General discussion

Locked

Spammer using my domain name

By nsceml ·
I have a domain registered that is not live (no home page) but is set up through a domain registrar simply to forward all emails to a web email account.

The problem is that some spammer is using my domain name to send spam, and my web account is catching all the delivery failure notices.

The spammer does not have control of the domain, but is simply making it appear that emails are coming from my domain, which they are not.

I don't know how to stop this. The registrar is not any help and won't reply to my emails. Any ideas on how to proceed with stopping this action? Is there anything I can do?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by dmiles In reply to Spammer using my domain n ...

Here are some suggestions on what you can do.

(1) a. Contact your ISP or mail provider and make sure they understand
you're not involved. Using forged/bogus email addresses in the From: field
is common with spammers and your ISP/email admin *should* be able to tell
whether or not you're involved but some places are more clueless than
others.
b. If you own the domain being forged you may want to consider putting
a notice about the forgery on your main page (index.html, default.html,
etc.) and include a link to a page with a more detailed description of what
happened.

(2) a. To report the spammer/forger you'll need to find a bounce that
contains FULL headers and message text. Some bounces may contain no useful
information, others will contain abbreviated headers, and others will
contain the full bounced message. Determine the appropriate abuse
department(s) responsible for the message source and any URL's or email
addresses used as a contact point by the spammer.
b. You can use SpamCop to determine the appropriate addresses but don't
use it to send your complaint - you don't want to chance your report being
ignored because it arrives with other SpamCop reports about the same
incident. It could be counted as another 'strike' against their customer
but not read. SpamCop reports tend to be pretty much the same - most of the
time.

(3) a. Don't send 'spam' complaints -- send FORGERY complaints to the abuse
addresses. Many abuse departments will consider forgery a more serious TOS
violation than sending UCE.
b. i. Use the email address that was forged in order to establish that
you indeed have been forged.

Collapse -

by nsceml In reply to Spammer using my domain n ...

I am posting a header, can you tell where it is coming from?

----

-Apparently-To: XXXX@yahoo.com via 209.73.178.67; Sat, 06 Aug 2005 05:40:14 -0700
X-Originating-IP: [63.251.83.52]
Return-Path: <>
Authentication-Results: mta235.mail.scd.yahoo.com from=KSHGS.com; domainkeys=neutral (no sig)
Received: from 63.251.83.52 (EHLO eforward3.name-services.com) (63.251.83.52) by mta235.mail.scd.yahoo.com with SMTP; Sat, 06 Aug 2005 05:40:14 -0700
Received: from psmtp.com ([64.18.3.214]) by eforward3.name-services.com with Microsoft SMTPSVC(5.0.2195.6747); Sat, 6 Aug 2005 05:38:04 -0700
Received: from source ([216.64.30.170]) by exprod8ob4.obsmtp.com ([64.18.7.12]) with SMTP; Sat, 06 Aug 2005 05:38:36 PDT
From: postmaster@KSHGS.com Add to Address Book
To: fedoruk_qcgavytqc@(mydomain).net
Date: Sat, 6 Aug 2005 08:35:33 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C596CFEB37199100015041scooby.keiterste"
X-DSNContext: 335a7efd - 4460 - 00000001 - 80040546
Message-I <8s6tr516P0004ec69@scooby.keiterstephens.com>
Subject: Delivery Status Notification (Failure)
Return-Path: <>

And another:

X-Apparently-To: XXXXX@yahoo.com via 209.73.178.76; Sat, 06 Aug 2005 02:20:18 -0700
X-Originating-IP: [63.251.83.52]
Return-Path: <>
Authentication-Results: mta118.mail.dcn.yahoo.com from=olender.com; domainkeys=neutral (no sig)
Received: from 63.251.83.52 (EHLO eforward3.name-services.com) (63.251.83.52) by mta118.mail.dcn.yahoo.com with SMTP; Sat, 06 Aug 2005 02:20:18 -0700
Received: from psmtp.com ([64.18.3.217]) by eforward3.name-services.com with Microsoft SMTPSVC(5.0.2195.6713); Sat, 6 Aug 2005 02:19:56 -0700
Received: from source ([12.28.184.83]) by exprod8ob7.obsmtp.com ([64.18.7.12]) with SMTP; Sat, 06 Aug 2005 02:20:15 PDT
From: postmaster@olender.com Add to Address Book
To: UYQPKGFESFDMY@(mydomain).net

Collapse -

by JonathanPDX In reply to Spammer using my domain n ...

I have the same problem. Ask your ISP if they have any anti-spam tools installed. I contacted my ISP and they instructed me on how to set up my virtual domain's email to automatically bounce a "no such account" message back to where it came from. While not always getting back to where it came from, I don't see ANY of the messages at all, which is a wonderful thing. I did the same for a friend's email account with the same ISP and his SPAMS dropped from 1000 a day to just a few.

Back to Desktop Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums