When spammers use your domain
xGrape (88 points) | Sat, 2005-07-30 19:23Got home from a 8 hour shift at work today, only to find my mailbox was flooded with 300 new messages - 95% of them from - the rest from other postmasters.
Anyone else been in the situation where a spammer starts using your domain/email as "from-address"? The worst case scenario is that you (I) will get blacklisted. But on the lighter side, what measurements have you taken to reduce the amount of "backspam"? I added a rule to mail.app to put all messages from in the Junk folder. Should I expect the problem to get worse as days go by, or is it usually a one-day happening? Should I enable SpamAssassin and filter out the messages on the server-side?
Any insight and solutions are appreciated!
I had the exact same problem.. When I asked my host about it, they told it was spoofing. The spammers send the emails using their own servers and the host had no control over it.
To avoid the flood of bounced emails, I disabled the "Catch All" feature in my hosting control panel. Catch All means the postmaster gets the emails of non-existing email addresses..
Waleed
www.waleedsgallery.biz
Nowadays, spammers can't easily masquarade as some other domain anymore and expect to get thru. From what I experienced you will be blocked even if your own email servers are not setup correctly to reflect your domain identity, which happened to me on a shared server environment. Are your 300 new messages blocked messages saying that 'your' emails were blocked ?
Anyhow some info / how-tos:
http://www.mytrashmail.com/report_spam.aspx
http://www.angelfire.com/tx2/copyeditor/spam.html
http://www.wolfnet.net/wolfnet/tech+support/spam/how+to+report+spam.asp
http://www.spamcop.net/ click on "REPORT SPAM" tab.
How's that? I just got a message posing as my ISP threatening to shut down my service. They even sent it in the wrong language. :)
... edited ...
I want to take back that statement about spammers not being able to do it easily, it was just dumb... (and I'm definately no expert) ;p
Try getting on the SPF list http://spf.pobox.com/
If people complain to you about SPAM, can try asking them to send you the full header of the email so you can report to SpamCop and protect your domain name. yeah more work ..
By the way, I also get messages like that from my credit card company and bank saying that I have to provide credentials, and links to someone else's (phisher's) website ...
Have had this happen, too. Have come back to find emails from non-existent accounts on my own domain (i.e. ). Have tried communicating to my ISP, but have little response and almost no solid resolution.
Happened to me to. Very frustrating. Especially if you get nasty responses from the recipients of the spams that I never sent.
I simply filter all incoming emails.
If the sender is not in my address book, it automatically goes to the Junk bin. I check every once in a while to make sure it hasn't captured something I actually want.
Trying to make it all stop is more trouble than it's worth.
Filtering incoming spam is one thing and writing rules and scripts to filter spam from your own domain is another. I think the real problem is how stop spoofs and phishing from sending messages from your domain, through your ISP and to people who will likely become increasingly annoyed as the quantity and frequency grows.
Many of us are professionals who have sites and domain names that help build our businesses, grow our client lists and further aid in the professional communication of our trade. When our domains are used for illegitimate, unlawful or malicious purposes, it creates a black mark on our names each time and thus dilutes any brand integrity we may have spent years and thousands of dollars to create.
Perhaps the answer is as simple as banding together and demanding that ISP's protect us (their paying customer) from this attack on our businesses and professional integrity.
I would certainly be much more concerned if a domain that I owned was being spoofed, or worse, taken over to act as a zombie for sending email or as a node for potential DDoS attacks.
As it stands right now, 98% of the spam I get falls under these three categories:
1) Mass dictionary-attack emails for penis and financial status enlargement. These are likely to show up at any email address that uses a human-readable name. I HATE email addresses that look like a mash of random letters and characters, and will never have one. I want mine to be memorable, and will have to suffer accordingly, I suppose.
2) "Undeliverable Message" automatic bounce-back notices when spam is sent to others which has been spoofed to use my address (with a different Plain English name, such as "Frank Sinatra" <phosphor@adelphia.net>) in the "Reply-To:" field.
3) "Undeliverable Message" emails that use something like that in the "Subject" field as a way of trying to fool me into opening them, when all they are is regular old spam.
There is virtually no way I can eliminate these now that my address(es) appear "out in the wild." I can only do my best to not even open the spam when they arrive, so as not to send a confirmation that my address is indeed valid, and to do my best not to let my primary address(es) appear in robot-parseable form anywhere online, anymore than absolutely necessary.
I curse my friends who use Windows and who aren't properly clued in about how to stop worms from rooting THEIR address books, harvesting my address from them a situation that is fully beyond my control.
I see these are old posts and as a new victim of a spammer using my domain name in the To:/From: in email headers I am interested to hear if any of you still have this problem and what if anything any of you have successfully done to end the abuse against you.
Yes, we should all band together and lobby our respective ISPs
More effective would be to set up a "special forces" type operation and hunt these spammers down and press their delete button permanently!
I eventually had to do what Waleed did.
I went to my domain's control panel and disabled the "catch all" feature for my emails. Now I no longer receive any bounce-back "delivery failure" messages when some spam-bot decides my domain name gets to be the lucky one on the list of fake "reply to" emails to use.
This has happened to me three times in the past. I, too, complained to my ISP, but they kept coming back and saying there's really nothing they can do about it.
The disabling the "catch all" feature is what's done the trick. It hasn't stopped the spam-bots from using my domain name, but it has ceased the flood of hundreds of bounce-back emails, and any possible nasty responses from irate spam-ees into my in box.
Seriously, though - trying to catch these people is like trying to catch the uni-bomber. If you can recall, it was years and years and years before they finally caught the guy. All he did was utilize the postal system and just write down fake return addresses (or none at all). Same concept with the spammers.
oops - that last "anonymous" reply was from me...
We do a lot of web emails as well as monitor the websites and webmails and it sucks when this happens because the client of course is pissed but we did find (I will have to get back to you on the specifics) that there were a couple of places to submit this into some system to make sure your company doesn't come up as a spam company.
Jessica Mahoney
www.holdtheonionplease.blogspot.com