|Can I Sue Spammers Who Misuse My Domains To Spam Others?|
Spammers Are Using My New Domains To Spam Others
| 8:24 am on Feb 19, 2006 (gmt 0)|
I registered about 50 new domain names 2 months ago and for the past few days I been receiving spams claiming to be coming from my domain names (all 50 of them) e.g. Sales@thenameofmydomain.com , Accounting@thenameofmydomain.com. The spam is about getting traffic to my sites.
It is clear to me that some SEO idiots out there are digging whois database to look for new sites to spam.
This will make me look bad in the eyes of those who do not know that the emails are not coming from me.
What can I do to stop this? Can I sue the spammers for defamation?
| 8:35 am on Feb 19, 2006 (gmt 0)|
I've had exactly the same thing, sales@, info@. accounting@.
Knowing that other people are getting it too makes me feel a lot happier. At least it shows that it's a spoof and not from my mail server (which would imply a worm - shudder!)
| 10:04 am on Feb 19, 2006 (gmt 0)|
|Knowing that other people are getting it too makes me feel a lot happier |
Thanks. I feel the same way. Webmasters might know this problem but I am not sure about the majority of Tom, Dick, and Harry out there.
| 1:33 pm on Feb 19, 2006 (gmt 0)|
I am also getting mails from sales, accounting (@mydomainname .com) for domain names which I have registered recently.
| 6:48 pm on Feb 19, 2006 (gmt 0)|
If they appear to be intended for your eyes, I don't think I'd worry about it.
If it appears that they are using your domain in the return address of mail sent to OTHERS, I'd be more concerned.
You will be able to tell if it is the latter if you are receiving "bounce" messages when emails are rejected by other servers.
I think, though, that, in this case, they are forging your return address to avoid them getting the bounce messages from YOUR servers. They don't know if your server accepts these addresses or not, so as a precaution, they use your own address for the return address. So, if you didn't accept the address, you would bounce to yourself, and not bother them.
I had this happen a few years ago, where somebody was sending out sexually-related spam using my domain name in the return address.
I offered a $100 reward, which was widely publicized by the technical press. Somebody actually tracked-down the spammer, and, ultimately, two anonymous $400 money orders arrived in the mail, claiming to be the spammer's profits. He also promised never to spam again.
(The spammer was advertising 1-900 lines. The 1-900 line provider forced the spammer to to disgorge his profits, under threat of having the lines shut off over night...)
I doubt this would work today, but you could give it a shot. :)
| 8:06 am on Feb 20, 2006 (gmt 0)|
I, too, have had this happen many times. I don't usually worry about it if a new domain won't become a website right away.
I did have a spoofing problem recently with one of my websites. The best thing I could figure to do was 1) report every spoof mail to the appropriate authorities with full headers and 2) add a page to my website explaining spoof and spam to my visitors, including how to tell the difference between spoof mail and real mail, and how to report the spoof mail. It seems to have helped a lot.
| 8:13 am on Feb 20, 2006 (gmt 0)|
This is also happening to me too.
are the emails configured with a catch-all pop account? In my case they are.
| 6:00 pm on Feb 20, 2006 (gmt 0)|
I don't think catch-all POP accounts are practical any more.
Unless you have no other choice, only accept mail sent to active addresses.
Catch-all accounts actually contribute to the spam problem. At least SOME spamming software packages will check to see if email is accepted, and remove the address from the list if it is not accepted.
This saves bandwidth for both you and the spammer. (The latter is why the spammer has incentive to do this. He can spam more accounts per minute if he purges addresses which are not accepted.)
| 7:47 pm on Feb 20, 2006 (gmt 0)|
|Catch-all accounts actually contribute to the spam problem. At least SOME spamming software packages will check to see if email is accepted, and remove the address from the list if it is not accepted. |
The bulk of the spam we receive has faked headers including a faked return address. Automatically replying or bouncing these emails just generates more spam for innocent third parties.
The only way these spammers can determine if the mail is received or not is to use a tracking code, embedded in an image, in Outlook turning off images should prevent the email 'talking to the website'
| 9:41 pm on Feb 20, 2006 (gmt 0)|
|The bulk of the spam we receive has faked headers including a faked return address. Automatically replying or bouncing these emails just generates more spam for innocent third parties. |
I wouldn't recommend replying or bouncing.
Just don't accept mail for addresses that aren't active.
But you should have your server reject the messages (without bouncing) using status codes. At minimum, this avoids having to store the mail and then download it. At best, some of the spam mailer packages will then remove the address from the list.
Your SMTP server does not HAVE to send bounce messages! The specification requires this ONLY if the server has replied with a 250 status code, indicating that it has accepted the mail. If the server accepts the mail, then the specification requires a bounce message if it is undeliverable. However, the server could also reply with some error code, and then is not required to send a bounce message.
(Note, however, that any SMTP server up the line that has relayed the message to your server, would then send a bounce message.)
Why repeatedly try to deliver mail that isn't being accepted? Some of the mailer packages are smart enough to do this. It's in their own interest.
| 11:31 pm on Feb 20, 2006 (gmt 0)|
The title of the thread was "Can I Sue Spammers Who Misuse My Domains To Spam Others?"
If Spammers are forging your email address in their headers so it appears you have sent the email, there is liitle point issuing a status code, bounce or reply to the emails that have initially been rejected and mistakenly routed back to you I would have thought.
|Note, however, that any SMTP server up the line that has relayed the message to your server, would then send a bounce message. |
Still more pointless traffic in this case.
| 5:03 am on Feb 21, 2006 (gmt 0)|
OK, let's address the original question.
Sure, you can sue them. Anybody can sue anybody for anything. :)
The real question is, would it be worth your while?
First you have to determine if it's really something that bad to sue over.
If it's just normal incoming spam, but the return address has been set to your address, why bother? That is, if the spammer is only using your address to send spam to YOU. And they use other people's return addresses when sending spam to THEM.
If it really is the case that somebody is using your address as the return address on massive spams, then maybe you have something worth suing over.
As I pointed out earlier, it's easy to tell which is the case. If you are getting bounce messages as a result of spam sent to others, you've got the second case. If you aren't getting bounce messages, you've got the first case.
OK, let's say you've got the second case.
First, you have to find the spammer. Good luck!
But, I found mine, so it's possible.
Next, is he in a place where it's convenient to sue? Do you have a good attorney in Nigeria?
OK, let's say you found him, and he's right here in the good ol' USA. Is he collectable?
Most spammers are miserable wretches, who are living below minimum wage.
But let's say you managed to get the Rich Jerk of spammers.
Guess what, he may be here, but I'll bet his money is overseas.
Bottom line, it probablly isn't worth it.