General discussion

Locked

Spam email and address spoofing problem

By tech-help ·
Recently my domain name has been used by spammers to create fake email addresses in the From field for spam e-mail. I first became aware of this when I started receiving "Return Mail Notifications" in my inbox. My server is not being used to send the e-mail and the usernames do not really exist. The targets are all AOL users and the headers indicate that the e-mails originate from many different domains. I have contacted the hosts for some of the domains involved but this has been very time consuming and not effective. Is there any way to combat this problem or is my domain name trashed?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by tech_wiz03 In reply to Spam email and address sp ...

If you are on AOL you can create a second user account and notify all you want to receave emails from including all personal web accounts of the change of email address then delete the offending address. Same concept can be applied to Yahoo, opera, netscape, and many others.

I had to do just that to eliminate 100's of bogus spammings which started happening after i visited a microsoft sponcered website which had been compromised. It meant changing my emails address on numerous jobboards, webhosts (and my webpages), and subscription services, not to mention all my people I wanted to give access.

regards
rick

Collapse -

by tech-help In reply to

Poster rated this answer.
Thanks for answering Rick. Receiving spam e-mail is not the issue. I can deal with that in many ways, including blocking IPs off of the server and setting up rules in Outlook. The problem is that other people, AOL users in this case, think that some jerk from kenclanton.com is spamming them when that is not the case. It is the reputation attached to my domain and therefore myself that is at stake. The perpetuator of these e-mails is using multiple domains hosted on different servers to send them. Although I can track down each of these domains and in most cases identify the hosting company, I cannot identify the organization that is actually creating the problem. In some cases, the domains that are sending the e-mail do not know their server is being used illegally for this purpose. The admins in these cases will usually try to find the security breach and close it. For domains that were created just for the purpose of sending the spam, I have been trying to get the hosting company to wipe their domains off the server. Unfortunately, the organization responsible for this can create new hosted domains and/or hack domains with security problems faster than I can close them down. What I really need is a way to get the source, but accomplishing that requires technical skills and resources that I do not have.

Collapse -

by Kinetechs In reply to Spam email and address sp ...

Unfortunately, there isn't a way to stop this since the original emails aren't from your server. It's a major problem right now. You can limit the number of NDRs going to your mailbox though by reconfiguring your Internet Mail Service and setting it to not deliver the NDRs. An external sender will still get an NDR if they try to send to a non-existant address on your system.

Good luck.
Sean

Collapse -

by Don Christner In reply to Spam email and address sp ...

There really isn't much more you can do, once they start spoofing your domain for return address. The only other thing that I would do is on the home page of my domain's site, I would put a message stating that the spamming is not from me. Explain that someone has been putting your domain in the return address and that you've done everything that you can to stop it. That way if people go to your site, they'll at least know that the spam is not from you.

Don

Collapse -

by pierrejamme In reply to Spam email and address sp ...

Ken:
Make sure you don't have a virus. Many of the new varietals will spoof your domain and send out e-mails.
a few are:W32/Bugbear.b@MM, W32/Klez.h@MM, W32/Mimail@MM, W32/Braid.b@MM, W32/Cazinat.worm.a, W32/Yaha.g@MM, and variants of each. I am sure this is only a partial listing.

Collapse -

by tech-help In reply to

Poster rated this answer.
Thanks for your answer, it was a possibility, but it is not a virus that is causing the problem. ViRobot does a full sweep of my system each day and is fully updated. Also, it would most likely be sending e-mails to people in my contact list and that has not happened. Plus, I have removed enough of these viruses from client's systems that I can't go to sleep some nights without seeing dropper files! Thanks for the help!

Back to Software Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums