his email service!

While he might well have the same problem you did, you cannot know that. Nor can he :)

You are probably right: Probably, his 'name is being taken in vain'. And after a while, they'll move on to another email address.

It may also be his habit of enabling an infinite number of email addresses, which is asking for spam.

But it ain't necessarily so.

He'd be wise to double check; there is a chance - small - that it's a result of some kind of scumware. Wlauzon makes a good point.

It may even be that he's replied to a spammer or three - or used a spammer's 'opt out' page - which is actually, of course, an 'opt in' - a guarantee to be abused in every way a spammer can abuse you.

Different diseases often show similar symptoms!

Monkey

2:23 pm on Aug 9, 2007 (gmt 0)

Had a similar problem. Loads of emails being sent from my account.

My machine was clean. The server that I used for email was infected!

This was not in my physical realm so had to leave it to the service provider to sort it out. They did after having complained to them and forwarded them some of the emails.

azazello

4:13 pm on Aug 9, 2007 (gmt 0)

This recently happened to me & I spent a while worrying about it.

From what I can gather most spam databases are wise to this so you shouldn't get blacklisted - the originating IP as well as the domain are taken into account.

If you want to feel like you have done something to stop this, carefully look at the headers of some of the bounced messages & contact the ISP of the originator.

The problem is that the originator will have some form of malware that has picked on your domain at random (hopefully!) & is using it in fake mail headers. The ISP will be unlikely to do anything.

You could also consider using SPF to ensure that anyone, who really needs to, can validate your emails.

Like Quadrille said, just shove any emails with an unknown recipient into a blackhole and forget about it until somebody comes up with a saner email system.

rsgalloway

12:32 am on Aug 10, 2007 (gmt 0)

I sincerely hope you're right about spam databases being smart enough to know the difference about domains being "spoofed" like this.

I got several (and counting) just now returned undeliverable messages from an IP I tracked to Puerto Rico: 64.237.151.139

Puerto Rico Telephone Company
Ave Roosevelt 1513 7th Floor
P.O. Box 360998
San Juan, PR

I used to get hundreds of these daily as well. I don't think there's anything you can do about it so long as spammers can spoof the reply-to or from fields.

I'm not sure I understand the advantage for spammers who do this. What's the point? Does anyone know of a place where we can report abuse? The PRT website is in Spanish.

Quadrille

1:23 am on Aug 10, 2007 (gmt 0)

If it is a spammer, in another country, there's virtually nothing you can do but wait until they move on (and they will).

The harder you try to stop them, the more they'll persist - just for spite.

If they are in your country, then you may be more effective.

piatkow

9:42 am on Aug 10, 2007 (gmt 0)

Happened to me on my personal email, certainly wasn't from my machine as I was on holiday at the time and it was switched off and unplugged. Examining the headers showed that it didn't look as if my ISP was compromised either.