| Author | Thread |
|
|
10/19/2006 09:58:48 AM · #1 |
My personal domain name, s h a p i r o n e t d o t c o m
is being spoofed by spammers to send junk mail (or worse).
I've had this happen with my specific yahoo address before, so much that I had to stop using it and switch to another address (because I was being flooded with bounced mail). But that wasn't too bad because I mainly used it to sign up for newsletters, etc. So I just got another yahoo address.
But now, my domain name is being used to send out spams. I know it's not my server per se, because that domain name doesn't have a server, it's a redirection address.
But nonetheless, spams are going out from "user at s h a p i r o n e t d o t c o m" where the user name is varied and random.
I presume they can do this with any domain name they can get from whois, since they don't have to match up the info with anything.
Anyone have this happen. Advice? I don't want my domain name to get blacklisted. (I guess that won't affect me now because it's used as our return address in messages, but our messages aren't really sent from that domain, but rather from whatever mail server we happen to be using.) But it could affect us in the future, as I consider this our "permanent" family web address that moves around with us.
Advice?
|
|
|
|
10/19/2006 10:03:20 AM · #2 |
yeah. It happens every now and again. Lately in fact it is not actual spam being rejected and returned to your host, but fake error messages coming directly to your host.
My ISP lets me turn off DSNs, so I've done that. This of course means that I don't get notified if I send a real email that legitimately bounces, but on the plus side it means I don't get 100+ items of spam per day. |
|
|
|
10/19/2006 10:04:11 AM · #3 |
| PS as far as I have noticed, your actual domain will not get blacklisted for this - it's the sending mail servers that go on the list. |
|
|
|
10/19/2006 10:10:19 AM · #4 |
Spammers can pick any email address as the "from" person on the email. Usually they pick randomly from address books or email lists.
It can work like this, if you've ever had the nastier viruses like "I LUV U" and the like, they take the address book form the infected computer's Outlook directory and send an infected email to everyone on the list, at the same time they randomly choose addresses formthe list for the "From" field. This increases the likehood of infection since the "From" person is likely to be someone the recipient knows. Then the virus does the same on the newly infected computer.
In order for something like this to work, the virus writer makes assuptions that you use Windows and Outlook. The required files are in predictable locations, so if you fit the profile the virus program can find your address book without much work.
To avoid this try not to be predictable. Use an email program other than MS Outlook. Use an operating system other than Windows (I know, that is a tough one). Personally I use a Mac because of these very issues.
Even you you do all that, if a virus infects a person's computer that has your email address on it, your domain name can still be used.
These days most people you know should realize that you are not sending SPAM email to them. Unless you are indeed a Viagra alternative distributor. ;-)
Hope this helps
Message edited by author 2006-10-19 10:11:11.
|
|
|
|
10/19/2006 10:13:22 AM · #5 |
Originally posted by nshapiro:
My personal domain name, s h a p i r o n e t d o t c o m
is being spoofed by spammers to send junk mail (or worse).
Advice? |
The techincal solution is SPF; although it only works to the extent other people have it implemented, but it could reduce the number of bad bounces you get. |
|
|
|
10/19/2006 01:09:01 PM · #6 |
Thanks. Actually, I don't think this has anything to do with my local computer security (which has never been compromised).
All someone has to do is pick a domain name from whois, and start making up usernames. If they were smarter about it, they would have realized it was a forwarded domain, with no real mail server in and of itself.
I guess my next question, possibly rhetorical, is why are so many mail servers smart enough to detect SPAM, but so stupid as to bounce mail to the from address?
|
|
|
|
10/19/2006 03:39:38 PM · #7 |
Originally posted by nshapiro:
Thanks. Actually, I don't think this has anything to do with my local computer security (which has never been compromised).
All someone has to do is pick a domain name from whois, and start making up usernames. If they were smarter about it, they would have realized it was a forwarded domain, with no real mail server in and of itself.
I guess my next question, possibly rhetorical, is why are so many mail servers smart enough to detect SPAM, but so stupid as to bounce mail to the from address? |
That's a multi-part answer.
a) They're broken. In the modern Internet, e-mail should be rejected during the SMTP transaction (when a machien tries to send mail), not after the sending machine has disconnected. What happens now is that Spammer McSpammy's machine connects to John Q. Server and says "hey, can you send this to Randy M.?". John Q. Server says "sure", and McSpammy runs away. Server then notices that the address doesn't work, so he tries to send it via the return address to Vic Timm. What he should have done was check to see if the message was deliverable (does Randy M. exist on the server?) and not accept the message before Spammer leaves. This is unfortunately the default behaviour on some popular mail systems.
b) There's no other option in some cases; and there's no fix. In some cases mail is sent to a machine that can't ensure that Randy M. exists or not and the machine is forced to collect all mail being sent (perhaps because the normal mail server is down). In this case, it's its duy to perform a best-case attempt to notify parties when mail gets rejected. Systems like yahoo's domain keys, MicroSoft's Caller-ID, and the previously mentioned SPF are attempts to fix this in an incremental way. The easiest of these is SPF which requires just adding one entry to your DNS records (usually) which indicates what servers should be sending mail from @yourdomain.tld. In this case, unless Spammer breaks into one of your machines and sends it from your IP, the mail should be rejected before it's accepted (no bounce messages). |
|
|
|
10/19/2006 03:40:40 PM · #8 |
Originally posted by m:
Originally posted by nshapiro:
My personal domain name, s h a p i r o n e t d o t c o m
is being spoofed by spammers to send junk mail (or worse).
Advice? |
The techincal solution is SPF; although it only works to the extent other people have it implemented, but it could reduce the number of bad bounces you get. |
I have similar problems with spam being sent 'apparently' from one of my domains. I've set my SPF txt records but it really hasn't helped much.
What's worse is that someone who is on my same domain server sent out enough crap that my root IP keeps getting blacklisted. My emails bounce. My server techs remove the blacklisting but a lot of email servers tend to keep out-of-date blacklists. So they keep rejecting email from my IP. It's a nightmare.
|
|
|
|
10/19/2006 03:55:46 PM · #9 |
Originally posted by skewsme:
Originally posted by m:
Originally posted by nshapiro:
My personal domain name, s h a p i r o n e t d o t c o m
is being spoofed by spammers to send junk mail (or worse).
Advice? |
The techincal solution is SPF; although it only works to the extent other people have it implemented, but it could reduce the number of bad bounces you get. |
I have similar problems with spam being sent 'apparently' from one of my domains. I've set my SPF txt records but it really hasn't helped much.
What's worse is that someone who is on my same domain server sent out enough crap that my root IP keeps getting blacklisted. My emails bounce. My server techs remove the blacklisting but a lot of email servers tend to keep out-of-date blacklists. So they keep rejecting email from my IP. It's a nightmare. |
I've noticed SPF has (surprisingly) helped me quite a bit; of course it requires that the spamming-victim's server performs the check, but most larger networks appear to be doing so now.
I assume by "same domain server" you mean same outgoing mail server (mail transfer agent, whatever you want to call it)? I assume that the person responsible was removed, so they're no longer an issue? I'm not sure what blacklists you're on or the domain/IP/server in question (I don't see it in your profile) so I'm not sure the exact reason why you're listed [most list machines that allow anybody on the Internet to send mail through them and not just people you give permission to. The maintainers of these lists test for this, so if this is what happened you'd have to change your machine's configuration before being delisted]. |
|
Home -
Challenges -
Community -
League -
Photos -
Cameras -
Lenses -
Learn -
Help -
Terms of Use -
Privacy -
Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 09/21/2025 12:58:13 PM EDT.
