Return email address faked, now email address unusable

Forum Moderators: phranque

Message Too Old, No Replies

Return email address faked, now email address unusable

Asia_Expat

9:16 am on Dec 22, 2009 (gmt 0)

You know the routine... even though I have all the preventative measures in place i.e. keys and whatever, a SoaB spammer has faked my email identity and I'm getting many thousands of bounced email messages per day. It's been three weeks now and the address (the main one for my website) is now all but unusable. Before I delete it and set everything to :fail:, is there anything, anything at all I can do to salvage the address? I've already read all the threads I can find... I don't want to can it if I can help it... but I'm spending half of my time reading through this $##t in case I miss a vital email.

Leosghost

12:01 pm on Dec 22, 2009 (gmt 0)

just a quick thought ..but if you have spam assassin or similar on the server ..how about setting it to kill all emails with "message could not be delivered" in their body ...or what ever is the common message or subject line that these bounced ones carry ..

HTH ..or at least gets some others thinking on a way to help ..:)

Asia_Expat

1:43 pm on Dec 22, 2009 (gmt 0)

There are too many variants, in multiple languages for that to work. For every extrapolation of failure notice I add to the block list, there will be 100 more that I didn't think of, in languages of which I have no understanding.

Leosghost

2:40 pm on Dec 22, 2009 (gmt 0)

Sorry :( I had only been awake for about 15 mins and was only half way into my first coffee .when I saw your post..

given that I think any bounced message would contain in the subject the word "delivered" ( as in "could not be" .) might it not work if you auto forwarded all incoming to gmail ( did I just suggest the GORG )..and possibly you could set their customisable filters to reject any mails which include your own "compromised addy in the from part of the header" ..

maybe this would even work on your own system ..by definition ..any mail "bounced" at you will have your own addy in the header at a point where normally it wouldn't be ..and you wouldn't need to translate your own addy ..

see where I'm going ?

there should be a common element ( string ) to all the headers that are bouncing to you ..that is not present in normal incoming headers to you..so you'd have to filter by headers ..presumably a bounce will have your addy twice in the header..and a real incoming will only have your addy once in the header

Asia_Expat

3:01 pm on Dec 22, 2009 (gmt 0)

Thanks for the suggestion. I'll see if I can get it straight in my head, and examine for a pattern.

bill

6:38 am on Dec 23, 2009 (gmt 0)

Have you considered setting a Sender Policy Framework (SPF) on your domain and then filtering out mail that fails?

Asia_Expat

8:12 am on Dec 23, 2009 (gmt 0)

Already set up. Was always in place AFAIK. I'll check the setting again to see if there's a check box I missed i.e. to see if there's a setting I failed to understand...

HRoth

12:57 pm on Dec 25, 2009 (gmt 0)

This has happened to me several times in the past. First I set the email client to delete off POP server anything with "failure," "delivery," or "delivered" in the subject line. Some stuff still came through. But then I realized that all of them had the email address in the recipient slot instead of the screenname. It was on a dead computer, and now I can't remember if I set it to delete "admin@example.com" in the To (including the quotes) or what. But it did work. And I still got what I was supposed to. I played with it by sending it to Junk first.