Have you looked at the full header of the email to see where it originated?

Karl :)

An old version of Matt's formmail script in your cgibin is always a suspicion too.

Could be that one of your clients 'clients' has a virus and is mailing from his address list......
Pain in the 'proverbial' but, if you have the time, opening the header and advising the server, who will advise the infected, is useful.
Has happened to me, in as much as I rang a client to ask if they had a virus when they were about to ring me about the virus they had. Good public relations....

From recent experience you can't do much. I spent 2 days contacting isp's about this. They were able to shut down a few machines but it didn't stop. I was getting 5k returned emails per day from 5 different sites.

Here's all we could do to combat it. First in our case we had a default email address so anything@domain.com came to it. We had to implement specific email addresses for each site and black hole the rest. It's very stressful to go through this but after exhaustive research there's nothing else we could come up with to stop it. These spammers are using unknowing people's computers to send this garbage. Hope that helps.

natim,

Was hoping not to have to go that direction, but it is a smaller company and would not be that difficult to only allow active email accounts. But it does not solve the issue someone is "Portraying" to be from @domain.com .

But with the rampant email spoofing viruses and Spammers I don't feel it would be a huge issue.

I have not viewed the original headers in the email my client got but the Attached ATT.txt that has the following:

The original message was received at Thu, 4 Dec 2003 22:24:59 -0500 (EST) from smtpxx.xx.xx [****.xxx.6.39]

(not sure if its ok to post the exact info)
Is this the info needed?

Yes, do your ip lookup then whois to find contact information.Most have an abuse@ address for email but I didn't stop there.I dug until I found a phone number and called them in person. Took several days to do so and really didn't have much impact.
We had to resort to specific email addresses.
Good luck

I have someone doing that. The are using various aliases @ 2 of my domain names.
The bigger problem is that AOL has now blocked any email that comes from either of those domains.
One of the two domains is my main business domain name. Now I cannot use it to send mail to AOL clients.
The emails I have tracked go to online pharmacies. Somebody has to be able to track down these pharmacies and shut them down. It is VERY FRUSTRATING when someone can use my name and get me banned from sending email and these people can continue to operate and NOBODY can stop them. AOL has a place to make complaints about this type of abuse and I wrote them about it but no response.

I have this problem about twice per month with various clients.

More recently a lot of them trace to hosting companies in China. Legal advice I have received boils down to "good luck" trying to stop these people.

It appears a number of US based businesses (pharmacies and mortgage brokers seem to be big offenders) are using these oversees companies to broadcast their spam.

I've never had any luck trying to get the destination sites shut down.

Using the closed email strategy suggested above will help, keeping all valid email addresses off websites will help.

The biggest problem is how to deal with those email addresses these scum already know about.....short of making people change their email addresses (which is not popular) I don't see a 100% solution.